Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/iUBIyNh5SBSpp8vGpeErDc1IkzM.roa
File:                     iUBIyNh5SBSpp8vGpeErDc1IkzM.roa (raw, json)
Hash identifier:          kMAfmTLNEE6AIWja94Oabpd/KLf2028nKr9kd+cJQYY=
Subject key identifier:   89:40:48:C8:D8:79:48:14:A9:A7:CB:C6:A5:E1:2B:0D:CD:48:93:33
Certificate issuer:       /CN=4e5ebb9b051ad5ec7a36989fc3fcc94c1cabcc74
Certificate serial:       018CC8DF00548A5AF067C44F13491289BA25
Authority key identifier: 4E:5E:BB:9B:05:1A:D5:EC:7A:36:98:9F:C3:FC:C9:4C:1C:AB:CC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/iUBIyNh5SBSpp8vGpeErDc1IkzM.roa
Signing time:             Tue 02 Jan 2024 06:31:46 +0000
ROA not before:           Tue 02 Jan 2024 06:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41310
IP address blocks:        89.249.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:00:54:8a:5a:f0:67:c4:4f:13:49:12:89:ba:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5ebb9b051ad5ec7a36989fc3fcc94c1cabcc74
        Validity
            Not Before: Jan  2 06:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=894048c8d8794814a9a7cbc6a5e12b0dcd489333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ad:d6:61:b8:35:34:05:d2:54:1c:57:f0:51:
                    50:64:c7:50:90:32:0d:16:54:0a:d7:25:55:51:9e:
                    1e:46:43:c8:93:0d:72:f2:65:db:b4:96:97:63:ec:
                    da:05:e5:97:1a:e9:42:1e:42:ec:48:f5:fe:e6:9e:
                    2d:c3:96:20:92:21:75:b3:e1:cf:d3:e1:b6:25:b7:
                    ad:d6:21:ff:0a:99:9e:a2:d8:8d:11:12:01:c5:34:
                    57:0e:41:0c:6e:dd:93:ae:c1:14:0e:25:89:4a:ad:
                    46:fa:07:6e:1c:4f:38:a1:98:33:94:fb:13:4d:95:
                    2f:72:39:ae:38:71:5d:7b:f9:8e:71:a2:ec:0d:ba:
                    ac:6b:ac:41:ec:47:0b:4b:d4:4e:2f:94:30:2f:7f:
                    80:fb:98:33:14:f6:24:45:8d:49:4b:7e:7d:85:25:
                    01:c7:8a:ba:c0:c3:2d:9d:7c:b8:31:f6:62:c5:2a:
                    0d:12:24:ea:f7:9f:71:d0:ae:67:12:ca:fb:f5:db:
                    f9:27:20:3b:27:62:66:f9:68:cb:be:6b:23:d0:10:
                    d0:13:cb:f2:14:9d:1f:ce:b8:dd:74:31:54:a8:85:
                    e1:32:88:c7:95:b3:4e:7a:19:86:4f:af:0d:33:ca:
                    71:17:ea:ce:13:21:dd:40:5b:45:67:ef:51:9e:cc:
                    a9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:40:48:C8:D8:79:48:14:A9:A7:CB:C6:A5:E1:2B:0D:CD:48:93:33
            X509v3 Authority Key Identifier:
                keyid:4E:5E:BB:9B:05:1A:D5:EC:7A:36:98:9F:C3:FC:C9:4C:1C:AB:CC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/iUBIyNh5SBSpp8vGpeErDc1IkzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:73:9e:ec:a6:1f:ec:81:aa:d9:2d:9d:45:92:c9:b1:68:66:
         44:14:df:3d:37:24:fd:76:0f:03:7d:2d:53:c9:96:ba:3c:67:
         8a:f2:4b:e7:38:a7:b5:a9:55:e9:f6:e3:50:ee:28:e1:70:11:
         41:05:4e:b0:41:6b:da:21:9d:8e:d3:8a:69:32:71:c9:21:3a:
         b4:69:7e:ac:35:87:9b:c1:79:a8:44:c0:95:7b:38:0c:fc:10:
         bc:cf:5a:06:db:2d:81:ab:fe:13:ce:cd:c3:51:2f:e6:b8:67:
         ca:2d:e4:90:f5:1e:99:ca:a4:cb:fb:bf:30:65:5b:9f:a4:a5:
         34:70:3f:a8:c7:87:46:73:ba:f2:9e:3d:dc:0c:63:ed:69:17:
         78:d9:c3:5d:8f:45:66:bc:6c:bc:c3:28:17:cf:2d:7a:9f:7d:
         83:11:bf:06:9c:c0:cc:8a:d4:1b:84:b9:4a:a9:51:e0:e8:db:
         3c:e4:88:01:f5:d7:cc:b9:10:7f:d2:bd:3f:8e:ee:8d:21:68:
         2d:26:cc:07:07:69:03:3e:3c:9b:19:6e:45:e3:28:60:0e:94:
         69:45:96:59:a0:39:78:70:2b:ee:89:93:5e:fc:fa:cd:be:49:
         da:89:d0:2e:9b:e9:f5:b2:07:21:9d:de:29:81:21:25:1c:ee:
         4e:1c:74:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3wBUilrwZ8RPE0kSibolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWViYjliMDUxYWQ1ZWM3YTM2OTg5ZmMzZmNjOTRjMWNh
YmNjNzQwHhcNMjQwMTAyMDYzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQwNDhjOGQ4Nzk0ODE0YTlhN2NiYzZhNWUxMmIwZGNkNDg5MzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK3WYbg1NAXSVBxX8FFQZMdQkDIN
FlQK1yVVUZ4eRkPIkw1y8mXbtJaXY+zaBeWXGulCHkLsSPX+5p4tw5YgkiF1s+HP
0+G2Jbet1iH/CpmeotiNERIBxTRXDkEMbt2TrsEUDiWJSq1G+gduHE84oZgzlPsT
TZUvcjmuOHFde/mOcaLsDbqsa6xB7EcLS9ROL5QwL3+A+5gzFPYkRY1JS359hSUB
x4q6wMMtnXy4MfZixSoNEiTq959x0K5nEsr79dv5JyA7J2Jm+WjLvmsj0BDQE8vy
FJ0fzrjddDFUqIXhMojHlbNOehmGT68NM8pxF+rOEyHdQFtFZ+9Rnsyp1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlASMjYeUgUqafLxqXhKw3NSJMzMB8GA1UdIwQY
MBaAFE5eu5sFGtXsejaYn8P8yUwcq8x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGw2N213VWExZXg2TnBpZndfekpUQnlyekhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lYzE3MjEtNzVjNS00MGY1LTkzNDUt
YzJmZDBmOTU4ZDRiLzEvaVVCSXlOaDVTQlNwcDh2R3BlRXJEYzFJa3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lYzE3MjEtNzVjNS00MGY1LTkzNDUtYzJmZDBmOTU4ZDRi
LzEvVGw2N213VWExZXg2TnBpZndfekpUQnlyekhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfkwMA0G
CSqGSIb3DQEBCwUAA4IBAQCUc57sph/sgarZLZ1FksmxaGZEFN89NyT9dg8DfS1T
yZa6PGeK8kvnOKe1qVXp9uNQ7ijhcBFBBU6wQWvaIZ2O04ppMnHJITq0aX6sNYeb
wXmoRMCVezgM/BC8z1oG2y2Bq/4Tzs3DUS/muGfKLeSQ9R6ZyqTL+78wZVufpKU0
cD+ox4dGc7rynj3cDGPtaRd42cNdj0VmvGy8wygXzy16n32DEb8GnMDMitQbhLlK
qVHg6Ns85IgB9dfMuRB/0r0/ju6NIWgtJswHB2kDPjybGW5F4yhgDpRpRZZZoDl4
cCvuiZNe/PrNvknaidAum+n1sgchnd4pgSElHO5OHHTA
-----END CERTIFICATE-----