Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/rTynJpjZ-mPhhU_mgKqPHJVFu2s.roa
File:                     rTynJpjZ-mPhhU_mgKqPHJVFu2s.roa (raw, json)
Hash identifier:          6ZxLYUvzU7H3ED5QpN7VZ8lmJJJhpiYiiGAAQ6jCYWo=
Subject key identifier:   AD:3C:A7:26:98:D9:FA:63:E1:85:4F:E6:80:AA:8F:1C:95:45:BB:6B
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018DD5FB8A55ECFC8784EE7330AFDB2224D0
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/rTynJpjZ-mPhhU_mgKqPHJVFu2s.roa
Signing time:             Fri 23 Feb 2024 12:40:48 +0000
ROA not before:           Fri 23 Feb 2024 12:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216127
IP address blocks:        89.23.123.0/24 maxlen: 24
                          194.28.225.0/24 maxlen: 24
                          194.28.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:fb:8a:55:ec:fc:87:84:ee:73:30:af:db:22:24:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Feb 23 12:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad3ca72698d9fa63e1854fe680aa8f1c9545bb6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:7e:00:fa:a8:b4:2f:3c:e5:bc:30:bd:ee:48:
                    c5:b7:89:79:c3:1d:97:21:d2:e8:f4:a7:35:ea:aa:
                    3d:cb:c3:d1:0c:79:fc:4a:94:0d:c2:07:29:0b:3e:
                    64:6f:55:b2:c5:19:0c:63:e0:9c:ae:ee:85:85:c9:
                    ec:7d:0d:db:52:1c:a6:c3:5d:79:b5:40:cc:c5:fb:
                    89:33:fd:a4:24:89:be:db:5e:06:a8:92:d4:af:82:
                    36:8c:22:cc:1e:9e:3a:b0:f7:a9:ec:c9:cc:1b:3a:
                    4b:83:ac:72:d1:1d:e3:34:b4:1c:4f:53:5a:84:82:
                    b3:a4:1a:0c:68:db:9e:06:28:59:b3:6f:90:5e:dd:
                    cf:91:26:a8:f5:c1:84:b0:61:fa:6e:87:cf:8b:d6:
                    3c:ba:71:cc:b5:e1:f4:00:b3:10:7f:2d:9c:0b:81:
                    d4:d0:30:4b:70:13:d4:e8:61:95:02:02:e8:37:16:
                    82:2e:ae:42:a6:67:81:b0:3e:a8:1c:7b:70:dc:e1:
                    7d:58:65:a2:9b:b9:6a:e8:2e:d6:40:08:68:9d:15:
                    92:e5:b2:b2:5d:20:27:db:f7:57:44:b5:d5:67:53:
                    76:67:4a:a8:92:10:84:82:6d:df:45:15:99:c9:f2:
                    1d:a7:02:6f:33:87:9c:9e:7b:e3:81:8f:78:eb:fd:
                    35:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:3C:A7:26:98:D9:FA:63:E1:85:4F:E6:80:AA:8F:1C:95:45:BB:6B
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/rTynJpjZ-mPhhU_mgKqPHJVFu2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.123.0/24
                  194.28.225.0-194.28.226.255

    Signature Algorithm: sha256WithRSAEncryption
         c0:82:46:1e:0d:39:d5:0a:60:c4:79:33:d0:ae:60:8f:ed:81:
         f2:d6:51:3b:44:7b:31:54:a0:c0:40:b7:f1:42:d0:00:ff:2e:
         10:c0:84:92:e9:ac:f4:c2:c5:a0:41:d8:ce:45:4b:ed:02:47:
         ee:6b:2c:aa:bc:ae:c3:86:29:27:05:3d:63:23:62:19:06:68:
         88:32:b1:9f:20:0b:e3:72:d6:98:77:7e:da:7f:20:9d:db:3f:
         77:65:fa:12:a5:c2:63:3a:72:1d:ab:86:e4:b7:0a:4f:f3:e1:
         ee:b2:ba:0d:e6:8c:4e:84:9d:2a:57:97:37:d0:ae:a7:6c:a4:
         27:d7:2e:e1:81:5a:33:4f:26:9c:37:45:af:88:5d:72:a5:86:
         d5:e5:97:08:82:33:ff:49:57:68:c7:5e:c6:d7:34:b5:32:0e:
         d8:51:e2:68:88:a1:75:a8:51:01:ff:e7:af:7b:82:b4:34:02:
         cc:89:7f:b3:53:72:f5:3b:21:75:b2:e1:0c:11:cc:b8:13:4b:
         fd:a2:cd:18:e6:7e:6e:30:1f:65:b0:1e:1e:cc:a7:30:48:f7:
         19:be:5d:08:6d:5a:5b:6f:ff:43:49:83:da:77:f5:b6:75:01:
         47:d6:85:d2:b7:15:99:5a:80:07:3f:fa:3a:09:9d:cc:b4:49:
         15:29:de:fa
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY3V+4pV7PyHhO5zMK/bIiTQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMjIzMTI0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNjYTcyNjk4ZDlmYTYzZTE4NTRmZTY4MGFhOGYxYzk1NDViYjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA234A+qi0LzzlvDC97kjFt4l5wx2X
IdLo9Kc16qo9y8PRDHn8SpQNwgcpCz5kb1WyxRkMY+Ccru6FhcnsfQ3bUhymw115
tUDMxfuJM/2kJIm+214GqJLUr4I2jCLMHp46sPep7MnMGzpLg6xy0R3jNLQcT1Na
hIKzpBoMaNueBihZs2+QXt3PkSao9cGEsGH6bofPi9Y8unHMteH0ALMQfy2cC4HU
0DBLcBPU6GGVAgLoNxaCLq5CpmeBsD6oHHtw3OF9WGWim7lq6C7WQAhonRWS5bKy
XSAn2/dXRLXVZ1N2Z0qokhCEgm3fRRWZyfIdpwJvM4ecnnvjgY946/01OwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFK08pyaY2fpj4YVP5oCqjxyVRbtrMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvclR5bkpwalotbVBoaFVfbWdLcVBISlZGdTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAWRd7MAwD
BADCHOEDBADCHOIwDQYJKoZIhvcNAQELBQADggEBAMCCRh4NOdUKYMR5M9CuYI/t
gfLWUTtEezFUoMBAt/FC0AD/LhDAhJLprPTCxaBB2M5FS+0CR+5rLKq8rsOGKScF
PWMjYhkGaIgysZ8gC+Ny1ph3ftp/IJ3bP3dl+hKlwmM6ch2rhuS3Ck/z4e6yug3m
jE6EnSpXlzfQrqdspCfXLuGBWjNPJpw3Ra+IXXKlhtXllwiCM/9JV2jHXsbXNLUy
DthR4miIoXWoUQH/5697grQ0AsyJf7NTcvU7IXWy4QwRzLgTS/2izRjmfm4wH2Ww
Hh7MpzBI9xm+XQhtWltv/0NJg9p39bZ1AUfWhdK3FZlagAc/+joJncy0SRUp3vo=
-----END CERTIFICATE-----