Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/uaQl9fIG7wYnk4sEE7D4hHgn1Fo.roa
File:                     uaQl9fIG7wYnk4sEE7D4hHgn1Fo.roa (raw, json)
Hash identifier:          TXeYVn4gXm7PzuXgFKoniOj7kHYGLsJ+qZWCk6uTAKw=
Subject key identifier:   B9:A4:25:F5:F2:06:EF:06:27:93:8B:04:13:B0:F8:84:78:27:D4:5A
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018D7DC67A598EE7EEB79B424F36355A6D24
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/uaQl9fIG7wYnk4sEE7D4hHgn1Fo.roa
Signing time:             Tue 06 Feb 2024 09:36:15 +0000
ROA not before:           Tue 06 Feb 2024 09:36:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60627
IP address blocks:        185.83.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:c6:7a:59:8e:e7:ee:b7:9b:42:4f:36:35:5a:6d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Feb  6 09:36:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9a425f5f206ef0627938b0413b0f8847827d45a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ee:a3:a5:89:66:a9:dd:61:01:8e:e8:a4:28:
                    5f:11:0a:71:45:e9:a4:c3:55:39:d5:9e:78:9a:54:
                    f9:91:46:29:68:6c:38:28:ef:9e:0a:ab:48:90:f1:
                    03:e0:07:72:b5:f4:01:12:74:cb:3d:54:9d:b8:68:
                    17:2b:52:ed:62:61:0e:ea:73:19:fc:91:68:0f:59:
                    05:87:45:01:86:f5:26:34:43:dc:11:26:27:3a:84:
                    3f:54:8b:54:5e:0b:9e:ca:e0:4c:e6:e6:84:45:56:
                    fe:6b:7c:18:0f:16:30:05:d8:38:8d:86:c4:95:0a:
                    a7:a9:f4:08:fc:86:d3:06:1a:c5:78:25:ba:0e:9b:
                    cf:ae:49:db:2f:07:18:9e:8f:77:b1:1e:39:28:15:
                    be:a1:8b:92:6d:96:54:fa:6b:30:ef:b5:38:59:6c:
                    9e:7f:27:d5:6e:1c:f5:28:dd:cd:23:59:52:7c:0d:
                    4b:a7:1e:f1:3c:f0:de:d1:cb:b7:8b:0c:5e:df:b5:
                    9f:66:6c:f8:dc:d8:2a:55:96:77:ea:6b:df:9a:3e:
                    10:fd:08:4a:03:ea:ad:0c:30:45:d7:a0:62:36:24:
                    3f:46:e9:fd:03:1e:e4:79:8f:37:b8:e9:13:ec:ec:
                    12:05:7b:13:bd:52:80:64:8d:94:70:d2:60:ef:7e:
                    47:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A4:25:F5:F2:06:EF:06:27:93:8B:04:13:B0:F8:84:78:27:D4:5A
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/uaQl9fIG7wYnk4sEE7D4hHgn1Fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:5a:d2:f3:c4:10:3f:34:6b:9d:9e:79:9f:b8:94:83:3b:73:
         45:ed:52:16:43:16:20:2f:1b:36:99:0a:ba:48:55:c0:90:e5:
         6c:c2:eb:5f:1b:26:9f:b2:4d:87:a9:aa:dc:14:66:23:f0:e1:
         85:ff:aa:80:89:d5:c1:a0:3a:30:a4:81:b0:7a:77:7a:2f:2d:
         48:54:63:fc:a8:eb:5a:3b:da:ed:bd:f5:05:c7:1a:ed:91:3c:
         4b:68:e4:d7:82:1f:fe:4e:fe:09:b1:c9:bf:90:9d:70:15:7c:
         79:d0:ca:09:86:2b:56:5c:f7:8d:44:53:19:e9:f2:97:b3:b7:
         71:64:89:7a:c2:98:73:10:bc:01:06:34:7c:94:5c:7c:6c:70:
         fc:b3:94:c8:1e:95:3a:81:c6:42:2e:94:91:20:d2:b3:2d:97:
         b6:fb:16:4e:c5:8d:96:5c:f5:f0:c6:51:53:26:58:04:ae:21:
         94:db:da:a4:ef:5b:aa:0d:52:41:de:be:86:14:6d:99:5b:cc:
         a5:05:2d:f7:a0:45:27:ed:03:c2:da:f5:dc:fd:76:80:b3:d2:
         09:03:90:d7:fb:8f:7b:04:cf:0d:87:a0:f8:ca:62:fa:9d:2c:
         aa:ce:bf:0b:eb:1d:11:69:c1:6c:31:75:a2:76:bb:57:3c:d8:
         a0:bb:87:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY19xnpZjufut5tCTzY1Wm0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMjA2MDkzNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWE0MjVmNWYyMDZlZjA2Mjc5MzhiMDQxM2IwZjg4NDc4MjdkNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmu6jpYlmqd1hAY7opChfEQpxRemk
w1U51Z54mlT5kUYpaGw4KO+eCqtIkPED4AdytfQBEnTLPVSduGgXK1LtYmEO6nMZ
/JFoD1kFh0UBhvUmNEPcESYnOoQ/VItUXgueyuBM5uaERVb+a3wYDxYwBdg4jYbE
lQqnqfQI/IbTBhrFeCW6DpvPrknbLwcYno93sR45KBW+oYuSbZZU+msw77U4WWye
fyfVbhz1KN3NI1lSfA1Lpx7xPPDe0cu3iwxe37WfZmz43NgqVZZ36mvfmj4Q/QhK
A+qtDDBF16BiNiQ/Run9Ax7keY83uOkT7OwSBXsTvVKAZI2UcNJg735HHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmkJfXyBu8GJ5OLBBOw+IR4J9RaMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvdWFRbDlmSUc3d1luazRzRUU3RDRoSGduMUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVNZMA0G
CSqGSIb3DQEBCwUAA4IBAQCVWtLzxBA/NGudnnmfuJSDO3NF7VIWQxYgLxs2mQq6
SFXAkOVswutfGyafsk2HqarcFGYj8OGF/6qAidXBoDowpIGwend6Ly1IVGP8qOta
O9rtvfUFxxrtkTxLaOTXgh/+Tv4Jscm/kJ1wFXx50MoJhitWXPeNRFMZ6fKXs7dx
ZIl6wphzELwBBjR8lFx8bHD8s5TIHpU6gcZCLpSRINKzLZe2+xZOxY2WXPXwxlFT
JlgEriGU29qk71uqDVJB3r6GFG2ZW8ylBS33oEUn7QPC2vXc/XaAs9IJA5DX+497
BM8Nh6D4ymL6nSyqzr8L6x0RacFsMXWidrtXPNigu4fH
-----END CERTIFICATE-----