Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/JZW9JwGAtMxHMaydxYSJgrJFiyA.roa
File:                     JZW9JwGAtMxHMaydxYSJgrJFiyA.roa (raw, json)
Hash identifier:          cBe0JsVvLpnrRA6C3MAiAPov8g1hjq5Lz0Ln59Ne+/Q=
Subject key identifier:   25:95:BD:27:01:80:B4:CC:47:31:AC:9D:C5:84:89:82:B2:45:8B:20
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       018CC5DC90536B6361006CE9DB39375373B3
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/JZW9JwGAtMxHMaydxYSJgrJFiyA.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60893
IP address blocks:        89.18.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:90:53:6b:63:61:00:6c:e9:db:39:37:53:73:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2595bd270180b4cc4731ac9dc5848982b2458b20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d3:80:96:c7:87:28:b0:28:f5:ca:66:6c:5f:
                    ef:b4:85:42:89:24:7f:8c:02:87:26:a3:7d:1f:37:
                    eb:3d:a9:d9:b3:65:78:5d:9b:92:3e:83:9f:a5:41:
                    30:83:53:56:7c:da:b4:41:18:9b:a1:3d:fa:3b:73:
                    ef:7c:08:8b:29:4f:c8:20:b1:77:6b:a4:2f:44:9a:
                    11:83:ae:c7:95:84:47:6f:e7:0f:5b:c8:26:a6:ac:
                    93:62:61:90:09:e1:06:09:5f:23:77:25:15:1f:65:
                    4a:98:dd:b5:72:81:be:61:ee:65:68:51:62:5f:83:
                    e6:c5:da:9a:27:f5:5a:47:fb:1b:3a:52:68:67:f2:
                    88:1b:3b:f9:60:ae:39:71:56:08:da:d8:1a:95:49:
                    3c:d9:e4:c4:4d:d2:e4:ee:dd:2e:59:76:9c:28:d6:
                    16:25:ca:e6:cc:a8:26:ef:27:8f:53:42:37:a0:9e:
                    b5:01:fe:78:51:43:26:5c:34:9a:49:c4:10:6d:03:
                    83:c1:d0:a8:cd:d5:e9:f1:49:ea:a4:89:2f:21:07:
                    9f:2a:62:2b:b4:91:7b:90:51:31:d9:9d:db:95:36:
                    74:5e:1a:81:29:96:9a:a0:58:27:42:e5:d9:88:5d:
                    92:b1:fa:15:e9:b8:7f:3b:f5:1e:7f:03:88:9a:0c:
                    f6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:95:BD:27:01:80:B4:CC:47:31:AC:9D:C5:84:89:82:B2:45:8B:20
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/JZW9JwGAtMxHMaydxYSJgrJFiyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:6c:51:89:3b:9c:da:f2:52:8f:75:d1:5d:d6:05:a4:1e:6d:
         cd:d8:f9:8a:57:3e:98:fd:e1:21:f6:af:b4:3b:e1:60:2a:70:
         17:68:f4:af:f5:9b:6a:03:c5:ae:a6:3a:87:0e:7c:56:e7:70:
         b2:99:62:be:1b:2f:8c:cf:5d:ea:a5:bb:ef:4a:3b:35:07:5d:
         23:41:a9:36:bf:5a:2d:cd:6c:b3:56:46:ce:d7:10:84:aa:60:
         81:8f:b7:79:28:55:e8:e4:fc:2d:20:46:cb:7e:c0:9d:02:fc:
         83:d3:4a:ca:5f:f3:66:cf:51:74:1f:34:b5:03:3a:ed:3a:6e:
         43:92:6a:17:9c:ba:2a:a1:e1:e4:c6:d4:97:f3:4b:ea:9d:87:
         e4:ee:c1:ee:73:0b:53:f7:82:68:f3:c9:12:38:af:50:4c:54:
         62:7f:5d:dd:24:6a:8d:3f:9b:9f:00:7d:bf:48:f3:18:c0:7a:
         2d:8e:85:a2:a4:37:d6:1d:7b:fb:7e:32:5d:d9:c0:70:fe:e9:
         1f:b5:32:87:d7:42:76:5a:5b:6d:66:6e:83:26:50:24:ad:a5:
         48:e3:cd:69:50:be:04:af:b1:ef:03:66:6d:25:c3:52:99:0a:
         40:f7:36:6a:0a:57:35:97:74:97:56:2c:e4:81:eb:56:ee:59:
         6a:a1:d5:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JBTa2NhAGzp2zk3U3OzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTk1YmQyNzAxODBiNGNjNDczMWFjOWRjNTg0ODk4MmIyNDU4YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNOAlseHKLAo9cpmbF/vtIVCiSR/
jAKHJqN9HzfrPanZs2V4XZuSPoOfpUEwg1NWfNq0QRiboT36O3PvfAiLKU/IILF3
a6QvRJoRg67HlYRHb+cPW8gmpqyTYmGQCeEGCV8jdyUVH2VKmN21coG+Ye5laFFi
X4PmxdqaJ/VaR/sbOlJoZ/KIGzv5YK45cVYI2tgalUk82eTETdLk7t0uWXacKNYW
JcrmzKgm7yePU0I3oJ61Af54UUMmXDSaScQQbQODwdCozdXp8UnqpIkvIQefKmIr
tJF7kFEx2Z3blTZ0XhqBKZaaoFgnQuXZiF2SsfoV6bh/O/UefwOImgz2oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWVvScBgLTMRzGsncWEiYKyRYsgMB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvSlpXOUp3R0F0TXhITWF5ZHhZU0pnckpGaXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRKvMA0G
CSqGSIb3DQEBCwUAA4IBAQAnbFGJO5za8lKPddFd1gWkHm3N2PmKVz6Y/eEh9q+0
O+FgKnAXaPSv9ZtqA8WupjqHDnxW53CymWK+Gy+Mz13qpbvvSjs1B10jQak2v1ot
zWyzVkbO1xCEqmCBj7d5KFXo5PwtIEbLfsCdAvyD00rKX/Nmz1F0HzS1AzrtOm5D
kmoXnLoqoeHkxtSX80vqnYfk7sHucwtT94Jo88kSOK9QTFRif13dJGqNP5ufAH2/
SPMYwHotjoWipDfWHXv7fjJd2cBw/ukftTKH10J2WlttZm6DJlAkraVI481pUL4E
r7HvA2ZtJcNSmQpA9zZqClc1l3SXVizkgetW7llqodUr
-----END CERTIFICATE-----