Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/y19d9mLYEwnaQFrYY-KiaJDTT7Y.roa
File:                     y19d9mLYEwnaQFrYY-KiaJDTT7Y.roa (raw, json)
Hash identifier:          /FU0vTmK/MHqgbVfmXfxMVXHyd02mSJ/5+msPlk/B3c=
Subject key identifier:   CB:5F:5D:F6:62:D8:13:09:DA:40:5A:D8:63:E2:A2:68:90:D3:4F:B6
Certificate issuer:       /CN=c1b050211219d18e996e086cb7f6309178804860
Certificate serial:       018CC6B8B496F1BAEAFC18CAFBC60DAED1EA
Authority key identifier: C1:B0:50:21:12:19:D1:8E:99:6E:08:6C:B7:F6:30:91:78:80:48:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/y19d9mLYEwnaQFrYY-KiaJDTT7Y.roa
Signing time:             Mon 01 Jan 2024 20:30:42 +0000
ROA not before:           Mon 01 Jan 2024 20:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62144
IP address blocks:        89.108.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b4:96:f1:ba:ea:fc:18:ca:fb:c6:0d:ae:d1:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1b050211219d18e996e086cb7f6309178804860
        Validity
            Not Before: Jan  1 20:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb5f5df662d81309da405ad863e2a26890d34fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:90:3b:2b:cf:a3:17:95:c2:78:50:46:0d:40:
                    03:86:ba:42:6a:22:c6:43:49:3f:35:d6:6f:0c:02:
                    9b:e2:e2:db:37:76:c4:62:2b:fa:b0:2d:f5:da:11:
                    83:61:3c:7d:2b:41:30:50:84:d1:fc:08:54:1c:38:
                    83:2e:05:80:e3:22:08:09:99:b7:5e:3a:0d:5a:5d:
                    8e:3b:71:13:07:fd:43:b0:5e:dd:71:cc:c1:f8:16:
                    90:c9:93:3f:23:20:fe:98:71:f4:3b:de:c6:92:37:
                    01:ca:9f:af:e9:60:c8:c0:ea:89:85:da:cd:86:b0:
                    12:f7:2f:c3:8f:5f:e9:82:0a:a8:5c:d0:23:b7:0b:
                    a9:2e:aa:c0:34:a7:08:10:ee:fb:2d:4d:a7:3a:80:
                    af:c9:f4:84:a6:eb:41:cb:7b:22:53:33:66:35:20:
                    9b:c4:98:f8:78:45:e9:d0:2f:78:49:1e:4b:32:42:
                    a7:99:43:1e:c0:5a:ca:61:69:e3:00:02:3f:8d:f1:
                    3a:3c:56:7f:a4:1d:41:ac:11:97:3b:7f:13:c4:48:
                    0c:c6:12:bb:65:ff:ba:02:5f:cc:75:3c:5d:63:65:
                    5d:00:ec:e1:6e:1e:0a:74:ec:74:10:2c:1a:75:d8:
                    97:a7:a5:b1:27:85:41:21:ae:d9:c0:d4:6f:4d:4d:
                    91:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:5F:5D:F6:62:D8:13:09:DA:40:5A:D8:63:E2:A2:68:90:D3:4F:B6
            X509v3 Authority Key Identifier:
                keyid:C1:B0:50:21:12:19:D1:8E:99:6E:08:6C:B7:F6:30:91:78:80:48:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/y19d9mLYEwnaQFrYY-KiaJDTT7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.108.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:81:4c:de:c1:74:a6:bd:88:30:04:b0:db:e9:0c:0c:de:59:
         90:85:eb:6a:ca:ca:10:27:bf:49:60:9a:e9:97:78:ac:db:8f:
         bd:1e:ba:2b:d2:78:84:76:a7:fc:c3:1c:ce:25:c4:0c:f7:ee:
         1e:f3:f2:c8:6d:f1:b4:d3:65:25:3d:1e:ce:00:2b:be:8b:98:
         f5:ee:b8:9d:31:a2:c6:d7:ab:ec:54:1b:86:c6:c8:e5:5b:13:
         c6:15:68:2b:d5:d0:f4:b2:37:3d:85:d2:ad:ff:84:36:be:b0:
         15:71:88:58:ba:47:00:ad:2e:fb:8b:44:2d:d4:1e:88:fa:7f:
         fc:30:9a:2d:af:0b:a0:c0:7f:30:81:88:14:04:08:d0:fd:9c:
         91:41:45:ec:f0:19:8d:02:30:8b:05:2c:89:2e:3a:5d:05:ca:
         28:ba:37:4d:1b:b0:e0:0a:97:8d:3d:17:53:bc:c7:1f:52:dd:
         7b:4b:92:3e:07:c6:32:4f:2f:73:ec:7e:4c:3c:00:7a:b0:b6:
         0d:b7:19:0f:3e:5c:6b:2f:f9:63:64:8c:be:a8:2e:33:c2:5c:
         fe:a9:6b:ba:36:e9:ec:d0:78:3a:2f:11:2e:4b:56:22:38:6f:
         b8:6f:90:60:cc:86:63:e1:f9:a2:81:f2:8a:55:28:24:c8:67:
         23:ca:15:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuLSW8brq/BjK+8YNrtHqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYjA1MDIxMTIxOWQxOGU5OTZlMDg2Y2I3ZjYzMDkxNzg4
MDQ4NjAwHhcNMjQwMTAxMjAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjVmNWRmNjYyZDgxMzA5ZGE0MDVhZDg2M2UyYTI2ODkwZDM0ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJA7K8+jF5XCeFBGDUADhrpCaiLG
Q0k/NdZvDAKb4uLbN3bEYiv6sC312hGDYTx9K0EwUITR/AhUHDiDLgWA4yIICZm3
XjoNWl2OO3ETB/1DsF7dcczB+BaQyZM/IyD+mHH0O97GkjcByp+v6WDIwOqJhdrN
hrAS9y/Dj1/pggqoXNAjtwupLqrANKcIEO77LU2nOoCvyfSEputBy3siUzNmNSCb
xJj4eEXp0C94SR5LMkKnmUMewFrKYWnjAAI/jfE6PFZ/pB1BrBGXO38TxEgMxhK7
Zf+6Al/MdTxdY2VdAOzhbh4KdOx0ECwaddiXp6WxJ4VBIa7ZwNRvTU2RhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtfXfZi2BMJ2kBa2GPiomiQ00+2MB8GA1UdIwQY
MBaAFMGwUCESGdGOmW4IbLf2MJF4gEhgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2JCUUlSSVowWTZaYmdoc3RfWXdrWGlBU0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yOGE4ZjMtODg5ZS00NTQ5LWE0NGUt
Y2UyMjUxODdmYzM4LzEveTE5ZDltTFlFd25hUUZyWVktS2lhSkRUVDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yOGE4ZjMtODg5ZS00NTQ5LWE0NGUtY2UyMjUxODdmYzM4
LzEvd2JCUUlSSVowWTZaYmdoc3RfWXdrWGlBU0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWyIMA0G
CSqGSIb3DQEBCwUAA4IBAQCOgUzewXSmvYgwBLDb6QwM3lmQhetqysoQJ79JYJrp
l3is24+9Hror0niEdqf8wxzOJcQM9+4e8/LIbfG002UlPR7OACu+i5j17ridMaLG
16vsVBuGxsjlWxPGFWgr1dD0sjc9hdKt/4Q2vrAVcYhYukcArS77i0Qt1B6I+n/8
MJotrwugwH8wgYgUBAjQ/ZyRQUXs8BmNAjCLBSyJLjpdBcooujdNG7DgCpeNPRdT
vMcfUt17S5I+B8YyTy9z7H5MPAB6sLYNtxkPPlxrL/ljZIy+qC4zwlz+qWu6Nuns
0Hg6LxEuS1YiOG+4b5BgzIZj4fmigfKKVSgkyGcjyhVi
-----END CERTIFICATE-----