Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/iYs5uTUmGxi2un036ttxGEpRDPA.roa
File:                     iYs5uTUmGxi2un036ttxGEpRDPA.roa (raw, json)
Hash identifier:          p8dPsLeETss5uMZzHnYc3dmyhVhIz76h9SGQfdIl06k=
Subject key identifier:   89:8B:39:B9:35:26:1B:18:B6:BA:7D:37:EA:DB:71:18:4A:51:0C:F0
Certificate issuer:       /CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
Certificate serial:       018CC4930293399E02897931D3154856210E
Authority key identifier: 15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/iYs5uTUmGxi2un036ttxGEpRDPA.roa
Signing time:             Mon 01 Jan 2024 10:30:17 +0000
ROA not before:           Mon 01 Jan 2024 10:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57817
IP address blocks:        89.184.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 10:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:02:93:39:9e:02:89:79:31:d3:15:48:56:21:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
        Validity
            Not Before: Jan  1 10:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=898b39b935261b18b6ba7d37eadb71184a510cf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:86:39:b5:30:fd:54:c7:5f:e3:e1:f1:24:fe:
                    35:71:21:00:a6:67:e2:29:2d:e7:f8:49:c8:6f:d2:
                    bb:ef:f1:70:1c:cc:b4:c6:56:70:eb:43:92:73:f6:
                    44:a8:a1:fa:11:26:77:e8:d1:d9:14:f4:57:25:f2:
                    54:bc:67:ca:4c:48:6f:8b:40:3a:8f:4c:a4:b4:ce:
                    87:56:a6:c8:02:12:a5:e0:d9:42:2f:62:68:d5:ef:
                    8a:f0:e5:80:88:3e:ef:54:23:60:a2:7c:17:56:f2:
                    f4:6b:de:60:7e:cf:3a:50:a2:c7:5f:9d:04:b8:3f:
                    c3:14:71:b3:6c:be:06:98:38:cd:3b:52:f5:5d:3e:
                    41:76:0a:cd:59:65:0a:9e:2c:f4:42:09:50:28:83:
                    e5:a2:4a:e1:32:03:6b:c0:56:e5:07:3f:2c:2f:b4:
                    2d:d4:f3:f2:12:b0:3f:64:c4:e3:09:d3:1c:82:f1:
                    1c:ac:b5:42:43:0c:e5:56:af:90:6a:9f:4b:98:fb:
                    f3:92:b4:63:28:7a:92:c5:28:e2:c3:96:d9:4e:5d:
                    cb:db:13:5a:21:30:12:0f:87:6e:e2:04:3a:a4:26:
                    d4:fc:50:5c:9d:cc:2e:84:a9:2b:81:b2:f5:5a:77:
                    05:28:74:8e:7c:98:2e:0d:0d:f0:6b:ef:69:4f:2c:
                    84:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8B:39:B9:35:26:1B:18:B6:BA:7D:37:EA:DB:71:18:4A:51:0C:F0
            X509v3 Authority Key Identifier:
                keyid:15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/iYs5uTUmGxi2un036ttxGEpRDPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.184.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:72:3b:50:32:81:83:33:4e:4a:83:5f:78:3b:5e:d9:0c:03:
         8b:75:c6:81:fe:11:d7:96:c0:a3:e1:81:73:f0:7c:f0:21:66:
         45:2e:17:c4:67:10:ad:50:a3:cf:13:90:18:0f:08:ba:a8:3b:
         c8:fc:75:c1:3d:a3:36:2a:cd:5f:20:a8:b5:92:cf:0d:52:c7:
         5f:d8:b8:7b:f7:49:2f:73:d9:29:cb:4d:b4:1b:ba:93:50:bc:
         97:ba:bd:9a:68:20:d9:1d:1c:f7:c4:7a:99:ea:84:32:35:8e:
         a5:9b:21:80:d9:33:d5:dd:88:45:b5:a2:77:74:59:46:c4:f3:
         a4:46:76:cb:cf:ad:68:0d:ff:f9:5d:82:76:cd:d5:65:bc:43:
         5a:9c:36:b2:f3:7a:47:f3:af:71:29:be:02:bf:54:76:41:48:
         be:59:0c:33:f9:f8:fb:b3:a5:63:22:3e:55:75:72:7c:9d:fa:
         13:b1:ea:91:d5:ef:ae:ec:a3:23:bb:2e:51:29:ef:43:e7:3d:
         f7:c9:d1:8c:98:4e:fe:ae:95:53:1a:bc:58:86:43:54:54:94:
         3e:36:d1:c0:bc:b6:27:25:f8:b7:d5:5c:63:9e:f1:b2:b7:88:
         23:14:90:08:9e:47:5f:03:ff:3a:d6:6e:ab:6d:65:81:9b:50:
         1c:fc:7f:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwKTOZ4CiXkx0xVIViEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDFjODQ1ZjEzZGQ0YWQ2ZTlkYWU0NzBkNWZmNjljNWNj
YTM3NzEwHhcNMjQwMTAxMTAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThiMzliOTM1MjYxYjE4YjZiYTdkMzdlYWRiNzExODRhNTEwY2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIY5tTD9VMdf4+HxJP41cSEApmfi
KS3n+EnIb9K77/FwHMy0xlZw60OSc/ZEqKH6ESZ36NHZFPRXJfJUvGfKTEhvi0A6
j0yktM6HVqbIAhKl4NlCL2Jo1e+K8OWAiD7vVCNgonwXVvL0a95gfs86UKLHX50E
uD/DFHGzbL4GmDjNO1L1XT5BdgrNWWUKniz0QglQKIPlokrhMgNrwFblBz8sL7Qt
1PPyErA/ZMTjCdMcgvEcrLVCQwzlVq+Qap9LmPvzkrRjKHqSxSjiw5bZTl3L2xNa
ITASD4du4gQ6pCbU/FBcncwuhKkrgbL1WncFKHSOfJguDQ3wa+9pTyyEvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImLObk1JhsYtrp9N+rbcRhKUQzwMB8GA1UdIwQY
MBaAFBUByEXxPdStbp2uRw1f9pxcyjdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEt
ZWQ3OTE1NDM2YjI3LzEvaVlzNXVUVW1HeGkydW4wMzZ0dHhHRXBSRFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEtZWQ3OTE1NDM2YjI3
LzEvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbhrMA0G
CSqGSIb3DQEBCwUAA4IBAQAAcjtQMoGDM05Kg194O17ZDAOLdcaB/hHXlsCj4YFz
8HzwIWZFLhfEZxCtUKPPE5AYDwi6qDvI/HXBPaM2Ks1fIKi1ks8NUsdf2Lh790kv
c9kpy020G7qTULyXur2aaCDZHRz3xHqZ6oQyNY6lmyGA2TPV3YhFtaJ3dFlGxPOk
RnbLz61oDf/5XYJ2zdVlvENanDay83pH869xKb4Cv1R2QUi+WQwz+fj7s6VjIj5V
dXJ8nfoTseqR1e+u7KMjuy5RKe9D5z33ydGMmE7+rpVTGrxYhkNUVJQ+NtHAvLYn
Jfi31VxjnvGyt4gjFJAInkdfA/861m6rbWWBm1Ac/H/w
-----END CERTIFICATE-----