Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/52d0fe-cc6e-41d9-9643-c5d360fcdf0e/1/1-y0u6Yq2w_8IaZDUvagpby2ty6k.roa
File:                     1-y0u6Yq2w_8IaZDUvagpby2ty6k.roa (raw, json)
Hash identifier:          HU6M0wNTCNYVNeaQX7PH25SQOQ5cNWhTJgSEofnSA3w=
Subject key identifier:   FB:2D:2E:E9:8A:B6:C3:FF:08:69:90:D4:BD:A8:29:6F:2D:AD:CB:A9
Certificate issuer:       /CN=a7f66522f403d8c994a484682870799417ce1e81
Certificate serial:       018CC6B839127BCE73BE2CE2CC45BD6618AE
Authority key identifier: A7:F6:65:22:F4:03:D8:C9:94:A4:84:68:28:70:79:94:17:CE:1E:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_ZlIvQD2MmUpIRoKHB5lBfOHoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/52d0fe-cc6e-41d9-9643-c5d360fcdf0e/1/1-y0u6Yq2w_8IaZDUvagpby2ty6k.roa
Signing time:             Mon 01 Jan 2024 20:30:11 +0000
ROA not before:           Mon 01 Jan 2024 20:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60815
IP address blocks:        185.89.90.0/24 maxlen: 24
                          185.89.90.0/23 maxlen: 23
                          185.89.89.0/24 maxlen: 24
                          185.89.88.0/24 maxlen: 24
                          185.89.88.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/52d0fe-cc6e-41d9-9643-c5d360fcdf0e/1/p_ZlIvQD2MmUpIRoKHB5lBfOHoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/52d0fe-cc6e-41d9-9643-c5d360fcdf0e/1/p_ZlIvQD2MmUpIRoKHB5lBfOHoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_ZlIvQD2MmUpIRoKHB5lBfOHoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:39:12:7b:ce:73:be:2c:e2:cc:45:bd:66:18:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f66522f403d8c994a484682870799417ce1e81
        Validity
            Not Before: Jan  1 20:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb2d2ee98ab6c3ff086990d4bda8296f2dadcba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:cf:e9:bb:14:93:2e:c7:1f:df:c6:64:9e:fe:
                    22:87:51:05:b9:61:23:97:45:fc:b5:85:00:de:f8:
                    88:71:2e:24:f7:e3:8f:1e:b5:ae:3b:18:b0:2b:48:
                    e5:4e:8a:f9:71:0a:90:e5:bf:5d:4d:24:65:1c:f7:
                    95:9c:06:bd:bb:85:d1:a4:e5:06:13:77:97:1d:a2:
                    57:b6:a5:5d:80:dd:c2:c5:a9:92:94:55:fd:bb:bf:
                    b7:83:15:48:f7:3c:9d:66:ee:d1:5a:94:0f:c7:fc:
                    80:af:20:fb:8c:3c:c0:9d:6d:ef:ac:f4:f7:52:35:
                    79:56:fe:f2:dd:a1:2e:d7:0e:f5:6c:29:53:ea:9d:
                    e4:93:92:16:27:48:40:2c:05:e3:b0:c9:06:5d:92:
                    40:f5:95:2e:c8:73:16:6a:19:c4:6f:87:6a:00:ac:
                    4c:d9:c7:f1:c9:1b:b7:ef:27:18:4a:68:88:d2:92:
                    e9:0e:1c:34:ec:44:6c:b8:e5:b7:5d:7f:d6:4d:ad:
                    1a:ba:a8:ea:3b:b7:e1:57:bf:69:01:93:e6:19:2f:
                    16:e4:ea:b2:66:36:27:12:f8:cb:8f:23:82:a0:f1:
                    ea:4d:96:a2:41:86:18:b1:f4:ea:c3:8e:50:2e:73:
                    23:2e:73:b1:0a:9a:e3:67:a5:5f:c7:17:40:46:4b:
                    d3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2D:2E:E9:8A:B6:C3:FF:08:69:90:D4:BD:A8:29:6F:2D:AD:CB:A9
            X509v3 Authority Key Identifier:
                keyid:A7:F6:65:22:F4:03:D8:C9:94:A4:84:68:28:70:79:94:17:CE:1E:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_ZlIvQD2MmUpIRoKHB5lBfOHoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/52d0fe-cc6e-41d9-9643-c5d360fcdf0e/1/1-y0u6Yq2w_8IaZDUvagpby2ty6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/52d0fe-cc6e-41d9-9643-c5d360fcdf0e/1/p_ZlIvQD2MmUpIRoKHB5lBfOHoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:35:7b:cd:6d:e5:b1:cf:1e:4f:b6:f1:f7:4a:13:67:de:ab:
         b5:0d:8d:a5:49:87:d8:17:67:28:ce:cd:12:1e:4a:8c:69:3b:
         b3:d0:f5:fe:25:e1:12:a1:d0:76:be:4e:b9:cb:92:e0:ca:7d:
         c4:3d:64:d8:77:29:53:c7:fb:be:ea:2d:98:ce:9b:de:58:2f:
         a7:50:91:62:7f:e3:dd:e3:31:ae:37:45:7f:3e:95:7e:6d:22:
         57:d2:3e:d5:c1:eb:2e:96:c1:ca:13:c4:3b:a8:e6:f8:b4:f8:
         ad:f7:93:11:1e:4e:42:d2:12:65:12:85:c2:c7:7e:11:38:3c:
         93:d3:9c:6e:ed:52:ed:75:6b:9f:e9:02:62:57:5d:32:e2:03:
         1e:57:5f:84:f8:fb:b7:27:8e:ea:b8:ab:09:26:7f:15:25:20:
         78:07:2a:c7:0d:f0:aa:8c:8c:1c:29:c0:26:59:d9:0f:e4:ba:
         74:94:32:49:20:a1:04:6c:e6:98:3f:49:bf:0a:1b:70:77:25:
         ad:6e:68:38:71:c5:80:24:f2:c9:69:32:03:0d:69:ec:0a:ca:
         1c:62:c3:4e:e2:cd:8c:8b:88:5b:99:a9:bb:8c:d0:e4:1f:4b:
         6d:f2:03:d5:f8:01:6a:1c:2c:f4:31:11:9e:59:c1:6c:35:41:
         2f:ca:09:ac
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuDkSe85zvizizEW9ZhiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZjY2NTIyZjQwM2Q4Yzk5NGE0ODQ2ODI4NzA3OTk0MTdj
ZTFlODEwHhcNMjQwMTAxMjAzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJkMmVlOThhYjZjM2ZmMDg2OTkwZDRiZGE4Mjk2ZjJkYWRjYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc/puxSTLscf38Zknv4ih1EFuWEj
l0X8tYUA3viIcS4k9+OPHrWuOxiwK0jlTor5cQqQ5b9dTSRlHPeVnAa9u4XRpOUG
E3eXHaJXtqVdgN3CxamSlFX9u7+3gxVI9zydZu7RWpQPx/yAryD7jDzAnW3vrPT3
UjV5Vv7y3aEu1w71bClT6p3kk5IWJ0hALAXjsMkGXZJA9ZUuyHMWahnEb4dqAKxM
2cfxyRu37ycYSmiI0pLpDhw07ERsuOW3XX/WTa0auqjqO7fhV79pAZPmGS8W5Oqy
ZjYnEvjLjyOCoPHqTZaiQYYYsfTqw45QLnMjLnOxCprjZ6VfxxdARkvTewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPstLumKtsP/CGmQ1L2oKW8trcupMB8GA1UdIwQY
MBaAFKf2ZSL0A9jJlKSEaChweZQXzh6BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9abEl2UUQyTW1VcElSb0tIQjVsQmZPSG9FLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81MmQwZmUtY2M2ZS00MWQ5LTk2NDMt
YzVkMzYwZmNkZjBlLzEvMS15MHU2WXEyd184SWFaRFV2YWdwYnkydHk2ay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzkvNTJkMGZlLWNjNmUtNDFkOS05NjQzLWM1ZDM2MGZjZGYw
ZS8xL3BfWmxJdlFEMk1tVXBJUm9LSEI1bEJmT0hvRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlZWDAN
BgkqhkiG9w0BAQsFAAOCAQEASzV7zW3lsc8eT7bx90oTZ96rtQ2NpUmH2BdnKM7N
Eh5KjGk7s9D1/iXhEqHQdr5OucuS4Mp9xD1k2HcpU8f7vuotmM6b3lgvp1CRYn/j
3eMxrjdFfz6Vfm0iV9I+1cHrLpbByhPEO6jm+LT4rfeTER5OQtISZRKFwsd+ETg8
k9Ocbu1S7XVrn+kCYlddMuIDHldfhPj7tyeO6rirCSZ/FSUgeAcqxw3wqoyMHCnA
JlnZD+S6dJQySSChBGzmmD9JvwobcHclrW5oOHHFgCTyyWkyAw1p7ArKHGLDTuLN
jIuIW5mpu4zQ5B9LbfID1fgBahws9DERnlnBbDVBL8oJrA==
-----END CERTIFICATE-----