Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/PmHHooxBw1NYljT-koSa_wKYbc0.roa
File:                     PmHHooxBw1NYljT-koSa_wKYbc0.roa (raw, json)
Hash identifier:          XZGEI2Wk3sjnfq2glsWPCr0KxBsMzo20gZV+BOUbVPQ=
Subject key identifier:   3E:61:C7:A2:8C:41:C3:53:58:96:34:FE:92:84:9A:FF:02:98:6D:CD
Certificate issuer:       /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial:       018E8969543EA090BCC472A513F08847451A
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/PmHHooxBw1NYljT-koSa_wKYbc0.roa
Signing time:             Fri 29 Mar 2024 08:52:45 +0000
ROA not before:           Fri 29 Mar 2024 08:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210656
IP address blocks:        89.223.20.0/24 maxlen: 24
                          2a0d:d6c7:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:89:69:54:3e:a0:90:bc:c4:72:a5:13:f0:88:47:45:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
        Validity
            Not Before: Mar 29 08:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e61c7a28c41c353589634fe92849aff02986dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:92:48:35:26:ac:bc:38:42:8e:f5:1e:66:96:
                    48:53:7d:af:2f:48:19:74:2e:d4:cb:54:99:28:5f:
                    9a:e0:9e:8d:b6:75:a9:38:77:5e:a5:b5:69:db:19:
                    19:3b:e1:cc:79:a9:d4:f4:5d:a8:4c:2c:84:ea:b8:
                    90:4f:e2:02:d4:89:ae:9d:73:35:c4:98:89:fb:0b:
                    26:f6:b8:30:54:d7:17:8f:63:b1:74:a4:4f:49:cd:
                    82:67:63:e1:3d:db:a0:3e:70:d7:27:d7:68:a2:47:
                    f9:da:93:66:f8:1a:db:2f:aa:61:66:d3:63:49:96:
                    5e:2e:19:50:60:08:df:c0:24:80:0c:bb:9d:9b:09:
                    3f:75:f1:38:d2:dc:8b:b1:66:5a:5f:55:8c:81:29:
                    05:d8:31:c4:7f:a4:27:32:95:61:33:76:20:94:f2:
                    c6:c9:8e:d3:6b:49:84:a9:19:97:d9:61:2b:81:5a:
                    fa:65:11:74:8f:f8:40:1b:34:2d:e4:23:de:12:bb:
                    9a:c4:b0:1d:cb:82:ec:8b:26:cb:92:13:6c:58:16:
                    5f:17:34:89:a5:34:68:d0:96:91:80:fb:bc:18:32:
                    eb:7f:be:5b:35:a7:c1:ba:6b:12:1d:49:7c:41:05:
                    86:17:ab:2d:b4:15:43:fe:eb:63:1b:2f:a5:46:da:
                    66:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:61:C7:A2:8C:41:C3:53:58:96:34:FE:92:84:9A:FF:02:98:6D:CD
            X509v3 Authority Key Identifier:
                keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/PmHHooxBw1NYljT-koSa_wKYbc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.20.0/24
                IPv6:
                  2a0d:d6c7:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:ae:13:89:0a:90:60:07:c1:ea:6d:3f:0e:72:1d:bc:96:c9:
         99:6b:98:7a:8b:e4:eb:51:a5:11:50:84:f7:99:cf:ab:ad:47:
         46:c9:b8:56:c1:76:56:34:15:7f:be:82:ff:7b:e2:6f:a9:1f:
         3d:b1:81:cf:21:15:b7:24:e9:29:49:c7:4c:26:f3:74:c5:ae:
         de:d7:1a:ea:cc:ce:dc:4e:c3:6c:84:3b:11:a8:bd:ee:28:89:
         1a:59:4f:95:16:8f:f9:d6:27:3c:99:36:54:50:08:7e:e1:e5:
         cc:c4:35:68:4a:db:22:24:78:00:71:34:3f:27:7c:6f:53:3f:
         5d:e4:f5:f4:e4:6c:11:da:a3:e7:69:87:40:9b:2c:82:05:95:
         9e:f5:b6:da:2d:ad:a8:26:4c:b4:16:88:45:e2:64:f0:c3:2a:
         fe:99:62:72:52:4c:a1:06:84:a9:3d:f7:fa:e7:cc:3c:27:80:
         e3:aa:16:a2:20:38:98:87:52:04:12:37:15:53:98:91:80:0e:
         8c:f2:d7:bb:ce:16:f8:70:c8:9a:b9:bb:8f:00:4b:ae:03:88:
         83:8d:17:01:96:99:30:f3:30:07:fb:77:b0:ca:ea:ca:40:cd:
         2a:17:08:ec:ce:4b:7e:2b:bd:c5:11:79:5d:89:a3:c2:a2:3a:
         fc:01:9a:34
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY6JaVQ+oJC8xHKlE/CIR0UaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjQwMzI5MDg1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTYxYzdhMjhjNDFjMzUzNTg5NjM0ZmU5Mjg0OWFmZjAyOTg2ZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpJINSasvDhCjvUeZpZIU32vL0gZ
dC7Uy1SZKF+a4J6NtnWpOHdepbVp2xkZO+HMeanU9F2oTCyE6riQT+IC1ImunXM1
xJiJ+wsm9rgwVNcXj2OxdKRPSc2CZ2PhPdugPnDXJ9dookf52pNm+BrbL6phZtNj
SZZeLhlQYAjfwCSADLudmwk/dfE40tyLsWZaX1WMgSkF2DHEf6QnMpVhM3YglPLG
yY7Ta0mEqRmX2WErgVr6ZRF0j/hAGzQt5CPeEruaxLAdy4LsiybLkhNsWBZfFzSJ
pTRo0JaRgPu8GDLrf75bNafBumsSHUl8QQWGF6sttBVD/utjGy+lRtpmlQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD5hx6KMQcNTWJY0/pKEmv8CmG3NMB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvUG1ISG9veEJ3MU5ZbGpULWtvU2Ffd0tZYmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWd8UMA8E
AgACMAkDBwAqDdbHAAMwDQYJKoZIhvcNAQELBQADggEBAEOuE4kKkGAHweptPw5y
HbyWyZlrmHqL5OtRpRFQhPeZz6utR0bJuFbBdlY0FX++gv974m+pHz2xgc8hFbck
6SlJx0wm83TFrt7XGurMztxOw2yEOxGove4oiRpZT5UWj/nWJzyZNlRQCH7h5czE
NWhK2yIkeABxND8nfG9TP13k9fTkbBHao+dph0CbLIIFlZ71ttotragmTLQWiEXi
ZPDDKv6ZYnJSTKEGhKk99/rnzDwngOOqFqIgOJiHUgQSNxVTmJGADozy17vOFvhw
yJq5u48AS64DiIONFwGWmTDzMAf7d7DK6spAzSoXCOzOS34rvcUReV2Jo8KiOvwB
mjQ=
-----END CERTIFICATE-----