Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/3334f8-dace-497f-a5a3-814e80904be4/1/b0jGgN-ocxM6d_jFfyqUjK59E30.roa
File:                     b0jGgN-ocxM6d_jFfyqUjK59E30.roa (raw, json)
Hash identifier:          qTw0O9wG/YmxuIeAkBfoVSgme59wTcT1oak0wqog3eE=
Subject key identifier:   6F:48:C6:80:DF:A8:73:13:3A:77:F8:C5:7F:2A:94:8C:AE:7D:13:7D
Certificate issuer:       /CN=5bea2b884c7067f58fff040a1f06e0df1e80ab3e
Certificate serial:       018CC49306EB9007C3C40D65D4388821E369
Authority key identifier: 5B:EA:2B:88:4C:70:67:F5:8F:FF:04:0A:1F:06:E0:DF:1E:80:AB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-oriExwZ_WP_wQKHwbg3x6Aqz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/3334f8-dace-497f-a5a3-814e80904be4/1/b0jGgN-ocxM6d_jFfyqUjK59E30.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35725
IP address blocks:        89.123.192.0/20 maxlen: 20
                          109.101.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/3334f8-dace-497f-a5a3-814e80904be4/1/W-oriExwZ_WP_wQKHwbg3x6Aqz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/3334f8-dace-497f-a5a3-814e80904be4/1/W-oriExwZ_WP_wQKHwbg3x6Aqz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-oriExwZ_WP_wQKHwbg3x6Aqz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:06:eb:90:07:c3:c4:0d:65:d4:38:88:21:e3:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bea2b884c7067f58fff040a1f06e0df1e80ab3e
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f48c680dfa873133a77f8c57f2a948cae7d137d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:da:5a:fd:e1:d3:d9:cc:03:c7:75:d0:4d:a1:
                    52:a7:24:93:6c:e6:e6:e5:e2:36:af:ce:79:6f:ea:
                    c1:31:d0:c7:52:44:46:94:d9:b5:eb:78:b4:a6:5d:
                    3b:f1:9f:54:f8:a7:ec:f0:a0:68:99:a0:ed:7b:bc:
                    f0:2a:28:8f:bb:de:e1:02:82:38:56:7a:77:66:dd:
                    1f:e8:40:a4:b3:27:f0:ad:92:18:2d:81:dc:37:3e:
                    2d:b2:e5:48:ba:c1:0b:2e:aa:f1:62:f0:ed:19:b8:
                    95:cd:d4:9d:48:b9:04:04:cc:53:3a:51:98:cb:ed:
                    4d:b6:64:4f:a5:78:8d:be:00:f3:65:f7:68:c4:ab:
                    56:46:d8:6f:fc:65:11:e2:92:2e:29:d3:5b:38:6d:
                    bf:c1:52:e6:1a:3f:db:6d:d3:9b:9d:fe:ad:a4:fa:
                    c8:af:ab:3d:86:3f:ba:93:e7:7b:1b:0c:ed:9e:8a:
                    b3:aa:53:6a:97:ad:15:6f:4d:56:8d:f3:35:7f:5d:
                    73:a1:43:4f:6b:66:03:2f:01:59:9c:b3:44:79:7a:
                    84:44:41:84:9e:e5:bc:f4:42:f6:8f:e9:c2:f1:95:
                    7a:18:f5:0c:83:ce:08:9d:9e:5a:4a:d4:49:5d:f9:
                    02:b8:a7:9e:cc:f1:3b:4f:eb:5e:42:fc:a6:39:3a:
                    62:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:48:C6:80:DF:A8:73:13:3A:77:F8:C5:7F:2A:94:8C:AE:7D:13:7D
            X509v3 Authority Key Identifier:
                keyid:5B:EA:2B:88:4C:70:67:F5:8F:FF:04:0A:1F:06:E0:DF:1E:80:AB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-oriExwZ_WP_wQKHwbg3x6Aqz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/3334f8-dace-497f-a5a3-814e80904be4/1/b0jGgN-ocxM6d_jFfyqUjK59E30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/3334f8-dace-497f-a5a3-814e80904be4/1/W-oriExwZ_WP_wQKHwbg3x6Aqz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.123.192.0/20
                  109.101.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         51:b6:a2:5a:44:ab:da:13:08:d7:51:47:4d:ca:f0:66:c7:c4:
         53:c6:4a:b8:68:aa:78:3f:18:a8:63:5e:27:76:93:35:a7:08:
         a2:2b:e0:4b:96:f6:5b:13:19:74:97:63:72:eb:8a:58:0c:f5:
         b6:8f:65:30:0c:54:65:33:b0:88:fc:07:13:30:30:81:5c:0a:
         10:1d:21:12:21:e7:25:3b:66:8e:52:0b:7d:07:75:92:60:da:
         eb:36:b4:e8:c3:8f:1b:9e:5a:13:33:96:78:90:8a:48:a2:a3:
         25:d7:e7:61:93:ee:ef:93:4c:de:0c:2f:83:8f:29:55:4e:37:
         d2:02:1e:19:8b:75:1e:ff:01:ad:c6:ee:dc:51:0a:a6:07:00:
         01:21:dd:b1:87:e0:bb:b4:99:17:5e:9a:2c:c7:0e:51:57:dd:
         36:2b:4a:f1:88:b1:1f:77:e2:40:33:a2:fc:35:5d:d8:f2:63:
         34:44:4d:1c:17:c6:23:da:f6:5d:de:31:95:d5:c5:89:eb:cb:
         c1:a7:f0:c5:61:38:df:5d:aa:7e:e5:bc:ef:14:90:e0:2c:63:
         8d:9e:0f:e8:84:e2:10:23:91:71:1b:26:83:b7:d7:14:9f:d7:
         65:8e:81:d4:0c:b5:3d:fa:8f:4e:75:69:6b:cf:38:63:34:15:
         c9:c9:f5:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkwbrkAfDxA1l1DiIIeNpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWEyYjg4NGM3MDY3ZjU4ZmZmMDQwYTFmMDZlMGRmMWU4
MGFiM2UwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjQ4YzY4MGRmYTg3MzEzM2E3N2Y4YzU3ZjJhOTQ4Y2FlN2QxMzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtpa/eHT2cwDx3XQTaFSpySTbObm
5eI2r855b+rBMdDHUkRGlNm163i0pl078Z9U+Kfs8KBomaDte7zwKiiPu97hAoI4
Vnp3Zt0f6ECksyfwrZIYLYHcNz4tsuVIusELLqrxYvDtGbiVzdSdSLkEBMxTOlGY
y+1NtmRPpXiNvgDzZfdoxKtWRthv/GUR4pIuKdNbOG2/wVLmGj/bbdObnf6tpPrI
r6s9hj+6k+d7GwztnoqzqlNql60Vb01WjfM1f11zoUNPa2YDLwFZnLNEeXqEREGE
nuW89EL2j+nC8ZV6GPUMg84InZ5aStRJXfkCuKeezPE7T+teQvymOTpi8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG9IxoDfqHMTOnf4xX8qlIyufRN9MB8GA1UdIwQY
MBaAFFvqK4hMcGf1j/8ECh8G4N8egKs+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1vcmlFeHdaX1dQX3dRS0h3YmczeDZBcXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMzM0ZjgtZGFjZS00OTdmLWE1YTMt
ODE0ZTgwOTA0YmU0LzEvYjBqR2dOLW9jeE02ZF9qRmZ5cVVqSzU5RTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMzM0ZjgtZGFjZS00OTdmLWE1YTMtODE0ZTgwOTA0YmU0
LzEvVy1vcmlFeHdaX1dQX3dRS0h3YmczeDZBcXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWXvAAwQF
bWWgMA0GCSqGSIb3DQEBCwUAA4IBAQBRtqJaRKvaEwjXUUdNyvBmx8RTxkq4aKp4
PxioY14ndpM1pwiiK+BLlvZbExl0l2Ny64pYDPW2j2UwDFRlM7CI/AcTMDCBXAoQ
HSESIeclO2aOUgt9B3WSYNrrNrTow48bnloTM5Z4kIpIoqMl1+dhk+7vk0zeDC+D
jylVTjfSAh4Zi3Ue/wGtxu7cUQqmBwABId2xh+C7tJkXXposxw5RV902K0rxiLEf
d+JAM6L8NV3Y8mM0RE0cF8Yj2vZd3jGV1cWJ68vBp/DFYTjfXap+5bzvFJDgLGON
ng/ohOIQI5FxGyaDt9cUn9dljoHUDLU9+o9OdWlrzzhjNBXJyfU7
-----END CERTIFICATE-----