Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/zpxvOPd2pkye3KZsVH66MF9-PCM.roa
File:                     zpxvOPd2pkye3KZsVH66MF9-PCM.roa (raw, json)
Hash identifier:          +HcghRhOjeAPozIDKbSBpE2TMo/gUohS21aLgMnIfHA=
Subject key identifier:   CE:9C:6F:38:F7:76:A6:4C:9E:DC:A6:6C:54:7E:BA:30:5F:7E:3C:23
Certificate issuer:       /CN=08828bc7dd784850b896ed7ded9483db5f01e059
Certificate serial:       018FFC7EEC754D16265ECA32C089227B21E6
Authority key identifier: 08:82:8B:C7:DD:78:48:50:B8:96:ED:7D:ED:94:83:DB:5F:01:E0:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/zpxvOPd2pkye3KZsVH66MF9-PCM.roa
Signing time:             Sun 09 Jun 2024 10:15:27 +0000
ROA not before:           Sun 09 Jun 2024 10:15:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        89.248.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fc:7e:ec:75:4d:16:26:5e:ca:32:c0:89:22:7b:21:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08828bc7dd784850b896ed7ded9483db5f01e059
        Validity
            Not Before: Jun  9 10:15:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce9c6f38f776a64c9edca66c547eba305f7e3c23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:0e:e3:00:f1:0e:86:4b:ef:42:79:a2:88:0f:
                    79:44:77:94:3a:6d:e3:35:1a:85:d4:6b:a4:ab:fb:
                    cd:d4:d2:e1:f8:ba:70:10:1b:fb:7c:89:1f:91:e0:
                    93:e4:f2:f8:7f:eb:25:c8:33:e0:70:9f:7e:97:5f:
                    58:18:9c:e1:c0:67:6c:ad:f2:6b:d8:dd:fe:7e:83:
                    14:9c:40:a1:76:28:a1:83:55:33:7c:fa:d6:35:c3:
                    d6:20:87:fa:9d:37:4c:58:9b:40:3d:30:d1:08:47:
                    83:63:06:cf:28:9d:3c:c1:da:40:3e:b8:6e:4d:8a:
                    e3:3a:e5:92:f5:96:e0:cb:68:77:02:0a:ad:79:43:
                    0c:32:52:eb:29:d4:4c:48:63:ce:56:a5:db:46:6c:
                    34:68:ae:64:5f:db:f8:ad:eb:c2:40:19:61:a0:38:
                    49:55:10:6d:45:bf:51:35:4d:4c:2a:26:d9:c0:b0:
                    bd:99:c3:2d:14:98:a8:eb:3b:24:f7:b8:38:fa:ec:
                    62:da:74:fa:ed:56:f0:ba:91:fb:4a:87:94:d4:50:
                    78:67:ab:8e:06:fc:7b:03:01:a3:9e:66:13:b0:03:
                    a9:89:85:df:9a:c9:70:d4:70:c8:30:ec:45:9b:05:
                    d7:a1:b0:0a:21:aa:f4:1f:dc:f5:80:96:2b:d3:31:
                    e8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:9C:6F:38:F7:76:A6:4C:9E:DC:A6:6C:54:7E:BA:30:5F:7E:3C:23
            X509v3 Authority Key Identifier:
                keyid:08:82:8B:C7:DD:78:48:50:B8:96:ED:7D:ED:94:83:DB:5F:01:E0:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/zpxvOPd2pkye3KZsVH66MF9-PCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.248.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:95:30:50:47:70:ec:a5:b2:97:11:82:ae:bc:27:ec:e1:a9:
         f9:29:eb:18:89:cb:d9:1a:e3:9e:2e:40:90:e0:6c:6e:d0:f9:
         1a:a4:bd:2a:6d:92:16:05:91:5c:cc:42:74:da:8f:78:b0:4b:
         f6:a2:a4:e4:a4:51:3a:9a:e2:93:7b:c6:ea:36:43:f6:b4:e4:
         36:b2:00:ec:8a:42:1d:07:3d:a9:97:be:f0:14:97:8c:2e:b8:
         3e:82:db:59:a9:61:2f:6c:a3:93:bf:a3:ba:eb:77:51:33:38:
         0d:89:5b:ea:0c:c0:4f:31:38:bc:2e:e1:b4:67:b0:d7:53:2f:
         24:96:97:e0:b0:90:98:5e:12:96:b1:0c:07:8a:06:7b:67:f0:
         e5:aa:de:dd:63:cc:29:44:04:6b:b0:79:cc:29:9b:d1:96:78:
         3a:87:5d:cd:8d:94:f7:c9:09:b5:32:f0:ee:82:12:ad:d1:41:
         2e:4d:7b:92:47:35:91:bb:3a:a4:a4:fb:b3:bb:ee:32:d3:6b:
         3a:4f:ef:75:5b:5a:d2:64:fd:14:f9:7f:0a:ed:ad:ad:26:d4:
         f1:12:6f:c2:42:65:d2:81:de:c3:90:a9:44:3a:60:0e:00:22:
         37:64:35:dc:77:c3:b8:51:c9:51:d6:1e:b9:97:78:4b:2a:23:
         ae:51:f1:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/8fux1TRYmXsoywIkieyHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODI4YmM3ZGQ3ODQ4NTBiODk2ZWQ3ZGVkOTQ4M2RiNWYw
MWUwNTkwHhcNMjQwNjA5MTAxNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTljNmYzOGY3NzZhNjRjOWVkY2E2NmM1NDdlYmEzMDVmN2UzYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQ7jAPEOhkvvQnmiiA95RHeUOm3j
NRqF1Gukq/vN1NLh+LpwEBv7fIkfkeCT5PL4f+slyDPgcJ9+l19YGJzhwGdsrfJr
2N3+foMUnEChdiihg1UzfPrWNcPWIIf6nTdMWJtAPTDRCEeDYwbPKJ08wdpAPrhu
TYrjOuWS9Zbgy2h3AgqteUMMMlLrKdRMSGPOVqXbRmw0aK5kX9v4revCQBlhoDhJ
VRBtRb9RNU1MKibZwLC9mcMtFJio6zsk97g4+uxi2nT67VbwupH7SoeU1FB4Z6uO
Bvx7AwGjnmYTsAOpiYXfmslw1HDIMOxFmwXXobAKIar0H9z1gJYr0zHoYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6cbzj3dqZMntymbFR+ujBffjwjMB8GA1UdIwQY
MBaAFAiCi8fdeEhQuJbtfe2Ug9tfAeBZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lLTHg5MTRTRkM0bHUxOTdaU0QyMThCNEZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy84NjY3NTQtZjBlZi00OTAwLThkZDAt
NmMwNDAzYzlhNDQwLzEvenB4dk9QZDJwa3llM0tac1ZINjZNRjktUENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy84NjY3NTQtZjBlZi00OTAwLThkZDAtNmMwNDAzYzlhNDQw
LzEvQ0lLTHg5MTRTRkM0bHUxOTdaU0QyMThCNEZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfhCMA0G
CSqGSIb3DQEBCwUAA4IBAQCYlTBQR3DspbKXEYKuvCfs4an5KesYicvZGuOeLkCQ
4Gxu0PkapL0qbZIWBZFczEJ02o94sEv2oqTkpFE6muKTe8bqNkP2tOQ2sgDsikId
Bz2pl77wFJeMLrg+gttZqWEvbKOTv6O663dRMzgNiVvqDMBPMTi8LuG0Z7DXUy8k
lpfgsJCYXhKWsQwHigZ7Z/Dlqt7dY8wpRARrsHnMKZvRlng6h13NjZT3yQm1MvDu
ghKt0UEuTXuSRzWRuzqkpPuzu+4y02s6T+91W1rSZP0U+X8K7a2tJtTxEm/CQmXS
gd7DkKlEOmAOACI3ZDXcd8O4UclR1h65l3hLKiOuUfEI
-----END CERTIFICATE-----