Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/Ru5pT3fFhWiJARMLny8G8HoUSwY.roa
File:                     Ru5pT3fFhWiJARMLny8G8HoUSwY.roa (raw, json)
Hash identifier:          nNSIAvHr6jAf4wxPCF/ribQ5BYSIX/j6WTvOqSD71Vs=
Subject key identifier:   46:EE:69:4F:77:C5:85:68:89:01:13:0B:9F:2F:06:F0:7A:14:4B:06
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       018CCA2A925FA2A5A79FA1846F60F0EE5416
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/Ru5pT3fFhWiJARMLny8G8HoUSwY.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62044
IP address blocks:        89.167.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:92:5f:a2:a5:a7:9f:a1:84:6f:60:f0:ee:54:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46ee694f77c585688901130b9f2f06f07a144b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e7:02:b0:87:30:b9:99:81:ce:4e:dc:3c:bb:
                    6f:1a:42:6f:df:a0:69:71:28:a6:16:31:25:6d:92:
                    66:43:b1:17:d4:b4:55:77:0d:eb:0c:f6:1d:a9:1d:
                    10:21:f4:b1:e6:ce:e8:c5:98:dc:cf:bb:ce:91:7d:
                    2c:80:90:ee:f0:00:db:52:5c:85:96:a0:71:a4:4d:
                    55:27:05:da:20:64:37:4d:aa:2d:67:dd:b6:fd:ca:
                    72:ae:56:98:56:ac:aa:d9:56:6d:f0:eb:40:d6:f0:
                    ae:b3:de:f9:2d:72:61:04:40:cb:45:f0:7c:cb:e5:
                    f2:01:fb:55:a0:77:d0:61:f6:12:b2:42:53:6b:37:
                    c4:03:06:1d:bd:00:0c:f8:7b:40:cd:be:7b:eb:99:
                    8c:39:2a:b8:f3:98:13:10:ea:d2:9e:ee:7c:a8:12:
                    c7:3a:b1:26:0c:f3:86:fd:98:da:b7:ec:2b:db:96:
                    5a:30:98:6d:98:02:95:24:2e:0a:f6:34:a7:51:d8:
                    80:39:6d:98:ea:d5:44:d9:ce:b2:f9:30:1b:c6:15:
                    3b:75:c3:4d:90:b4:52:b2:76:d5:f4:f8:1a:6e:0f:
                    24:b2:dd:1c:b9:c2:b8:fc:67:45:cd:c5:19:81:cf:
                    75:bc:ea:4a:90:e0:2d:9c:0d:91:19:eb:26:29:ec:
                    cb:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:EE:69:4F:77:C5:85:68:89:01:13:0B:9F:2F:06:F0:7A:14:4B:06
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/Ru5pT3fFhWiJARMLny8G8HoUSwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.167.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:1f:53:1c:a9:f2:b7:3b:96:b2:f2:b1:98:71:b8:93:59:d7:
         6f:56:a7:10:aa:d0:8d:fc:16:e4:00:d7:02:76:1e:c6:17:5d:
         57:8d:70:bb:c5:ac:77:04:f3:55:cd:62:36:1b:42:f2:18:4f:
         f4:f9:b6:ee:3b:15:fb:95:49:19:23:27:09:ad:cd:3c:e6:85:
         3f:f4:a1:79:dd:26:f3:30:0d:9a:6a:e8:f2:67:a0:35:70:21:
         4e:5c:1e:71:fa:38:bf:02:a9:8c:1b:23:12:b4:f4:17:78:5a:
         38:0c:2a:9a:29:21:e6:36:ff:d5:67:60:1c:77:3a:77:9b:68:
         24:ea:86:5f:92:b9:c3:33:6d:13:9f:05:7a:e7:21:1d:a4:18:
         f1:44:62:cf:81:44:f0:13:90:ce:05:af:da:83:77:05:6b:7d:
         25:d9:ca:3a:50:f0:dd:11:85:09:9e:cb:b0:f7:89:1d:ab:b6:
         a1:f9:fe:fd:e7:68:9d:8c:59:41:a8:3e:16:f6:fa:fd:79:4f:
         d0:ed:a2:08:73:16:b5:45:91:29:79:b9:77:18:a7:79:86:cf:
         24:d0:34:bf:5d:dd:8f:20:c9:00:83:51:2c:33:1c:5a:dd:bc:
         62:17:34:10:b0:a7:df:a1:60:62:b4:70:fc:e6:e8:d0:fa:ae:
         97:e1:af:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpJfoqWnn6GEb2Dw7lQWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmVlNjk0Zjc3YzU4NTY4ODkwMTEzMGI5ZjJmMDZmMDdhMTQ0YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+cCsIcwuZmBzk7cPLtvGkJv36Bp
cSimFjElbZJmQ7EX1LRVdw3rDPYdqR0QIfSx5s7oxZjcz7vOkX0sgJDu8ADbUlyF
lqBxpE1VJwXaIGQ3TaotZ922/cpyrlaYVqyq2VZt8OtA1vCus975LXJhBEDLRfB8
y+XyAftVoHfQYfYSskJTazfEAwYdvQAM+HtAzb5765mMOSq485gTEOrSnu58qBLH
OrEmDPOG/Zjat+wr25ZaMJhtmAKVJC4K9jSnUdiAOW2Y6tVE2c6y+TAbxhU7dcNN
kLRSsnbV9Pgabg8kst0cucK4/GdFzcUZgc91vOpKkOAtnA2RGesmKezLRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbuaU93xYVoiQETC58vBvB6FEsGMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvUnU1cFQzZkZoV2lKQVJNTG55OEc4SG9VU3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWaeDMA0G
CSqGSIb3DQEBCwUAA4IBAQBEH1McqfK3O5ay8rGYcbiTWddvVqcQqtCN/BbkANcC
dh7GF11XjXC7xax3BPNVzWI2G0LyGE/0+bbuOxX7lUkZIycJrc085oU/9KF53Sbz
MA2aaujyZ6A1cCFOXB5x+ji/AqmMGyMStPQXeFo4DCqaKSHmNv/VZ2Acdzp3m2gk
6oZfkrnDM20TnwV65yEdpBjxRGLPgUTwE5DOBa/ag3cFa30l2co6UPDdEYUJnsuw
94kdq7ah+f7952idjFlBqD4W9vr9eU/Q7aIIcxa1RZEpebl3GKd5hs8k0DS/Xd2P
IMkAg1EsMxxa3bxiFzQQsKffoWBitHD85ujQ+q6X4a/l
-----END CERTIFICATE-----