Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/o89ApmWJ5Fi7Xa8LqCasrlXokHM.roa
File:                     o89ApmWJ5Fi7Xa8LqCasrlXokHM.roa (raw, json)
Hash identifier:          Qg1oog0xm9ePTg4Lcs3h4g8cNgJ7sX+oy8Yql87pv48=
Subject key identifier:   A3:CF:40:A6:65:89:E4:58:BB:5D:AF:0B:A8:26:AC:AE:55:E8:90:73
Certificate issuer:       /CN=34ba9c223241eb80e2bc71853bb7d2e58286bdd3
Certificate serial:       0192D2BA220EA6CAE20DA1DD4F1A2FA006CD
Authority key identifier: 34:BA:9C:22:32:41:EB:80:E2:BC:71:85:3B:B7:D2:E5:82:86:BD:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NLqcIjJB64DivHGFO7fS5YKGvdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/o89ApmWJ5Fi7Xa8LqCasrlXokHM.roa
Signing time:             Mon 28 Oct 2024 10:44:26 +0000
ROA not before:           Mon 28 Oct 2024 10:44:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204877
IP address blocks:        185.141.120.0/22 maxlen: 24
                          2a0d:ff00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/NLqcIjJB64DivHGFO7fS5YKGvdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/NLqcIjJB64DivHGFO7fS5YKGvdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NLqcIjJB64DivHGFO7fS5YKGvdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:ba:22:0e:a6:ca:e2:0d:a1:dd:4f:1a:2f:a0:06:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34ba9c223241eb80e2bc71853bb7d2e58286bdd3
        Validity
            Not Before: Oct 28 10:44:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3cf40a66589e458bb5daf0ba826acae55e89073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:de:e3:1a:38:0a:4b:cc:50:49:58:0a:82:e6:
                    58:bf:e1:5a:7a:6e:25:ad:f5:df:bb:52:f4:a4:d4:
                    a8:6b:ca:b8:18:07:de:a5:6d:c7:ec:e6:3d:dc:11:
                    53:f3:83:81:9a:68:b9:17:04:ff:2b:da:f8:d1:86:
                    63:53:03:ff:d5:db:04:e5:91:0e:c5:29:1f:9b:0a:
                    e1:4b:93:bb:64:64:03:63:20:4b:6d:83:8f:0d:49:
                    89:8c:d0:fb:da:2a:0d:b2:c4:6b:f2:54:3e:44:bb:
                    a3:15:a3:d6:d1:f9:7f:c3:8b:b6:f5:17:f7:a5:dc:
                    f5:bf:4e:43:2a:2b:a1:f5:1e:98:ef:7c:2e:26:46:
                    6a:78:50:73:e4:23:b1:e8:06:83:51:ab:b2:8b:18:
                    72:9c:5a:a9:51:30:30:a0:c8:fc:26:59:69:65:88:
                    9a:93:98:5a:b7:e9:ab:df:f5:f2:9a:09:85:ce:51:
                    88:64:74:47:3d:7d:b9:55:90:22:fe:97:d3:31:2e:
                    a5:52:78:05:e4:76:0b:4a:52:5f:db:29:ae:35:3b:
                    47:d3:0d:0d:f0:2f:9e:50:5e:75:6e:c6:01:be:db:
                    7e:f0:32:ca:b5:5c:5c:58:c2:d8:c7:b5:16:d5:56:
                    61:6b:8e:b9:a3:27:32:b5:4e:ba:50:67:a1:99:de:
                    2f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CF:40:A6:65:89:E4:58:BB:5D:AF:0B:A8:26:AC:AE:55:E8:90:73
            X509v3 Authority Key Identifier:
                keyid:34:BA:9C:22:32:41:EB:80:E2:BC:71:85:3B:B7:D2:E5:82:86:BD:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLqcIjJB64DivHGFO7fS5YKGvdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/o89ApmWJ5Fi7Xa8LqCasrlXokHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/NLqcIjJB64DivHGFO7fS5YKGvdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.120.0/22
                IPv6:
                  2a0d:ff00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:33:8c:9b:37:c3:98:44:99:ef:aa:39:0d:63:76:2b:21:63:
         43:d7:61:a0:c8:d4:4f:ef:6b:e7:47:bb:40:d9:a9:e7:5b:0e:
         83:b5:0c:10:3a:06:de:fa:af:f7:b2:43:79:e7:a1:75:b4:32:
         93:27:a6:21:0d:ff:ef:38:5a:3f:ba:64:db:a8:2b:2f:d8:7a:
         b0:73:46:be:07:14:e1:cd:77:11:63:c1:59:07:bb:c5:41:e0:
         54:46:58:aa:4e:15:ab:4b:74:85:56:a5:48:f3:20:80:97:ba:
         8b:db:b6:3a:f7:37:fb:e5:7f:ae:79:fe:25:25:c5:6d:e9:1c:
         e5:39:a7:2e:0d:4c:db:9e:01:b1:9d:bc:46:46:d2:03:f0:ae:
         0c:b1:8d:21:21:d8:2f:a3:49:e9:7f:7b:4c:48:14:11:3f:9b:
         1f:34:43:6e:92:0b:4b:14:5c:7f:50:f6:7b:94:f3:f6:de:83:
         bb:59:86:09:54:68:83:96:84:b0:d5:8b:e8:68:fe:fe:6a:77:
         79:f7:28:5b:a5:2d:d4:83:e0:bc:c4:99:2b:f5:cb:75:2d:51:
         4f:87:dd:4a:99:26:d1:d1:7b:ce:d2:65:51:ef:4c:dd:e2:6e:
         6a:b2:d7:66:56:fd:65:60:d1:dc:73:68:53:c8:8c:d2:ec:e5:
         5b:a0:27:ce
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZLSuiIOpsriDaHdTxovoAbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YmE5YzIyMzI0MWViODBlMmJjNzE4NTNiYjdkMmU1ODI4
NmJkZDMwHhcNMjQxMDI4MTA0NDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NmNDBhNjY1ODllNDU4YmI1ZGFmMGJhODI2YWNhZTU1ZTg5MDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu97jGjgKS8xQSVgKguZYv+Faem4l
rfXfu1L0pNSoa8q4GAfepW3H7OY93BFT84OBmmi5FwT/K9r40YZjUwP/1dsE5ZEO
xSkfmwrhS5O7ZGQDYyBLbYOPDUmJjND72ioNssRr8lQ+RLujFaPW0fl/w4u29Rf3
pdz1v05DKiuh9R6Y73wuJkZqeFBz5COx6AaDUauyixhynFqpUTAwoMj8JllpZYia
k5hat+mr3/XymgmFzlGIZHRHPX25VZAi/pfTMS6lUngF5HYLSlJf2ymuNTtH0w0N
8C+eUF51bsYBvtt+8DLKtVxcWMLYx7UW1VZha465oycytU66UGehmd4v8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKPPQKZlieRYu12vC6gmrK5V6JBzMB8GA1UdIwQY
MBaAFDS6nCIyQeuA4rxxhTu30uWChr3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkxxY0lqSkI2NERpdkhHRk83ZlM1WUtHdmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jMmVjNjEtMzdhYi00MDViLWE2YzIt
MTNlZTRjOGQzMDgyLzEvbzg5QXBtV0o1Rmk3WGE4THFDYXNybFhva0hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jMmVjNjEtMzdhYi00MDViLWE2YzItMTNlZTRjOGQzMDgy
LzEvTkxxY0lqSkI2NERpdkhHRk83ZlM1WUtHdmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY14MA0E
AgACMAcDBQMqDf8AMA0GCSqGSIb3DQEBCwUAA4IBAQBOM4ybN8OYRJnvqjkNY3Yr
IWND12GgyNRP72vnR7tA2annWw6DtQwQOgbe+q/3skN556F1tDKTJ6YhDf/vOFo/
umTbqCsv2Hqwc0a+BxThzXcRY8FZB7vFQeBURliqThWrS3SFVqVI8yCAl7qL27Y6
9zf75X+uef4lJcVt6RzlOacuDUzbngGxnbxGRtID8K4MsY0hIdgvo0npf3tMSBQR
P5sfNENukgtLFFx/UPZ7lPP23oO7WYYJVGiDloSw1YvoaP7+and59yhbpS3Ug+C8
xJkr9ct1LVFPh91KmSbR0XvO0mVR70zd4m5qstdmVv1lYNHcc2hTyIzS7OVboCfO
-----END CERTIFICATE-----