Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/127430-d4e8-4da3-bea2-4ef19ccc57d0/1/iTH942jBeQnUPk14jIXB4Q2-a4U.roa
File:                     iTH942jBeQnUPk14jIXB4Q2-a4U.roa (raw, json)
Hash identifier:          LUlaNo6VZaK6aejBemn+dJmxqjhPutDrGa6XF6Hsjus=
Subject key identifier:   89:31:FD:E3:68:C1:79:09:D4:3E:4D:78:8C:85:C1:E1:0D:BE:6B:85
Certificate issuer:       /CN=618cc46d71e7848978488961d7b51aba1541f3c4
Certificate serial:       018F7B35AA9BA6EEEC515E585E61E63FF8E1
Authority key identifier: 61:8C:C4:6D:71:E7:84:89:78:48:89:61:D7:B5:1A:BA:15:41:F3:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYzEbXHnhIl4SIlh17UauhVB88Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/127430-d4e8-4da3-bea2-4ef19ccc57d0/1/iTH942jBeQnUPk14jIXB4Q2-a4U.roa
Signing time:             Wed 15 May 2024 07:44:25 +0000
ROA not before:           Wed 15 May 2024 07:44:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        89.184.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/127430-d4e8-4da3-bea2-4ef19ccc57d0/1/YYzEbXHnhIl4SIlh17UauhVB88Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/127430-d4e8-4da3-bea2-4ef19ccc57d0/1/YYzEbXHnhIl4SIlh17UauhVB88Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYzEbXHnhIl4SIlh17UauhVB88Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7b:35:aa:9b:a6:ee:ec:51:5e:58:5e:61:e6:3f:f8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618cc46d71e7848978488961d7b51aba1541f3c4
        Validity
            Not Before: May 15 07:44:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8931fde368c17909d43e4d788c85c1e10dbe6b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:56:ee:3a:43:cd:c3:e2:37:18:54:a4:55:2b:
                    c2:93:c3:f2:bb:56:41:c5:27:b5:2c:fa:93:fd:0d:
                    70:32:3e:8b:ce:b3:17:44:1b:33:35:2a:66:e4:7e:
                    ed:7c:a0:f8:63:3b:de:f4:6b:73:47:51:73:60:59:
                    9b:f5:92:24:b1:6d:ff:46:a3:1c:21:28:6a:7f:7a:
                    78:95:03:0f:c8:e9:9f:f0:42:84:3a:db:83:c3:f3:
                    e0:c1:d0:eb:be:b1:01:be:59:68:06:72:e8:9e:b9:
                    0f:05:40:a1:06:eb:02:14:ae:47:3b:a9:9b:7e:b2:
                    36:a9:fc:1d:e4:64:33:95:d4:74:eb:b3:23:66:eb:
                    99:10:67:91:21:ab:70:fd:ce:82:3a:53:75:06:59:
                    1e:20:b0:b5:e4:cc:91:41:00:66:0a:41:1b:ad:ce:
                    11:e0:07:63:a3:96:10:10:14:77:7d:b7:99:f7:62:
                    db:e2:97:26:e1:ef:1e:24:f0:a2:c0:8e:d4:11:9e:
                    85:e5:05:c7:83:24:d6:ea:bb:5e:85:7e:20:c7:6f:
                    9d:12:ec:a2:99:4b:6d:14:e5:0f:05:0f:36:e9:8f:
                    81:46:ea:cf:ea:91:2c:07:42:7c:1b:40:32:07:7e:
                    86:38:f1:a3:d2:bf:6b:f0:a4:03:48:b0:c3:7a:d7:
                    53:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:31:FD:E3:68:C1:79:09:D4:3E:4D:78:8C:85:C1:E1:0D:BE:6B:85
            X509v3 Authority Key Identifier:
                keyid:61:8C:C4:6D:71:E7:84:89:78:48:89:61:D7:B5:1A:BA:15:41:F3:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYzEbXHnhIl4SIlh17UauhVB88Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/127430-d4e8-4da3-bea2-4ef19ccc57d0/1/iTH942jBeQnUPk14jIXB4Q2-a4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/127430-d4e8-4da3-bea2-4ef19ccc57d0/1/YYzEbXHnhIl4SIlh17UauhVB88Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.184.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:70:db:4f:c1:8c:88:b5:03:a5:e5:b8:e1:74:78:6a:5b:d5:
         d5:f1:d1:7b:29:bb:36:30:1a:9b:2d:ae:68:40:55:6c:e7:a9:
         8e:2f:b0:46:1b:f0:40:5b:17:c1:85:cb:cc:f0:98:53:5e:80:
         81:45:d8:16:3f:9e:52:65:9c:3b:50:a2:6c:b6:c4:f3:60:d8:
         9b:24:d9:ec:70:39:e6:0f:dc:88:30:c6:93:3f:d9:f4:1a:2e:
         db:34:5b:bc:ab:b3:f2:78:0e:f1:bf:c1:06:7f:c3:e6:5a:79:
         15:68:5e:45:79:63:0f:ce:98:c9:41:dc:62:01:1a:2f:e1:c0:
         44:40:a3:74:6b:b3:a0:5c:a6:e8:fb:19:e2:71:0f:fb:80:e7:
         9b:74:86:f2:79:96:a7:a9:6c:2a:f3:ea:5f:a9:b8:6c:fc:55:
         96:6a:16:8b:de:b6:ff:2c:c4:9e:14:56:46:c1:f9:f2:2a:79:
         93:fa:0b:cd:ea:44:52:07:35:6e:1a:d2:9f:c7:5f:b3:07:77:
         1b:69:7b:4d:8f:7f:ae:1b:d7:42:36:e2:f8:3d:ad:73:ec:ae:
         42:e7:10:6f:dd:80:81:d4:d7:ec:1b:47:97:0d:5e:7d:e7:86:
         9b:71:f7:78:bd:26:ec:47:7e:50:8c:2d:9a:09:9a:b8:90:86:
         af:2d:07:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY97Naqbpu7sUV5YXmHmP/jhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxOGNjNDZkNzFlNzg0ODk3ODQ4ODk2MWQ3YjUxYWJhMTU0
MWYzYzQwHhcNMjQwNTE1MDc0NDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTMxZmRlMzY4YzE3OTA5ZDQzZTRkNzg4Yzg1YzFlMTBkYmU2Yjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1buOkPNw+I3GFSkVSvCk8Pyu1ZB
xSe1LPqT/Q1wMj6LzrMXRBszNSpm5H7tfKD4Yzve9GtzR1FzYFmb9ZIksW3/RqMc
IShqf3p4lQMPyOmf8EKEOtuDw/PgwdDrvrEBvlloBnLonrkPBUChBusCFK5HO6mb
frI2qfwd5GQzldR067MjZuuZEGeRIatw/c6COlN1BlkeILC15MyRQQBmCkEbrc4R
4Adjo5YQEBR3fbeZ92Lb4pcm4e8eJPCiwI7UEZ6F5QXHgyTW6rtehX4gx2+dEuyi
mUttFOUPBQ826Y+BRurP6pEsB0J8G0AyB36GOPGj0r9r8KQDSLDDetdTvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkx/eNowXkJ1D5NeIyFweENvmuFMB8GA1UdIwQY
MBaAFGGMxG1x54SJeEiJYde1GroVQfPEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVl6RWJYSG5oSWw0U0lsaDE3VWF1aFZCODhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8xMjc0MzAtZDRlOC00ZGEzLWJlYTIt
NGVmMTljY2M1N2QwLzEvaVRIOTQyakJlUW5VUGsxNGpJWEI0UTItYTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8xMjc0MzAtZDRlOC00ZGEzLWJlYTItNGVmMTljY2M1N2Qw
LzEvWVl6RWJYSG5oSWw0U0lsaDE3VWF1aFZCODhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWbgQMA0G
CSqGSIb3DQEBCwUAA4IBAQBCcNtPwYyItQOl5bjhdHhqW9XV8dF7Kbs2MBqbLa5o
QFVs56mOL7BGG/BAWxfBhcvM8JhTXoCBRdgWP55SZZw7UKJstsTzYNibJNnscDnm
D9yIMMaTP9n0Gi7bNFu8q7PyeA7xv8EGf8PmWnkVaF5FeWMPzpjJQdxiARov4cBE
QKN0a7OgXKbo+xnicQ/7gOebdIbyeZanqWwq8+pfqbhs/FWWahaL3rb/LMSeFFZG
wfnyKnmT+gvN6kRSBzVuGtKfx1+zB3cbaXtNj3+uG9dCNuL4Pa1z7K5C5xBv3YCB
1NfsG0eXDV5954abcfd4vSbsR35QjC2aCZq4kIavLQcs
-----END CERTIFICATE-----