Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/S1irkiNRHFedIT4Kv39qWQKiCkM.roa
File:                     S1irkiNRHFedIT4Kv39qWQKiCkM.roa (raw, json)
Hash identifier:          g91H2WU047Uk9PQyokJ9dHHEMv3XwN1nOrbfbxAOZ2Q=
Subject key identifier:   4B:58:AB:92:23:51:1C:57:9D:21:3E:0A:BF:7F:6A:59:02:A2:0A:43
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       018CC6B8AD0C5C33506D3172004FE49A2781
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/S1irkiNRHFedIT4Kv39qWQKiCkM.roa
Signing time:             Mon 01 Jan 2024 20:30:40 +0000
ROA not before:           Mon 01 Jan 2024 20:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57353
IP address blocks:        89.48.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ad:0c:5c:33:50:6d:31:72:00:4f:e4:9a:27:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jan  1 20:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b58ab9223511c579d213e0abf7f6a5902a20a43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a0:ad:99:1b:6a:63:41:df:4f:e0:00:7e:28:
                    4c:d8:d1:56:37:1f:52:11:fd:31:15:85:1f:55:68:
                    62:ca:90:b8:68:24:4a:81:1c:f8:d3:e5:3f:1d:b0:
                    1b:5c:c9:5d:bd:8e:0e:74:1b:53:99:80:34:8c:f1:
                    d9:b2:50:63:36:8a:18:92:9a:44:70:3b:61:12:29:
                    4f:8c:dd:e2:a0:dc:30:38:51:ff:d5:dc:6e:e5:cc:
                    f5:4a:a9:49:d4:96:45:48:e1:da:63:a2:e5:c5:24:
                    40:0d:68:b8:20:57:e6:b6:af:14:b5:1b:e4:5c:58:
                    22:60:77:f2:5e:3d:5d:56:86:9e:5c:7c:f2:3e:96:
                    e5:24:17:5c:c6:d1:6e:25:bb:8f:df:23:2f:9e:0a:
                    00:dc:c7:8d:7e:ff:b4:41:30:68:6b:62:60:a7:1f:
                    e6:ff:e3:52:fb:5e:98:6f:ea:e5:c7:d2:35:5e:29:
                    a4:ca:59:f3:d2:26:02:86:58:3a:c0:b5:c2:42:a2:
                    5b:f4:97:d4:f1:ce:fa:df:47:64:f8:03:6e:3f:87:
                    54:bc:3e:c8:de:77:5c:75:12:78:d2:8b:ae:f4:11:
                    c0:e8:d1:d1:8b:9a:ae:a3:65:70:d6:d0:7d:aa:64:
                    09:49:07:d8:c3:a2:de:c4:bb:be:5e:59:76:d0:65:
                    fb:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:58:AB:92:23:51:1C:57:9D:21:3E:0A:BF:7F:6A:59:02:A2:0A:43
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/S1irkiNRHFedIT4Kv39qWQKiCkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.48.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         70:63:aa:27:62:d4:44:da:e4:4a:99:34:05:2f:db:52:0e:4e:
         1a:03:0d:56:8a:df:73:2c:d9:a5:61:bc:39:8e:1d:fa:7f:77:
         15:2e:99:9d:c4:ca:a2:d7:6b:93:f0:c2:34:89:91:ac:2a:1a:
         e2:4f:a4:ec:1b:7b:8d:e5:9a:71:a3:94:81:88:fb:45:c9:ab:
         8c:8a:4e:8d:74:99:9f:ac:ae:3c:0e:7a:41:d6:c5:25:59:70:
         81:92:db:82:44:c3:80:7f:53:49:21:27:6f:13:22:01:c9:a3:
         7e:30:01:b6:99:89:f1:ee:d3:67:53:95:4c:f4:37:16:48:f4:
         12:8f:9c:34:98:26:10:35:95:0f:dc:29:6d:45:b8:98:1b:c3:
         73:31:0b:cb:08:84:ba:6c:b0:d2:40:af:64:3c:41:c1:07:cd:
         53:57:7f:47:a1:f5:d9:7a:40:ab:93:9e:93:e7:b3:05:29:63:
         96:ec:17:dc:e3:81:64:b9:13:94:2c:59:d5:02:54:cf:13:6b:
         cc:cc:0c:6e:d2:c6:c6:a2:9f:9a:42:19:3b:7b:79:d2:38:22:
         8e:72:8f:03:68:c6:9d:c9:3b:8e:45:72:0b:8f:b9:9f:05:30:
         15:2a:e5:17:cd:e5:51:cb:8f:a6:2c:ab:be:e7:7e:9f:d1:01:
         6b:21:f7:1f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGuK0MXDNQbTFyAE/kmieBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQwMTAxMjAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjU4YWI5MjIzNTExYzU3OWQyMTNlMGFiZjdmNmE1OTAyYTIwYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqCtmRtqY0HfT+AAfihM2NFWNx9S
Ef0xFYUfVWhiypC4aCRKgRz40+U/HbAbXMldvY4OdBtTmYA0jPHZslBjNooYkppE
cDthEilPjN3ioNwwOFH/1dxu5cz1SqlJ1JZFSOHaY6LlxSRADWi4IFfmtq8UtRvk
XFgiYHfyXj1dVoaeXHzyPpblJBdcxtFuJbuP3yMvngoA3MeNfv+0QTBoa2Jgpx/m
/+NS+16Yb+rlx9I1Ximkylnz0iYChlg6wLXCQqJb9JfU8c7630dk+ANuP4dUvD7I
3ndcdRJ40ouu9BHA6NHRi5quo2Vw1tB9qmQJSQfYw6LexLu+Xll20GX74QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEtYq5IjURxXnSE+Cr9/alkCogpDMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvUzFpcmtpTlJIRmVkSVQ0S3YzOXFXUUtpQ2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAWTAwDQYJ
KoZIhvcNAQELBQADggEBAHBjqidi1ETa5EqZNAUv21IOThoDDVaK33Ms2aVhvDmO
Hfp/dxUumZ3EyqLXa5PwwjSJkawqGuJPpOwbe43lmnGjlIGI+0XJq4yKTo10mZ+s
rjwOekHWxSVZcIGS24JEw4B/U0khJ28TIgHJo34wAbaZifHu02dTlUz0NxZI9BKP
nDSYJhA1lQ/cKW1FuJgbw3MxC8sIhLpssNJAr2Q8QcEHzVNXf0eh9dl6QKuTnpPn
swUpY5bsF9zjgWS5E5QsWdUCVM8Ta8zMDG7Sxsain5pCGTt7edI4Io5yjwNoxp3J
O45FcguPuZ8FMBUq5RfN5VHLj6Ysq77nfp/RAWsh9x8=
-----END CERTIFICATE-----