Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U9TWmfT5aP6p2exh_0DJ4NPcVy4.roa
File:                     U9TWmfT5aP6p2exh_0DJ4NPcVy4.roa (raw, json)
Hash identifier:          tmgVQujLcL7n9dplfKkJ0LCQNpOoMBJETXvXZkMkVcY=
Subject key identifier:   53:D4:D6:99:F4:F9:68:FE:A9:D9:EC:61:FF:40:C9:E0:D3:DC:57:2E
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018CC56F02DAD2978CE2442E32C94855D6B3
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U9TWmfT5aP6p2exh_0DJ4NPcVy4.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        89.40.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:02:da:d2:97:8c:e2:44:2e:32:c9:48:55:d6:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53d4d699f4f968fea9d9ec61ff40c9e0d3dc572e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:04:21:24:9a:6d:f4:7a:61:46:5d:71:7c:8b:
                    0e:36:c9:1e:77:1d:71:73:7d:68:85:4a:4e:e1:4e:
                    fa:b6:a1:86:cb:34:54:f1:fd:c5:4f:8c:90:a9:c9:
                    38:d8:b4:5f:c4:29:e1:4b:31:9e:57:14:50:db:88:
                    58:a6:5f:35:be:be:87:25:21:84:93:3b:44:23:25:
                    65:e7:93:4c:22:84:52:08:28:9c:cc:d5:16:b5:12:
                    bc:b0:86:40:e6:59:71:9e:15:6a:66:de:c6:84:69:
                    b3:68:5e:6f:4f:38:f3:f6:50:89:bb:85:54:dc:22:
                    a3:75:14:c9:4c:50:fd:05:85:80:57:8c:b5:34:36:
                    03:b1:e8:41:43:ed:6f:1c:d2:8d:17:56:50:e0:26:
                    dc:64:7b:dd:9f:2e:3a:8e:af:3a:a0:ae:31:e3:22:
                    4e:ed:33:81:4e:0e:56:aa:03:9e:53:99:48:e9:c0:
                    b8:76:a0:e2:88:ab:d9:ae:e7:e6:c2:b9:e6:3c:cd:
                    7d:e4:14:bd:94:4a:9d:94:23:62:67:16:5f:f5:f9:
                    43:79:98:13:09:5c:d4:8c:de:5e:6b:8e:59:8b:c9:
                    8b:4c:08:05:f4:9f:d0:c2:3f:2e:c1:25:47:a2:9d:
                    b6:dd:f2:06:50:51:7b:86:9a:6a:bb:84:8e:41:21:
                    a6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D4:D6:99:F4:F9:68:FE:A9:D9:EC:61:FF:40:C9:E0:D3:DC:57:2E
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U9TWmfT5aP6p2exh_0DJ4NPcVy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:19:92:bf:fc:e0:8e:29:7d:58:c2:28:9f:24:86:cc:07:d0:
         47:bd:74:17:8f:56:62:77:5c:c4:bb:7f:74:c2:4a:a9:67:55:
         09:78:4f:62:45:98:c6:bd:83:63:e8:10:b4:92:0a:48:5f:9f:
         7c:6f:3d:9e:fb:87:4f:55:ab:12:e5:64:05:f4:a0:e6:c1:ef:
         97:43:9b:bb:d6:a9:26:cc:c6:8c:dd:13:57:c9:52:9f:9e:3b:
         74:5e:e3:94:5c:8e:60:8b:a8:69:bb:97:b5:4a:04:67:b9:9d:
         ad:08:c7:65:9a:9d:21:9e:43:c8:8a:5b:a2:81:db:58:4b:77:
         bb:dc:ac:9a:4d:02:21:f9:10:c1:ed:c8:f3:16:26:d5:3c:84:
         99:75:34:21:6c:5b:51:db:45:3b:4d:c0:da:bb:d8:01:08:16:
         dc:20:ee:85:2f:c9:f0:40:d0:1e:b5:1f:cc:2f:eb:b0:dd:e0:
         b8:aa:79:80:76:4f:13:5c:a7:f4:fc:73:2c:0b:ac:9d:2b:4c:
         fc:5f:7b:24:d2:cc:a8:e5:b7:41:b1:fe:7d:1e:6c:9a:61:51:
         28:9c:76:15:e3:4c:e0:8f:9b:84:5b:3c:91:aa:16:48:72:6b:
         bb:cd:d8:60:20:e1:11:d6:ee:17:4e:6c:81:3e:4f:33:28:e2:
         c9:41:45:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwLa0peM4kQuMslIVdazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Q0ZDY5OWY0Zjk2OGZlYTlkOWVjNjFmZjQwYzllMGQzZGM1NzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwQhJJpt9HphRl1xfIsONskedx1x
c31ohUpO4U76tqGGyzRU8f3FT4yQqck42LRfxCnhSzGeVxRQ24hYpl81vr6HJSGE
kztEIyVl55NMIoRSCCiczNUWtRK8sIZA5llxnhVqZt7GhGmzaF5vTzjz9lCJu4VU
3CKjdRTJTFD9BYWAV4y1NDYDsehBQ+1vHNKNF1ZQ4CbcZHvdny46jq86oK4x4yJO
7TOBTg5WqgOeU5lI6cC4dqDiiKvZrufmwrnmPM195BS9lEqdlCNiZxZf9flDeZgT
CVzUjN5ea45Zi8mLTAgF9J/Qwj8uwSVHop223fIGUFF7hppqu4SOQSGmBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPU1pn0+Wj+qdnsYf9AyeDT3FcuMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvVTlUV21mVDVhUDZwMmV4aF8wREo0TlBjVnk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSimMA0G
CSqGSIb3DQEBCwUAA4IBAQB8GZK//OCOKX1YwiifJIbMB9BHvXQXj1Zid1zEu390
wkqpZ1UJeE9iRZjGvYNj6BC0kgpIX598bz2e+4dPVasS5WQF9KDmwe+XQ5u71qkm
zMaM3RNXyVKfnjt0XuOUXI5gi6hpu5e1SgRnuZ2tCMdlmp0hnkPIiluigdtYS3e7
3KyaTQIh+RDB7cjzFibVPISZdTQhbFtR20U7TcDau9gBCBbcIO6FL8nwQNAetR/M
L+uw3eC4qnmAdk8TXKf0/HMsC6ydK0z8X3sk0syo5bdBsf59HmyaYVEonHYV40zg
j5uEWzyRqhZIcmu7zdhgIOER1u4XTmyBPk8zKOLJQUWA
-----END CERTIFICATE-----