Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/9YVuC5QVBgGvtRRO-Ama5852W3Q.roa
File:                     9YVuC5QVBgGvtRRO-Ama5852W3Q.roa (raw, json)
Hash identifier:          pZl1MaIxHtKqydRWIeWIYmzk2VCkN9y9EkbX0g7prl0=
Subject key identifier:   F5:85:6E:0B:94:15:06:01:AF:B5:14:4E:F8:09:9A:E7:CE:76:5B:74
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       018CC6B79301E0D03163DBE3B4730F5A51DD
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/9YVuC5QVBgGvtRRO-Ama5852W3Q.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        89.44.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 05:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:93:01:e0:d0:31:63:db:e3:b4:73:0f:5a:51:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5856e0b94150601afb5144ef8099ae7ce765b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bd:a0:42:1b:04:ac:2b:7d:fe:0d:3c:33:af:
                    5c:c2:2f:b8:f3:dd:48:51:53:81:a8:77:9d:a0:ec:
                    5b:1b:09:f6:4f:f9:31:75:4b:08:44:30:70:e2:95:
                    6b:cd:55:45:ac:1b:4c:c6:65:fb:45:03:c9:fc:cb:
                    21:cf:1d:55:ad:ee:d1:e5:46:48:c1:0f:dc:82:ed:
                    3e:9e:cd:00:5e:24:bf:8c:2e:ef:2d:7d:19:45:b6:
                    d4:8f:4c:1f:f5:b9:b7:d1:98:6d:35:12:90:3c:8a:
                    37:fc:53:ae:85:24:2f:2e:ef:32:eb:fe:3d:59:ea:
                    d7:de:dc:0c:de:92:f0:e6:0f:5f:11:7e:54:77:4c:
                    3e:a4:b3:5d:7e:3c:d2:8d:0f:8c:42:98:93:27:2f:
                    2f:83:23:02:bb:45:5e:f1:75:14:46:48:50:64:a1:
                    dd:0e:99:64:d5:96:07:e8:4a:af:d4:c3:c9:fc:c2:
                    fa:52:d5:f3:aa:47:f4:4b:e5:e8:99:16:04:af:98:
                    5b:0f:33:4e:84:08:f1:e6:b3:a0:67:0f:38:f7:7d:
                    59:78:fa:78:41:b5:3d:07:13:92:b8:39:73:61:7e:
                    a7:4b:06:db:1e:e4:9c:22:21:62:16:91:35:52:ed:
                    70:c4:ad:f2:c6:81:74:ea:47:e5:e1:b3:ec:ba:91:
                    40:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:85:6E:0B:94:15:06:01:AF:B5:14:4E:F8:09:9A:E7:CE:76:5B:74
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/9YVuC5QVBgGvtRRO-Ama5852W3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:68:a1:d1:bc:99:df:24:57:87:2c:3c:08:2d:e6:e7:a1:ff:
         04:ad:b7:df:0f:0c:4d:14:18:1e:9d:aa:1e:9b:aa:6b:1e:51:
         c2:78:6a:23:20:c4:bb:fe:0f:7a:7d:e2:13:61:91:a2:af:97:
         da:8c:5f:09:4e:3d:e1:07:2d:15:84:5e:32:fe:20:45:c0:7a:
         95:63:08:12:d1:84:ea:68:dc:f9:c2:c8:bd:4c:7d:95:67:d2:
         1b:73:c6:3c:13:24:2e:2c:a8:fa:52:77:86:70:af:ff:b9:8e:
         3c:b4:44:ea:3a:64:68:89:e5:85:cc:7e:53:70:bf:25:72:65:
         55:7e:89:7d:92:3d:27:bf:4c:3c:5b:55:4a:ba:30:9e:fc:46:
         36:02:87:e1:38:38:13:6a:38:5e:48:3e:27:5e:4d:2a:f6:f4:
         07:84:76:7d:a7:34:68:5d:3a:d2:7e:a6:d5:09:91:86:9e:d7:
         1c:a6:53:7e:1c:14:ef:63:d2:58:21:6e:29:ed:96:9a:b0:1a:
         a5:74:7b:9d:18:7b:05:a3:d3:12:35:70:43:e5:f8:62:61:87:
         99:fa:7a:9c:50:0d:05:f6:b2:73:cf:da:00:af:ca:ec:c5:25:
         0f:9c:d1:d1:b3:df:1d:67:e8:90:06:e3:69:c7:dd:c1:6b:5e:
         00:d5:d0:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5MB4NAxY9vjtHMPWlHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTg1NmUwYjk0MTUwNjAxYWZiNTE0NGVmODA5OWFlN2NlNzY1Yjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b2gQhsErCt9/g08M69cwi+4891I
UVOBqHedoOxbGwn2T/kxdUsIRDBw4pVrzVVFrBtMxmX7RQPJ/Mshzx1Vre7R5UZI
wQ/cgu0+ns0AXiS/jC7vLX0ZRbbUj0wf9bm30ZhtNRKQPIo3/FOuhSQvLu8y6/49
WerX3twM3pLw5g9fEX5Ud0w+pLNdfjzSjQ+MQpiTJy8vgyMCu0Ve8XUURkhQZKHd
Dplk1ZYH6Eqv1MPJ/ML6UtXzqkf0S+XomRYEr5hbDzNOhAjx5rOgZw84931ZePp4
QbU9BxOSuDlzYX6nSwbbHuScIiFiFpE1Uu1wxK3yxoF06kfl4bPsupFAYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWFbguUFQYBr7UUTvgJmufOdlt0MB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvOVlWdUM1UVZCZ0d2dFJSTy1BbWE1ODUyVzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSxmMA0G
CSqGSIb3DQEBCwUAA4IBAQCYaKHRvJnfJFeHLDwILebnof8ErbffDwxNFBgenaoe
m6prHlHCeGojIMS7/g96feITYZGir5fajF8JTj3hBy0VhF4y/iBFwHqVYwgS0YTq
aNz5wsi9TH2VZ9Ibc8Y8EyQuLKj6UneGcK//uY48tETqOmRoieWFzH5TcL8lcmVV
fol9kj0nv0w8W1VKujCe/EY2AofhODgTajheSD4nXk0q9vQHhHZ9pzRoXTrSfqbV
CZGGntccplN+HBTvY9JYIW4p7ZaasBqldHudGHsFo9MSNXBD5fhiYYeZ+nqcUA0F
9rJzz9oAr8rsxSUPnNHRs98dZ+iQBuNpx93Ba14A1dCS
-----END CERTIFICATE-----