Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/7d8900-be76-40e2-8c99-70f943eac4db/1/Goy-aqTNLuHFlZrzc3oH2SzWZaM.roa
File:                     Goy-aqTNLuHFlZrzc3oH2SzWZaM.roa (raw, json)
Hash identifier:          xir4N9uvwLVRqfV0r2hoBwBAx0D6D7rUOw/kKbQwEDA=
Subject key identifier:   1A:8C:BE:6A:A4:CD:2E:E1:C5:95:9A:F3:73:7A:07:D9:2C:D6:65:A3
Certificate issuer:       /CN=89693344638acb0536582fab089876578ef6bc56
Certificate serial:       018CC5011EDAEB174E82BD170523AF544611
Authority key identifier: 89:69:33:44:63:8A:CB:05:36:58:2F:AB:08:98:76:57:8E:F6:BC:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWkzRGOKywU2WC-rCJh2V472vFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/7d8900-be76-40e2-8c99-70f943eac4db/1/Goy-aqTNLuHFlZrzc3oH2SzWZaM.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48890
IP address blocks:        193.23.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/7d8900-be76-40e2-8c99-70f943eac4db/1/iWkzRGOKywU2WC-rCJh2V472vFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/7d8900-be76-40e2-8c99-70f943eac4db/1/iWkzRGOKywU2WC-rCJh2V472vFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWkzRGOKywU2WC-rCJh2V472vFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1e:da:eb:17:4e:82:bd:17:05:23:af:54:46:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89693344638acb0536582fab089876578ef6bc56
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a8cbe6aa4cd2ee1c5959af3737a07d92cd665a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:56:ca:33:5d:84:bc:2f:e7:51:58:42:d8:d5:
                    87:24:d7:67:5b:51:0a:96:86:d9:5b:8d:a0:ea:a8:
                    38:4d:cf:00:c1:62:e0:49:53:59:20:6d:f6:85:ae:
                    5a:7b:74:be:13:10:d1:88:b6:02:c4:c0:b5:03:d4:
                    d7:14:ca:c5:06:fc:df:07:3a:4b:63:35:c0:10:01:
                    64:85:34:bb:86:0d:64:47:4b:48:35:67:23:5d:cb:
                    2f:5e:f9:87:33:56:39:65:02:95:81:3c:fd:b2:cd:
                    af:47:39:38:3d:3f:b6:a0:b0:f5:72:27:42:ef:1d:
                    1d:a8:cf:af:0b:88:b7:4b:54:b2:2d:85:cd:c2:53:
                    92:7d:0c:b1:d7:50:4b:70:ed:3d:f5:ec:02:87:8e:
                    17:12:a0:3a:dc:47:94:56:09:d8:3f:9c:f0:35:1b:
                    70:6c:1f:4c:5e:9f:ca:0d:bc:58:5f:42:b3:1c:44:
                    57:0b:1c:c3:e4:20:53:a8:b7:59:45:55:85:9f:30:
                    72:74:96:68:50:45:7e:15:fc:3c:80:3b:80:6b:e8:
                    8c:d7:1c:23:7d:60:03:7a:f8:cc:5e:53:7a:a7:31:
                    a2:a6:b1:99:80:59:54:ae:01:f7:3e:f7:d1:f1:ab:
                    a2:a2:6c:3e:a5:ad:b2:2f:70:24:f2:dd:64:60:76:
                    1d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:8C:BE:6A:A4:CD:2E:E1:C5:95:9A:F3:73:7A:07:D9:2C:D6:65:A3
            X509v3 Authority Key Identifier:
                keyid:89:69:33:44:63:8A:CB:05:36:58:2F:AB:08:98:76:57:8E:F6:BC:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWkzRGOKywU2WC-rCJh2V472vFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/7d8900-be76-40e2-8c99-70f943eac4db/1/Goy-aqTNLuHFlZrzc3oH2SzWZaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/7d8900-be76-40e2-8c99-70f943eac4db/1/iWkzRGOKywU2WC-rCJh2V472vFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:d8:2d:01:ac:c7:b1:b8:bb:89:84:fe:54:54:b3:c6:b2:a0:
         ab:84:7c:b7:89:37:b0:7a:4d:e2:5d:62:11:77:0f:f7:ee:0e:
         37:5e:46:05:95:31:b5:68:56:54:75:a1:7d:0b:e9:ec:ea:47:
         95:7c:f5:d3:86:aa:bb:eb:f4:d0:5a:86:ef:de:51:22:11:4c:
         c0:82:88:75:7e:bd:9c:7b:b5:69:7d:71:65:49:98:27:7a:09:
         ec:83:9a:e7:8a:fd:02:f9:be:07:7e:96:ff:cd:ce:cc:f2:3c:
         82:c2:e7:24:14:59:24:d1:24:b1:dd:6d:f6:90:63:2c:46:a1:
         80:58:90:c2:4a:06:94:67:ba:bf:c1:77:91:d2:7d:7b:d8:8a:
         e9:9f:d1:28:d3:31:63:72:c2:21:bd:8a:cc:0f:85:ce:02:29:
         aa:01:05:d8:22:33:28:ae:1d:79:03:5f:c0:0d:4d:dc:7e:a4:
         be:70:c8:1a:c6:8a:fc:e9:02:cc:e9:f8:b1:d1:1a:8a:d9:3f:
         f0:44:a2:b1:7c:8c:97:30:69:20:6d:1d:09:2a:8b:bc:93:07:
         d4:50:88:1b:d2:a8:84:1d:f9:bc:b4:7f:61:4a:eb:9d:31:5e:
         27:e8:c2:5f:9e:42:e3:71:45:c4:34:b3:62:66:4c:a1:2f:6f:
         07:b5:d1:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR7a6xdOgr0XBSOvVEYRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NjkzMzQ0NjM4YWNiMDUzNjU4MmZhYjA4OTg3NjU3OGVm
NmJjNTYwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYThjYmU2YWE0Y2QyZWUxYzU5NTlhZjM3MzdhMDdkOTJjZDY2NWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllbKM12EvC/nUVhC2NWHJNdnW1EK
lobZW42g6qg4Tc8AwWLgSVNZIG32ha5ae3S+ExDRiLYCxMC1A9TXFMrFBvzfBzpL
YzXAEAFkhTS7hg1kR0tINWcjXcsvXvmHM1Y5ZQKVgTz9ss2vRzk4PT+2oLD1cidC
7x0dqM+vC4i3S1SyLYXNwlOSfQyx11BLcO099ewCh44XEqA63EeUVgnYP5zwNRtw
bB9MXp/KDbxYX0KzHERXCxzD5CBTqLdZRVWFnzBydJZoUEV+Ffw8gDuAa+iM1xwj
fWADevjMXlN6pzGiprGZgFlUrgH3PvfR8auiomw+pa2yL3Ak8t1kYHYdwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqMvmqkzS7hxZWa83N6B9ks1mWjMB8GA1UdIwQY
MBaAFIlpM0RjissFNlgvqwiYdleO9rxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdrelJHT0t5d1UyV0MtckNKaDJWNDcydkZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi83ZDg5MDAtYmU3Ni00MGUyLThjOTkt
NzBmOTQzZWFjNGRiLzEvR295LWFxVE5MdUhGbFpyemMzb0gyU3pXWmFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi83ZDg5MDAtYmU3Ni00MGUyLThjOTktNzBmOTQzZWFjNGRi
LzEvaVdrelJHT0t5d1UyV0MtckNKaDJWNDcydkZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwReOMA0G
CSqGSIb3DQEBCwUAA4IBAQCT2C0BrMexuLuJhP5UVLPGsqCrhHy3iTewek3iXWIR
dw/37g43XkYFlTG1aFZUdaF9C+ns6keVfPXThqq76/TQWobv3lEiEUzAgoh1fr2c
e7VpfXFlSZgnegnsg5rniv0C+b4Hfpb/zc7M8jyCwuckFFkk0SSx3W32kGMsRqGA
WJDCSgaUZ7q/wXeR0n172Irpn9Eo0zFjcsIhvYrMD4XOAimqAQXYIjMorh15A1/A
DU3cfqS+cMgaxor86QLM6fix0RqK2T/wRKKxfIyXMGkgbR0JKou8kwfUUIgb0qiE
Hfm8tH9hSuudMV4n6MJfnkLjcUXENLNiZkyhL28HtdEX
-----END CERTIFICATE-----