Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/I_89cpKoA-b3yYOPl0D1J6nQ8Ag.roa
File:                     I_89cpKoA-b3yYOPl0D1J6nQ8Ag.roa (raw, json)
Hash identifier:          41ErV6VbNDBgs9tRKu2b77WbZZ2Ce6GqGQ9Zqj4+uEA=
Subject key identifier:   23:FF:3D:72:92:A8:03:E6:F7:C9:83:8F:97:40:F5:27:A9:D0:F0:08
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0192B9D5EA1B8FCF427B4FD80537FF9C324A
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/I_89cpKoA-b3yYOPl0D1J6nQ8Ag.roa
Signing time:             Wed 23 Oct 2024 14:44:16 +0000
ROA not before:           Wed 23 Oct 2024 14:44:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49699
IP address blocks:        87.246.3.0/24 maxlen: 24
                          87.246.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b9:d5:ea:1b:8f:cf:42:7b:4f:d8:05:37:ff:9c:32:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Oct 23 14:44:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23ff3d7292a803e6f7c9838f9740f527a9d0f008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ad:ec:27:0c:eb:d3:01:7f:d1:1a:79:c2:f7:
                    ef:55:76:db:1d:24:62:f7:58:06:84:9f:e5:cb:16:
                    ba:14:f3:af:0f:c2:6e:ca:8d:f3:f6:09:b7:51:98:
                    58:cb:5b:98:82:67:9d:4e:d4:47:ae:53:96:f1:48:
                    91:06:7b:6e:de:f5:20:e6:4f:4f:58:69:f9:56:56:
                    59:ba:86:39:28:e6:20:07:87:32:d3:da:d2:84:81:
                    c1:5d:1e:66:3b:0c:77:c0:ba:cc:ee:85:96:0a:46:
                    8e:86:68:36:8e:39:e8:ba:a1:cc:aa:f0:f6:8b:98:
                    95:08:02:c7:e7:93:3e:97:ea:d5:e5:b0:e4:83:b7:
                    23:3d:42:df:d5:67:83:4b:44:2c:60:39:7c:fa:b7:
                    43:a1:55:9a:d0:f2:d5:df:4a:cc:c4:96:3c:4d:2f:
                    a7:c0:cd:99:5f:c2:4d:06:7c:74:da:db:c7:7e:6d:
                    68:85:fa:4f:39:3f:cc:05:33:85:d5:6d:11:93:e0:
                    39:83:16:2a:30:c7:1b:43:75:43:ab:ed:d6:67:88:
                    6b:57:1e:d5:e5:22:af:88:e1:c8:06:74:dc:5a:22:
                    f7:a8:1f:d7:52:79:89:0a:60:9d:d3:c3:77:87:d5:
                    e6:c3:70:a7:34:25:ed:2f:10:62:dc:02:13:99:ca:
                    d9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:FF:3D:72:92:A8:03:E6:F7:C9:83:8F:97:40:F5:27:A9:D0:F0:08
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/I_89cpKoA-b3yYOPl0D1J6nQ8Ag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.246.3.0/24
                  87.246.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:b4:e8:90:30:10:52:80:1f:85:01:78:62:d1:7d:bc:56:95:
         aa:52:4a:41:25:c1:e3:74:83:16:6a:db:c6:e4:1a:e8:f7:1d:
         64:e8:59:db:1d:73:2c:d2:a0:f6:e4:5e:42:69:db:e7:54:d0:
         ee:ce:9f:1f:b6:15:c4:ef:b2:47:48:c6:d2:74:f1:67:24:c7:
         d2:25:fe:20:10:5c:ae:f8:aa:06:16:2b:6f:82:47:55:3a:e4:
         58:ef:c7:4c:8a:59:81:e4:d4:29:c0:58:8b:35:61:a8:60:2c:
         ac:22:23:78:2d:c6:a4:27:f0:b9:20:93:8b:35:33:8b:01:08:
         d1:2a:b0:07:49:aa:da:2e:a4:93:97:3c:2e:49:fc:8f:9b:1e:
         a2:ae:e7:d0:13:18:78:a6:56:78:61:51:21:f5:14:83:a7:a4:
         dd:18:b0:05:45:ea:24:24:22:d4:c7:8a:bc:25:46:2f:69:d5:
         4d:c2:9f:55:3b:8f:1a:23:4e:eb:02:be:8a:97:5e:f5:7e:40:
         02:8f:73:97:46:25:d5:2b:73:07:11:73:df:0a:d4:27:d8:8f:
         01:a3:8f:5f:f8:87:65:35:e9:28:1f:23:b6:16:b6:dc:d1:32:
         39:ae:e5:ad:ce:96:c6:b5:4a:c5:89:f4:cd:3a:ee:98:d0:73:
         52:7b:78:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK51eobj89Ce0/YBTf/nDJKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQxMDIzMTQ0NDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2ZmM2Q3MjkyYTgwM2U2ZjdjOTgzOGY5NzQwZjUyN2E5ZDBmMDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA063sJwzr0wF/0Rp5wvfvVXbbHSRi
91gGhJ/lyxa6FPOvD8Juyo3z9gm3UZhYy1uYgmedTtRHrlOW8UiRBntu3vUg5k9P
WGn5VlZZuoY5KOYgB4cy09rShIHBXR5mOwx3wLrM7oWWCkaOhmg2jjnouqHMqvD2
i5iVCALH55M+l+rV5bDkg7cjPULf1WeDS0QsYDl8+rdDoVWa0PLV30rMxJY8TS+n
wM2ZX8JNBnx02tvHfm1ohfpPOT/MBTOF1W0Rk+A5gxYqMMcbQ3VDq+3WZ4hrVx7V
5SKviOHIBnTcWiL3qB/XUnmJCmCd08N3h9Xmw3CnNCXtLxBi3AITmcrZfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCP/PXKSqAPm98mDj5dA9Sep0PAIMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvSV84OWNwS29BLWIzeVlPUGwwRDFKNm5ROEFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/YDAwQA
V/YYMA0GCSqGSIb3DQEBCwUAA4IBAQAitOiQMBBSgB+FAXhi0X28VpWqUkpBJcHj
dIMWatvG5Bro9x1k6FnbHXMs0qD25F5CadvnVNDuzp8fthXE77JHSMbSdPFnJMfS
Jf4gEFyu+KoGFitvgkdVOuRY78dMilmB5NQpwFiLNWGoYCysIiN4LcakJ/C5IJOL
NTOLAQjRKrAHSaraLqSTlzwuSfyPmx6irufQExh4plZ4YVEh9RSDp6TdGLAFReok
JCLUx4q8JUYvadVNwp9VO48aI07rAr6Kl171fkACj3OXRiXVK3MHEXPfCtQn2I8B
o49f+IdlNekoHyO2Frbc0TI5ruWtzpbGtUrFifTNOu6Y0HNSe3jr
-----END CERTIFICATE-----