Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1kE5YujiytX6X3y8R4jmVME8LOk.roa
File:                     1kE5YujiytX6X3y8R4jmVME8LOk.roa (raw, json)
Hash identifier:          51C50CK81rM3xJVpvfcIBsn/5Srw7vqTBrn3x5Ki+Vk=
Subject key identifier:   D6:41:39:62:E8:E2:CA:D5:FA:5F:7C:BC:47:88:E6:54:C1:3C:2C:E9
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB624C7E57F9D4719AECCD2A5217D8
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1kE5YujiytX6X3y8R4jmVME8LOk.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43581
IP address blocks:        89.23.105.0/24 maxlen: 24
                          89.23.106.0/24 maxlen: 24
                          89.23.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:62:4c:7e:57:f9:d4:71:9a:ec:cd:2a:52:17:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6413962e8e2cad5fa5f7cbc4788e654c13c2ce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:86:47:fd:d6:74:a4:29:74:f1:3b:5c:93:2a:
                    f2:55:75:ee:39:c2:6d:bb:1c:e2:76:d0:8f:25:01:
                    0a:4d:f4:c4:f5:ed:22:77:86:0f:1e:23:d5:fb:02:
                    a3:39:46:b2:74:7d:77:e6:01:6b:64:db:77:a3:02:
                    99:3d:f6:ac:22:d2:59:2f:2a:78:68:5d:c2:57:db:
                    37:ab:74:77:66:2f:3f:7e:80:16:45:fb:b8:2e:d2:
                    90:c7:64:e6:29:e5:13:aa:30:b1:2b:01:75:e3:c7:
                    4b:a2:b2:c5:b1:3d:a3:84:1b:87:60:3f:46:a8:51:
                    2e:cc:2d:57:10:0b:94:c9:07:ec:09:08:5c:5b:be:
                    b1:19:4e:5e:cb:3e:2d:47:68:43:45:67:e6:7e:c4:
                    80:3b:0f:e5:b5:46:32:1f:c9:cc:fc:ec:b4:e2:22:
                    b7:98:b6:3d:62:b7:72:7a:db:42:d0:de:3d:c4:89:
                    60:38:ad:a0:c1:9c:0a:95:2a:5a:c1:65:c6:52:ee:
                    58:06:93:b9:29:a6:2d:ee:c8:a4:db:dc:56:c1:a8:
                    7a:37:84:0d:fd:f8:4d:59:ff:b2:fb:0b:5f:3b:9c:
                    bb:71:6a:38:a0:67:d6:f0:09:2f:49:73:34:e8:90:
                    1a:0f:bb:82:bf:47:52:1d:07:83:4e:7c:4b:d3:65:
                    9a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:41:39:62:E8:E2:CA:D5:FA:5F:7C:BC:47:88:E6:54:C1:3C:2C:E9
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1kE5YujiytX6X3y8R4jmVME8LOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.105.0-89.23.106.255
                  89.23.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:ac:fa:05:0d:89:22:c6:83:1e:d8:f0:4e:97:1a:db:b3:4b:
         a9:c2:f6:49:82:46:06:a1:df:dd:80:cf:8e:3e:57:07:f2:a4:
         79:c8:ea:c4:c7:0a:ba:db:89:b3:3a:6c:32:d8:e3:60:c7:55:
         dd:23:51:af:98:ca:5b:26:88:9d:48:4d:c7:bb:76:0d:40:ce:
         cc:a7:44:c9:c1:f1:b2:9a:76:a5:7b:53:0f:91:57:70:ce:f4:
         0b:d6:79:48:43:f4:90:44:18:af:41:e6:83:99:f1:8e:4d:47:
         0a:69:76:b1:3b:74:e1:ec:f9:83:22:e3:60:23:32:8b:2b:40:
         50:db:85:ed:20:48:bf:ec:aa:0f:22:a8:ca:04:83:e5:b3:49:
         80:c1:9d:37:e1:cf:9c:10:77:0c:05:14:3d:ee:6d:db:14:e5:
         e9:d1:77:03:09:82:c9:3e:23:98:42:86:26:98:c5:d0:20:51:
         2e:f2:89:d5:76:b2:ff:e7:be:4f:40:db:11:8b:1d:f5:c7:05:
         44:7a:ec:82:90:d7:a7:cb:76:46:57:5d:8a:41:67:9f:2e:38:
         bd:75:59:54:6b:ab:39:c7:a0:85:3d:fa:1d:90:e3:e0:12:06:
         07:36:bd:2e:cd:46:86:ab:ef:57:dd:ef:99:0b:9c:1c:a1:c7:
         18:c6:8c:db
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzC22JMflf51HGa7M0qUhfYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQxMzk2MmU4ZTJjYWQ1ZmE1ZjdjYmM0Nzg4ZTY1NGMxM2MyY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIZH/dZ0pCl08TtckyryVXXuOcJt
uxzidtCPJQEKTfTE9e0id4YPHiPV+wKjOUaydH135gFrZNt3owKZPfasItJZLyp4
aF3CV9s3q3R3Zi8/foAWRfu4LtKQx2TmKeUTqjCxKwF148dLorLFsT2jhBuHYD9G
qFEuzC1XEAuUyQfsCQhcW76xGU5eyz4tR2hDRWfmfsSAOw/ltUYyH8nM/Oy04iK3
mLY9YrdyettC0N49xIlgOK2gwZwKlSpawWXGUu5YBpO5KaYt7sik29xWwah6N4QN
/fhNWf+y+wtfO5y7cWo4oGfW8AkvSXM06JAaD7uCv0dSHQeDTnxL02Wa7QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNZBOWLo4srV+l98vEeI5lTBPCzpMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMWtFNVl1aml5dFg2WDN5OFI0am1WTUU4TE9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABZF2kD
BABZF2oDBABZF24wDQYJKoZIhvcNAQELBQADggEBALas+gUNiSLGgx7Y8E6XGtuz
S6nC9kmCRgah392Az44+VwfypHnI6sTHCrrbibM6bDLY42DHVd0jUa+YylsmiJ1I
Tce7dg1AzsynRMnB8bKadqV7Uw+RV3DO9AvWeUhD9JBEGK9B5oOZ8Y5NRwppdrE7
dOHs+YMi42AjMosrQFDbhe0gSL/sqg8iqMoEg+WzSYDBnTfhz5wQdwwFFD3ubdsU
5enRdwMJgsk+I5hChiaYxdAgUS7yidV2sv/nvk9A2xGLHfXHBUR67IKQ16fLdkZX
XYpBZ58uOL11WVRrqznHoIU9+h2Q4+ASBgc2vS7NRoar71fd75kLnByhxxjGjNs=
-----END CERTIFICATE-----