Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/97OsD3yI58_k6wsFCud8i7hhIhY.roa
File:                     97OsD3yI58_k6wsFCud8i7hhIhY.roa (raw, json)
Hash identifier:          ZqG8JmykGF5hsCwxyVm1KVGMWLog90mSmx3+LJlh2JM=
Subject key identifier:   F7:B3:AC:0F:7C:88:E7:CF:E4:EB:0B:05:0A:E7:7C:8B:B8:61:22:16
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018CCA2BDC6EF42AC747DC8BCBC1A7904F68
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/97OsD3yI58_k6wsFCud8i7hhIhY.roa
Signing time:             Tue 02 Jan 2024 12:35:21 +0000
ROA not before:           Tue 02 Jan 2024 12:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        152.89.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:dc:6e:f4:2a:c7:47:dc:8b:cb:c1:a7:90:4f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  2 12:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7b3ac0f7c88e7cfe4eb0b050ae77c8bb8612216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:93:df:08:96:6c:50:5f:8d:12:83:29:22:9d:
                    13:b2:13:83:97:5b:d9:28:1c:8c:c6:e7:a3:25:d9:
                    35:11:36:0b:2a:49:41:b5:54:7c:2b:18:c2:ee:c7:
                    1b:be:dc:42:aa:c4:2e:0f:68:3c:ad:1d:e4:e7:84:
                    7e:24:b1:fb:02:87:3c:c0:e6:5b:54:6f:9f:e5:1a:
                    f6:f0:74:cb:a8:19:04:c9:10:f5:e9:52:c0:f4:8e:
                    8d:94:23:57:32:df:3a:06:d2:1e:b6:5e:c5:04:45:
                    d7:4e:ed:a9:6f:87:70:79:42:11:6c:b5:f2:17:a4:
                    22:f3:8d:7a:df:9a:23:b9:b7:f2:13:6a:13:c9:fd:
                    c2:27:18:f9:73:86:c6:18:d7:e0:1d:14:bb:8c:93:
                    3c:21:a5:53:b6:88:3f:3c:69:e4:85:8e:2a:82:81:
                    77:44:98:eb:59:f2:f4:21:89:eb:a5:32:33:b7:c8:
                    d1:b7:eb:77:82:38:f3:3a:2c:90:5d:ab:bf:5b:9a:
                    78:09:46:be:07:6f:1c:90:7d:14:ba:bc:cc:67:5c:
                    6d:35:12:ca:b2:9d:5d:12:00:9d:b5:d4:9b:c9:97:
                    ee:ad:30:d5:6b:9a:49:88:68:c0:96:af:8e:e4:b5:
                    3c:01:fa:ef:2a:91:4c:6a:6d:f2:f0:af:a2:cb:a2:
                    74:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B3:AC:0F:7C:88:E7:CF:E4:EB:0B:05:0A:E7:7C:8B:B8:61:22:16
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/97OsD3yI58_k6wsFCud8i7hhIhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:e5:be:ae:79:4b:3d:c9:ba:d2:12:dc:eb:41:02:f3:13:62:
         ab:88:bd:32:02:0e:b5:9b:59:5e:e2:a9:2c:18:c2:8a:9f:1f:
         07:52:01:8c:f4:83:52:da:d4:ac:fd:a8:26:d1:c9:2d:92:6d:
         da:f1:34:f3:b2:37:91:71:b5:4e:b7:bf:2e:53:fe:9c:e9:61:
         26:4c:4b:57:91:3f:2b:80:b9:fd:56:54:05:bd:1c:0a:10:fc:
         2c:4e:1f:ca:4c:db:57:79:da:9c:6f:4b:dc:7a:d4:6f:03:cb:
         c2:96:38:80:5d:f5:49:eb:15:3b:ac:21:fa:8e:88:e3:13:dc:
         0d:ea:34:ae:86:61:e7:18:31:81:26:5f:42:28:ad:ed:ce:f1:
         e2:d4:10:21:61:b8:01:70:ec:bd:e9:73:08:92:b8:93:9d:90:
         20:08:06:84:04:b0:e0:6a:b5:09:ee:6a:bf:4f:1b:b5:f2:c1:
         60:36:c8:9d:cf:f2:af:9b:f3:f1:b8:3d:a1:03:b0:2e:74:88:
         f9:72:c0:8b:0d:77:a1:1d:19:bc:b8:49:4f:de:49:07:ba:f9:
         ed:e7:40:25:20:8a:72:71:5a:91:e3:96:62:46:0a:4e:4d:17:
         8b:6f:b7:0c:bb:5c:35:6d:50:d4:c9:5d:c4:a8:41:d4:06:cb:
         43:b9:dd:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK9xu9CrHR9yLy8GnkE9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwMTAyMTIzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2IzYWMwZjdjODhlN2NmZTRlYjBiMDUwYWU3N2M4YmI4NjEyMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpPfCJZsUF+NEoMpIp0TshODl1vZ
KByMxuejJdk1ETYLKklBtVR8KxjC7scbvtxCqsQuD2g8rR3k54R+JLH7Aoc8wOZb
VG+f5Rr28HTLqBkEyRD16VLA9I6NlCNXMt86BtIetl7FBEXXTu2pb4dweUIRbLXy
F6Qi841635ojubfyE2oTyf3CJxj5c4bGGNfgHRS7jJM8IaVTtog/PGnkhY4qgoF3
RJjrWfL0IYnrpTIzt8jRt+t3gjjzOiyQXau/W5p4CUa+B28ckH0UurzMZ1xtNRLK
sp1dEgCdtdSbyZfurTDVa5pJiGjAlq+O5LU8AfrvKpFMam3y8K+iy6J0vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPezrA98iOfP5OsLBQrnfIu4YSIWMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvOTdPc0QzeUk1OF9rNndzRkN1ZDhpN2hoSWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFnCMA0G
CSqGSIb3DQEBCwUAA4IBAQCw5b6ueUs9ybrSEtzrQQLzE2KriL0yAg61m1le4qks
GMKKnx8HUgGM9INS2tSs/agm0cktkm3a8TTzsjeRcbVOt78uU/6c6WEmTEtXkT8r
gLn9VlQFvRwKEPwsTh/KTNtXedqcb0vcetRvA8vCljiAXfVJ6xU7rCH6jojjE9wN
6jSuhmHnGDGBJl9CKK3tzvHi1BAhYbgBcOy96XMIkriTnZAgCAaEBLDgarUJ7mq/
Txu18sFgNsidz/Kvm/PxuD2hA7AudIj5csCLDXehHRm8uElP3kkHuvnt50AlIIpy
cVqR45ZiRgpOTReLb7cMu1w1bVDUyV3EqEHUBstDud15
-----END CERTIFICATE-----