Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/b9df5a-a454-4e27-86af-13d380715cef/1/STMXT52gMP4kQxKPJMv8jHWGtYs.roa
File:                     STMXT52gMP4kQxKPJMv8jHWGtYs.roa (raw, json)
Hash identifier:          HSqo4fdcxZoE9PaNyladvSOCUZKeRhMYLVJDeTp0uik=
Subject key identifier:   49:33:17:4F:9D:A0:30:FE:24:43:12:8F:24:CB:FC:8C:75:86:B5:8B
Certificate issuer:       /CN=e204e1c20114d7731694ddc4f277c4df1bffc4f8
Certificate serial:       018CC6B782761C02FC52A9797D2C4DFB8F5D
Authority key identifier: E2:04:E1:C2:01:14:D7:73:16:94:DD:C4:F2:77:C4:DF:1B:FF:C4:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4gThwgEU13MWlN3E8nfE3xv_xPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/b9df5a-a454-4e27-86af-13d380715cef/1/STMXT52gMP4kQxKPJMv8jHWGtYs.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39532
IP address blocks:        89.104.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/b9df5a-a454-4e27-86af-13d380715cef/1/4gThwgEU13MWlN3E8nfE3xv_xPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/b9df5a-a454-4e27-86af-13d380715cef/1/4gThwgEU13MWlN3E8nfE3xv_xPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4gThwgEU13MWlN3E8nfE3xv_xPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:82:76:1c:02:fc:52:a9:79:7d:2c:4d:fb:8f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e204e1c20114d7731694ddc4f277c4df1bffc4f8
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4933174f9da030fe2443128f24cbfc8c7586b58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:85:1e:f3:a5:8b:c1:01:5d:32:6a:4a:fa:1c:
                    cb:a2:09:66:f7:f8:d3:03:36:b5:d4:f3:d4:54:c5:
                    b6:7f:49:51:d0:ac:98:a2:64:2e:03:67:ee:4f:96:
                    70:18:60:eb:29:90:13:ca:db:65:5f:12:55:0c:e3:
                    81:0c:95:9b:d4:f0:76:f3:bd:85:19:9e:dd:5e:30:
                    fd:45:1c:5d:c8:bc:f9:02:03:f2:f4:3a:9d:03:23:
                    2c:57:7c:9b:ba:e8:55:cb:e3:be:68:45:e6:78:58:
                    a0:0f:d9:66:a9:7c:93:92:90:56:73:1e:0d:45:0a:
                    41:35:88:e3:7a:5d:2d:e9:1c:89:67:aa:78:6a:29:
                    8d:87:eb:6a:37:95:0d:b5:ec:10:31:d1:8d:cc:d0:
                    68:ef:bc:9c:a1:dd:db:21:d4:bf:df:d3:41:74:72:
                    fe:02:1f:d2:88:a7:40:69:9e:96:4f:04:89:be:ac:
                    81:99:88:fe:67:54:9e:b7:a0:d5:0c:c4:b9:db:2f:
                    57:24:d3:c7:f9:db:20:45:fd:34:16:4d:cf:d7:2c:
                    3b:e6:ec:b9:57:fb:1f:77:23:ba:01:59:b7:09:5f:
                    8a:92:8e:eb:65:1d:ee:2a:f7:38:db:e0:e9:a2:ce:
                    4f:ae:94:9b:20:11:f5:35:eb:74:f8:00:e8:d4:14:
                    9b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:33:17:4F:9D:A0:30:FE:24:43:12:8F:24:CB:FC:8C:75:86:B5:8B
            X509v3 Authority Key Identifier:
                keyid:E2:04:E1:C2:01:14:D7:73:16:94:DD:C4:F2:77:C4:DF:1B:FF:C4:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4gThwgEU13MWlN3E8nfE3xv_xPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/b9df5a-a454-4e27-86af-13d380715cef/1/STMXT52gMP4kQxKPJMv8jHWGtYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/b9df5a-a454-4e27-86af-13d380715cef/1/4gThwgEU13MWlN3E8nfE3xv_xPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.104.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5b:a4:1c:1a:15:83:36:b2:ce:2e:1b:54:24:be:c0:20:5c:0f:
         ad:76:a5:8d:f6:d8:9b:46:23:cd:42:7b:89:07:f1:96:9e:5e:
         a6:b3:68:e1:89:99:3a:dd:11:d4:db:46:4d:e6:82:b7:d2:c9:
         1c:92:5b:89:f9:b1:7b:c0:63:a5:34:eb:14:4e:dc:2e:59:dc:
         d6:3f:73:d4:82:0e:aa:88:87:4e:13:cb:70:46:23:ca:9f:cc:
         9b:ed:b0:fe:86:cd:95:d2:7a:f7:cc:c2:9d:57:29:7f:96:1d:
         44:92:41:0c:fb:57:da:96:4d:65:20:7a:f2:f6:a3:52:b6:2d:
         7a:1d:a1:7b:77:3b:1b:ba:32:29:d4:00:c2:17:25:81:9c:7e:
         32:95:ab:88:e0:90:f4:b8:f4:ee:d6:39:bc:10:c0:f3:33:90:
         8f:0e:a9:d1:86:5b:12:81:f7:cc:a3:3d:6e:05:d7:03:19:fe:
         d5:d3:87:a1:e4:6e:ec:2b:23:6c:6b:d4:f4:b4:17:28:58:1a:
         13:ee:21:fe:77:d7:56:e7:80:97:da:3f:20:71:a6:ec:b3:78:
         70:77:f1:57:4e:be:a8:e8:77:af:9b:41:8a:28:be:ac:5a:fd:
         0a:aa:19:53:4e:96:8e:7a:01:5e:8f:ce:c8:35:58:00:e5:26:
         15:a7:9e:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4J2HAL8Uql5fSxN+49dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMDRlMWMyMDExNGQ3NzMxNjk0ZGRjNGYyNzdjNGRmMWJm
ZmM0ZjgwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTMzMTc0ZjlkYTAzMGZlMjQ0MzEyOGYyNGNiZmM4Yzc1ODZiNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIUe86WLwQFdMmpK+hzLoglm9/jT
Aza11PPUVMW2f0lR0KyYomQuA2fuT5ZwGGDrKZATyttlXxJVDOOBDJWb1PB2872F
GZ7dXjD9RRxdyLz5AgPy9DqdAyMsV3ybuuhVy+O+aEXmeFigD9lmqXyTkpBWcx4N
RQpBNYjjel0t6RyJZ6p4aimNh+tqN5UNtewQMdGNzNBo77ycod3bIdS/39NBdHL+
Ah/SiKdAaZ6WTwSJvqyBmYj+Z1Set6DVDMS52y9XJNPH+dsgRf00Fk3P1yw75uy5
V/sfdyO6AVm3CV+Kko7rZR3uKvc42+Dpos5PrpSbIBH1Net0+ADo1BSbTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkzF0+doDD+JEMSjyTL/Ix1hrWLMB8GA1UdIwQY
MBaAFOIE4cIBFNdzFpTdxPJ3xN8b/8T4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGdUaHdnRVUxM01XbE4zRThuZkUzeHZfeFBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9iOWRmNWEtYTQ1NC00ZTI3LTg2YWYt
MTNkMzgwNzE1Y2VmLzEvU1RNWFQ1MmdNUDRrUXhLUEpNdjhqSFdHdFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9iOWRmNWEtYTQ1NC00ZTI3LTg2YWYtMTNkMzgwNzE1Y2Vm
LzEvNGdUaHdnRVUxM01XbE4zRThuZkUzeHZfeFBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFWWiAMA0G
CSqGSIb3DQEBCwUAA4IBAQBbpBwaFYM2ss4uG1QkvsAgXA+tdqWN9tibRiPNQnuJ
B/GWnl6ms2jhiZk63RHU20ZN5oK30skckluJ+bF7wGOlNOsUTtwuWdzWP3PUgg6q
iIdOE8twRiPKn8yb7bD+hs2V0nr3zMKdVyl/lh1EkkEM+1falk1lIHry9qNSti16
HaF7dzsbujIp1ADCFyWBnH4ylauI4JD0uPTu1jm8EMDzM5CPDqnRhlsSgffMoz1u
BdcDGf7V04eh5G7sKyNsa9T0tBcoWBoT7iH+d9dW54CX2j8gcabss3hwd/FXTr6o
6Hevm0GKKL6sWv0KqhlTTpaOegFej87INVgA5SYVp57s
-----END CERTIFICATE-----