Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/iexIWXq2QIUeSG0lYo33E24h_3A.roa
File:                     iexIWXq2QIUeSG0lYo33E24h_3A.roa (raw, json)
Hash identifier:          Q5gj85EBnb0BBM0Z7eYCeRk9V380acJyPhf/vqv2imc=
Subject key identifier:   89:EC:48:59:7A:B6:40:85:1E:48:6D:25:62:8D:F7:13:6E:21:FF:70
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       0191645D9E43F81A3D6EF0C602AED791CFBB
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/iexIWXq2QIUeSG0lYo33E24h_3A.roa
Signing time:             Sun 18 Aug 2024 07:22:22 +0000
ROA not before:           Sun 18 Aug 2024 07:22:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3258
IP address blocks:        45.12.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:64:5d:9e:43:f8:1a:3d:6e:f0:c6:02:ae:d7:91:cf:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Aug 18 07:22:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89ec48597ab640851e486d25628df7136e21ff70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a9:1a:3a:76:c3:db:79:d0:1f:d9:89:a9:51:
                    fb:f5:36:35:0d:07:57:7d:64:64:cd:75:c1:aa:fa:
                    47:38:8a:07:6e:67:0d:e0:70:a8:60:9e:01:1c:69:
                    ca:10:62:27:8a:01:a6:40:e7:9a:cd:46:dd:d1:d7:
                    4e:3b:46:4d:66:01:a2:7f:2b:0e:5d:51:91:d6:59:
                    80:a7:58:3d:34:aa:01:f9:25:fe:a3:4c:e6:59:e1:
                    25:fc:af:d0:cf:be:d1:6d:52:f5:66:1f:c3:c2:be:
                    2c:0d:3f:62:04:ef:bf:a7:4a:9c:2e:db:52:6a:40:
                    f6:8e:81:68:c5:e0:65:7f:82:1b:e8:ae:a3:fe:ca:
                    05:76:81:da:66:66:45:88:68:f1:be:00:8e:32:28:
                    cb:84:b0:f9:62:f8:87:ba:26:41:ce:7d:92:3a:7c:
                    b2:4d:81:c0:37:b9:52:be:f7:24:b1:13:02:9d:5f:
                    0f:96:09:8e:81:9e:81:64:07:95:b2:d5:a3:0d:28:
                    dc:7d:40:ac:99:1e:4f:15:f6:0a:41:2f:43:8e:c7:
                    2f:55:6b:ed:f6:24:70:2d:3c:dd:fb:ed:8f:77:e0:
                    b4:a2:15:3e:1c:7b:05:6a:35:c8:0f:9d:1d:6b:13:
                    f5:ce:3c:8d:f1:31:50:16:53:06:e1:85:ab:92:75:
                    21:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:EC:48:59:7A:B6:40:85:1E:48:6D:25:62:8D:F7:13:6E:21:FF:70
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/iexIWXq2QIUeSG0lYo33E24h_3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:75:8d:44:07:86:48:3e:ee:95:1f:34:f6:bf:95:15:94:6f:
         b7:dc:29:a5:c6:51:8c:a1:41:cb:00:66:f1:6a:47:59:fa:de:
         82:be:8e:2a:94:c6:d0:03:80:69:72:5e:83:a4:39:ab:67:94:
         2d:62:59:46:30:d8:b3:56:77:04:e1:36:5a:42:9b:58:ad:0d:
         8f:c6:01:cf:3b:a4:dc:e2:d7:34:0e:ab:8d:e0:cd:c0:90:56:
         a9:22:9d:b7:e2:60:71:59:ac:5c:71:f6:05:cd:79:65:0f:ed:
         cc:cd:45:45:96:90:91:3e:a3:c7:39:aa:bf:7a:bf:02:e3:52:
         2b:df:3b:f2:83:3b:23:9c:9a:53:91:4f:c5:69:a6:b1:39:d3:
         b8:c6:2e:de:86:5a:98:3e:c1:d6:bb:b6:6f:95:18:59:c1:61:
         b1:ad:3d:9a:d5:23:9c:8a:40:1a:e1:aa:a6:ee:78:8b:ee:bf:
         df:c1:8b:de:62:e2:3d:ac:c6:da:35:a3:ad:27:a4:4b:51:84:
         95:e8:96:e3:6c:7d:f9:fa:f5:f3:42:e9:62:7d:f8:ed:58:7e:
         8e:51:c5:33:83:8f:30:26:a8:d4:84:ee:f1:71:38:5d:06:49:
         31:b3:e7:13:ea:96:0a:f7:51:a8:29:83:5e:fd:1c:61:b3:5b:
         b1:67:30:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFkXZ5D+Bo9bvDGAq7Xkc+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjQwODE4MDcyMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWVjNDg1OTdhYjY0MDg1MWU0ODZkMjU2MjhkZjcxMzZlMjFmZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuakaOnbD23nQH9mJqVH79TY1DQdX
fWRkzXXBqvpHOIoHbmcN4HCoYJ4BHGnKEGInigGmQOeazUbd0ddOO0ZNZgGifysO
XVGR1lmAp1g9NKoB+SX+o0zmWeEl/K/Qz77RbVL1Zh/Dwr4sDT9iBO+/p0qcLttS
akD2joFoxeBlf4Ib6K6j/soFdoHaZmZFiGjxvgCOMijLhLD5YviHuiZBzn2SOnyy
TYHAN7lSvvcksRMCnV8PlgmOgZ6BZAeVstWjDSjcfUCsmR5PFfYKQS9DjscvVWvt
9iRwLTzd++2Pd+C0ohU+HHsFajXID50daxP1zjyN8TFQFlMG4YWrknUhrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInsSFl6tkCFHkhtJWKN9xNuIf9wMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvaWV4SVdYcTJRSVVlU0cwbFlvMzNFMjRoXzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxZMA0G
CSqGSIb3DQEBCwUAA4IBAQAJdY1EB4ZIPu6VHzT2v5UVlG+33CmlxlGMoUHLAGbx
akdZ+t6Cvo4qlMbQA4Bpcl6DpDmrZ5QtYllGMNizVncE4TZaQptYrQ2PxgHPO6Tc
4tc0DquN4M3AkFapIp234mBxWaxccfYFzXllD+3MzUVFlpCRPqPHOaq/er8C41Ir
3zvygzsjnJpTkU/FaaaxOdO4xi7ehlqYPsHWu7ZvlRhZwWGxrT2a1SOcikAa4aqm
7niL7r/fwYveYuI9rMbaNaOtJ6RLUYSV6JbjbH35+vXzQuliffjtWH6OUcUzg48w
JqjUhO7xcThdBkkxs+cT6pYK91GoKYNe/Rxhs1uxZzBU
-----END CERTIFICATE-----