Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/RkLQtknN_dzSCylDZefYyQthEgE.roa
File:                     RkLQtknN_dzSCylDZefYyQthEgE.roa (raw, json)
Hash identifier:          epRSRHzrwhU4pKWKiiSuC7jOUYy0MsunIOZccVcM1+U=
Subject key identifier:   46:42:D0:B6:49:CD:FD:DC:D2:0B:29:43:65:E7:D8:C9:0B:61:12:01
Certificate issuer:       /CN=d7d0674bd6f0cc9175219a328c8b396829f6c0af
Certificate serial:       0192BE9128E604F5D67A034E1CE7C405033F
Authority key identifier: D7:D0:67:4B:D6:F0:CC:91:75:21:9A:32:8C:8B:39:68:29:F6:C0:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/RkLQtknN_dzSCylDZefYyQthEgE.roa
Signing time:             Thu 24 Oct 2024 12:47:17 +0000
ROA not before:           Thu 24 Oct 2024 12:47:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1136
IP address blocks:        89.147.32.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:91:28:e6:04:f5:d6:7a:03:4e:1c:e7:c4:05:03:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7d0674bd6f0cc9175219a328c8b396829f6c0af
        Validity
            Not Before: Oct 24 12:47:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4642d0b649cdfddcd20b294365e7d8c90b611201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:81:69:1d:9a:15:79:6a:5b:5a:eb:1b:8a:ad:
                    98:29:85:2e:d8:05:0f:d2:5a:f2:31:b9:ee:94:17:
                    60:3c:03:3c:17:5b:ee:09:a2:62:7f:99:b3:aa:d0:
                    e5:6c:01:f1:24:5b:65:b1:9f:9a:13:16:38:80:d3:
                    63:41:f8:29:43:0f:fc:33:9b:49:2f:6f:2e:98:68:
                    d3:17:ad:b3:4e:c4:7f:0e:f0:b7:9d:68:57:76:e7:
                    a4:d7:65:86:09:be:5d:71:83:95:34:e8:49:2f:41:
                    f5:0f:8c:74:12:04:bd:62:62:62:73:cc:d2:73:98:
                    25:2f:90:88:77:8c:12:80:52:04:fd:7a:85:47:6d:
                    35:cb:94:06:54:99:e7:b4:5a:e3:92:bc:87:5c:4a:
                    8b:20:ad:34:ec:75:44:69:6a:87:32:64:40:9b:dc:
                    e7:34:8c:a9:d0:1b:2e:88:32:ff:6f:b4:f5:d8:06:
                    23:9e:86:c1:da:e8:a1:bd:7a:3c:c6:6d:ca:19:1d:
                    17:e2:e0:73:63:2d:dc:0a:a1:42:71:87:ee:5b:d5:
                    65:a3:fb:ea:b0:8b:54:fc:eb:9d:25:8c:6f:dd:92:
                    d0:fa:38:22:6b:d2:37:7d:3a:fa:e6:b4:7c:ee:9a:
                    51:29:49:70:c9:1f:10:1e:ee:57:1c:60:f3:9f:06:
                    3a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:42:D0:B6:49:CD:FD:DC:D2:0B:29:43:65:E7:D8:C9:0B:61:12:01
            X509v3 Authority Key Identifier:
                keyid:D7:D0:67:4B:D6:F0:CC:91:75:21:9A:32:8C:8B:39:68:29:F6:C0:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/RkLQtknN_dzSCylDZefYyQthEgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.147.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:c4:58:f9:e9:97:da:fd:1f:3f:3d:50:d0:31:23:ab:32:28:
         d2:eb:56:67:b9:bb:de:30:6e:14:22:92:96:28:92:54:ed:c9:
         a9:c8:ad:a4:b3:b1:ac:e4:b6:a9:4e:ce:98:ad:2b:b2:26:b7:
         88:d0:76:e7:42:eb:7c:aa:d7:82:ee:c0:bd:d4:e0:7e:0c:95:
         2a:9b:f5:be:06:8d:e0:e4:c3:c3:bb:ca:16:57:d4:4d:45:a9:
         0c:df:0a:cb:cd:50:e8:de:c4:70:58:77:9a:c2:7c:d3:9d:61:
         4a:25:aa:51:db:64:07:76:80:00:68:40:b4:52:a8:15:3b:a7:
         9b:bf:72:31:fa:a8:64:75:24:11:f3:39:17:61:97:0c:4a:69:
         e4:38:70:bd:dd:ac:e7:86:d0:69:f5:ae:6f:3a:55:d0:a2:8c:
         f4:08:ba:b1:04:d9:f2:82:e5:d1:0c:3e:b6:bc:8b:61:db:f1:
         12:fe:d4:54:1e:7c:10:07:9b:3e:ca:3a:e7:05:b4:72:05:06:
         3e:31:9a:57:8a:01:4e:11:28:cf:ca:14:5c:04:70:a7:97:57:
         4f:4f:82:41:d4:bc:d1:14:5a:be:f9:c7:68:f3:ff:ae:e7:54:
         27:7d:0e:01:cf:09:fa:36:20:55:68:f9:5e:ab:f8:21:11:ba:
         fa:57:1c:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK+kSjmBPXWegNOHOfEBQM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZDA2NzRiZDZmMGNjOTE3NTIxOWEzMjhjOGIzOTY4Mjlm
NmMwYWYwHhcNMjQxMDI0MTI0NzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQyZDBiNjQ5Y2RmZGRjZDIwYjI5NDM2NWU3ZDhjOTBiNjExMjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8IFpHZoVeWpbWusbiq2YKYUu2AUP
0lryMbnulBdgPAM8F1vuCaJif5mzqtDlbAHxJFtlsZ+aExY4gNNjQfgpQw/8M5tJ
L28umGjTF62zTsR/DvC3nWhXduek12WGCb5dcYOVNOhJL0H1D4x0EgS9YmJic8zS
c5glL5CId4wSgFIE/XqFR201y5QGVJnntFrjkryHXEqLIK007HVEaWqHMmRAm9zn
NIyp0BsuiDL/b7T12AYjnobB2uihvXo8xm3KGR0X4uBzYy3cCqFCcYfuW9Vlo/vq
sItU/OudJYxv3ZLQ+jgia9I3fTr65rR87ppRKUlwyR8QHu5XHGDznwY62QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZC0LZJzf3c0gspQ2Xn2MkLYRIBMB8GA1UdIwQY
MBaAFNfQZ0vW8MyRdSGaMoyLOWgp9sCvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTlCblM5Ynd6SkYxSVpveWpJczVhQ24yd0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iMzBlNWQtOGIzYi00Mjg3LTliM2It
ODIzMmZhM2U2MjlkLzEvUmtMUXRrbk5fZHpTQ3lsRFplZll5UXRoRWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iMzBlNWQtOGIzYi00Mjg3LTliM2ItODIzMmZhM2U2Mjlk
LzEvMTlCblM5Ynd6SkYxSVpveWpJczVhQ24yd0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWZMgMA0G
CSqGSIb3DQEBCwUAA4IBAQCExFj56Zfa/R8/PVDQMSOrMijS61ZnubveMG4UIpKW
KJJU7cmpyK2ks7Gs5LapTs6YrSuyJreI0HbnQut8qteC7sC91OB+DJUqm/W+Bo3g
5MPDu8oWV9RNRakM3wrLzVDo3sRwWHeawnzTnWFKJapR22QHdoAAaEC0UqgVO6eb
v3Ix+qhkdSQR8zkXYZcMSmnkOHC93aznhtBp9a5vOlXQooz0CLqxBNnyguXRDD62
vIth2/ES/tRUHnwQB5s+yjrnBbRyBQY+MZpXigFOESjPyhRcBHCnl1dPT4JB1LzR
FFq++cdo8/+u51QnfQ4Bzwn6NiBVaPleq/ghEbr6VxwV
-----END CERTIFICATE-----