Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/koxE91jDUcH11HZ4rUTPe6WGQTo.roa
File:                     koxE91jDUcH11HZ4rUTPe6WGQTo.roa (raw, json)
Hash identifier:          k+HvecOxbIMr1GsaAz2iC57/oVdKrwOFd+2hsRiTGwk=
Subject key identifier:   92:8C:44:F7:58:C3:51:C1:F5:D4:76:78:AD:44:CF:7B:A5:86:41:3A
Certificate issuer:       /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial:       018CCEC9DF7D3B51809B74D5558C6A15B8DA
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/koxE91jDUcH11HZ4rUTPe6WGQTo.roa
Signing time:             Wed 03 Jan 2024 10:06:25 +0000
ROA not before:           Wed 03 Jan 2024 10:06:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212642
IP address blocks:        89.221.111.0/24 maxlen: 24
                          2a00:1e1f:ff00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:c9:df:7d:3b:51:80:9b:74:d5:55:8c:6a:15:b8:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
        Validity
            Not Before: Jan  3 10:06:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=928c44f758c351c1f5d47678ad44cf7ba586413a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:32:2b:81:32:6a:a9:94:53:f7:ea:44:c8:4c:
                    0d:62:ec:a5:39:fb:0b:36:62:f2:a2:13:64:49:6b:
                    bf:0c:d7:de:64:f5:1c:c0:61:cf:5c:b6:38:00:04:
                    9b:3a:b3:b7:74:18:19:69:ec:ee:ef:c8:f1:1d:7a:
                    aa:1d:84:65:d3:b4:13:4a:a2:32:e0:0c:3e:d1:dc:
                    0a:eb:6c:20:05:dc:1c:27:84:a0:28:e9:e8:ea:b6:
                    33:36:4b:da:3b:06:79:e2:2f:7e:42:19:34:81:29:
                    02:8e:55:41:bc:f9:e8:72:ac:0b:35:1e:30:0b:da:
                    6d:23:59:6f:0c:77:d9:91:13:ea:3c:c9:43:34:fa:
                    49:b6:4a:a4:35:c1:2d:98:b6:2c:5c:d2:87:de:df:
                    12:d4:05:56:9d:0e:23:58:d6:cc:9d:64:0b:9d:27:
                    19:40:82:74:fd:d7:4d:1a:8e:9e:f1:87:d4:0a:b9:
                    ef:43:9e:7a:c1:32:3a:9d:84:d0:fc:c7:9c:e9:71:
                    08:23:0e:bd:e2:e6:1c:08:c9:5f:f3:63:96:42:d6:
                    37:6b:47:21:fa:a0:b0:a4:25:91:d1:28:8c:c9:a2:
                    ba:5e:fb:bb:52:bd:27:9c:06:29:74:63:bc:a2:88:
                    2c:97:0f:83:db:62:f7:06:9c:56:74:c6:98:aa:f8:
                    08:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8C:44:F7:58:C3:51:C1:F5:D4:76:78:AD:44:CF:7B:A5:86:41:3A
            X509v3 Authority Key Identifier:
                keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/koxE91jDUcH11HZ4rUTPe6WGQTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.221.111.0/24
                IPv6:
                  2a00:1e1f:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         56:08:e8:02:d7:0f:eb:0b:83:23:da:bd:e9:b8:44:c2:ea:98:
         2b:78:7a:b2:0e:7e:8a:59:33:c2:3c:b6:3a:48:45:07:c9:10:
         eb:f5:ab:67:66:69:6d:35:13:d1:d0:8f:3a:34:fa:9f:7f:d6:
         de:90:04:1e:25:53:74:8b:15:04:ff:5e:5c:58:e8:21:d6:59:
         d1:60:59:4e:30:4f:48:5e:23:45:2c:06:b8:e5:47:2b:51:2f:
         ed:b7:4d:94:5f:8f:1f:87:8f:41:4c:86:7c:21:92:fe:0c:8c:
         9f:14:e9:24:c5:1a:ed:bd:a8:34:6a:ca:2d:22:5d:85:4f:f8:
         85:48:1a:e9:5d:ba:30:c0:af:63:46:ba:83:bf:69:51:02:a5:
         ae:0a:98:d4:90:92:05:bf:99:0c:c7:85:c2:6a:9c:b7:0a:d2:
         f2:72:e9:31:8b:bb:5c:cb:27:2c:9a:a6:19:74:86:4b:8b:e1:
         f0:e6:b2:fb:cf:58:12:ad:e2:4a:aa:d1:1f:4c:17:cd:4d:46:
         f8:8e:6c:b9:b4:25:82:56:ab:e0:77:f8:0a:51:87:7a:c2:54:
         01:3c:5d:86:31:68:6d:bb:d9:98:f8:9b:a4:ff:2a:81:61:c5:
         d5:3f:af:71:7b:d5:73:37:62:91:d8:30:75:76:79:32:87:b0:
         bc:ab:bb:b5
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzOyd99O1GAm3TVVYxqFbjaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjQwMTAzMTAwNjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjhjNDRmNzU4YzM1MWMxZjVkNDc2NzhhZDQ0Y2Y3YmE1ODY0MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszIrgTJqqZRT9+pEyEwNYuylOfsL
NmLyohNkSWu/DNfeZPUcwGHPXLY4AASbOrO3dBgZaezu78jxHXqqHYRl07QTSqIy
4Aw+0dwK62wgBdwcJ4SgKOno6rYzNkvaOwZ54i9+Qhk0gSkCjlVBvPnocqwLNR4w
C9ptI1lvDHfZkRPqPMlDNPpJtkqkNcEtmLYsXNKH3t8S1AVWnQ4jWNbMnWQLnScZ
QIJ0/ddNGo6e8YfUCrnvQ556wTI6nYTQ/Mec6XEIIw694uYcCMlf82OWQtY3a0ch
+qCwpCWR0SiMyaK6Xvu7Ur0nnAYpdGO8oogslw+D22L3BpxWdMaYqvgIHQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFJKMRPdYw1HB9dR2eK1Ez3ulhkE6MB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEva294RTkxakRVY0gxMUhaNHJVVFBlNldHUVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAWd1vMA4E
AgACMAgDBgAqAB4f/zANBgkqhkiG9w0BAQsFAAOCAQEAVgjoAtcP6wuDI9q96bhE
wuqYK3h6sg5+ilkzwjy2OkhFB8kQ6/WrZ2ZpbTUT0dCPOjT6n3/W3pAEHiVTdIsV
BP9eXFjoIdZZ0WBZTjBPSF4jRSwGuOVHK1Ev7bdNlF+PH4ePQUyGfCGS/gyMnxTp
JMUa7b2oNGrKLSJdhU/4hUga6V26MMCvY0a6g79pUQKlrgqY1JCSBb+ZDMeFwmqc
twrS8nLpMYu7XMsnLJqmGXSGS4vh8Oay+89YEq3iSqrRH0wXzU1G+I5subQlglar
4Hf4ClGHesJUATxdhjFobbvZmPibpP8qgWHF1T+vcXvVczdikdgwdXZ5MoewvKu7
tQ==
-----END CERTIFICATE-----