Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/KLhhO-0J4TaTg9fzx-dZ3cF0Bk8.roa
File:                     KLhhO-0J4TaTg9fzx-dZ3cF0Bk8.roa (raw, json)
Hash identifier:          rPXNsYaRq6g8DuC4DxtH6U0OurDmRHZn51cYVdnjMMw=
Subject key identifier:   28:B8:61:3B:ED:09:E1:36:93:83:D7:F3:C7:E7:59:DD:C1:74:06:4F
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019048FC558C06C85B8D1F6303696ED18245
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/KLhhO-0J4TaTg9fzx-dZ3cF0Bk8.roa
Signing time:             Mon 24 Jun 2024 06:43:34 +0000
ROA not before:           Mon 24 Jun 2024 06:43:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        89.249.204.0/24 maxlen: 24
                          89.249.206.0/23 maxlen: 24
                          89.249.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:48:fc:55:8c:06:c8:5b:8d:1f:63:03:69:6e:d1:82:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jun 24 06:43:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28b8613bed09e1369383d7f3c7e759ddc174064f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d4:3e:49:8a:bc:51:dc:6b:8a:9b:d2:f0:1c:
                    f6:e7:c7:d9:0b:2b:05:9c:bc:c0:e3:8e:fb:06:1a:
                    ba:11:0a:34:5c:ee:b1:d2:f0:56:f8:5e:be:8c:2f:
                    b3:6c:a0:77:5c:bd:1b:c8:2d:68:0a:aa:89:7f:bc:
                    61:87:df:91:f8:e3:b6:6b:ac:29:07:ef:b8:51:b8:
                    f5:75:df:cd:62:bf:70:b5:ad:0a:19:57:17:fb:cd:
                    db:87:0d:f5:62:3c:72:2d:3c:71:06:26:36:ab:1f:
                    64:b9:60:49:f7:85:f7:ae:ee:04:86:09:99:82:c7:
                    5d:e7:3c:9f:24:83:cb:84:7c:1e:75:db:58:cf:4b:
                    17:a5:96:53:21:e4:d1:fb:55:f0:fb:b1:50:19:20:
                    a1:be:b7:bf:45:ec:01:98:26:4a:aa:34:2a:19:cc:
                    3c:21:66:42:96:45:61:8c:d2:84:b2:b4:7a:6d:a6:
                    27:e2:15:4e:4e:d0:a9:ba:46:94:bf:14:bb:06:99:
                    cc:05:bb:32:7c:e9:98:15:41:d9:fa:e8:4e:36:9e:
                    61:4a:1d:99:a6:71:4c:90:bb:d3:b1:c0:a2:63:5a:
                    71:37:e6:e6:b0:1c:21:5b:0e:c3:9f:88:b8:f8:a7:
                    31:4e:2d:88:77:12:bd:00:60:49:36:72:df:b7:9a:
                    27:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B8:61:3B:ED:09:E1:36:93:83:D7:F3:C7:E7:59:DD:C1:74:06:4F
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/KLhhO-0J4TaTg9fzx-dZ3cF0Bk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.204.0/24
                  89.249.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:1d:96:e8:7f:af:e0:76:72:fb:85:d1:ff:51:81:88:7a:8d:
         41:a2:18:7c:1c:62:e4:c2:7b:e6:30:3b:bc:35:b0:31:aa:eb:
         b8:b5:d5:a1:7b:b6:1a:4e:b4:6f:b7:19:27:2f:52:9c:2e:0a:
         4d:42:e9:c5:9c:d6:b6:02:ec:e8:eb:b9:23:45:62:0a:45:1a:
         c9:58:2b:f8:59:3c:2d:fd:7d:91:7f:4c:0e:d5:97:1e:4c:ed:
         d5:6c:70:87:57:82:7e:ef:0d:5a:39:3e:d4:46:21:83:e9:9c:
         84:0b:8d:14:68:61:3a:87:41:ab:bb:f3:2f:11:41:da:ca:c1:
         02:cb:62:5f:55:88:f9:38:9e:6a:d0:ba:e1:4e:6f:6f:b5:0e:
         f6:32:8f:ef:f4:af:a2:e2:93:b8:f4:58:33:73:00:02:e3:73:
         04:b3:17:df:37:9a:c2:0a:dc:d2:1c:0b:a6:c2:49:44:e1:a1:
         40:82:eb:c1:a4:8e:af:c2:0e:5e:7b:75:03:c0:a8:f2:8d:5e:
         54:30:e4:23:a0:67:c3:5b:cd:ee:98:56:ce:0a:9a:04:c4:83:
         b9:30:83:b4:3d:c2:24:ca:fe:1d:93:b2:51:e4:cc:6b:15:bd:
         7f:a0:16:f5:ef:fa:39:ff:9d:11:2f:e7:5f:5b:c7:94:36:c4:
         7c:04:28:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBI/FWMBshbjR9jA2lu0YJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwNjI0MDY0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGI4NjEzYmVkMDllMTM2OTM4M2Q3ZjNjN2U3NTlkZGMxNzQwNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtQ+SYq8UdxripvS8Bz258fZCysF
nLzA4477Bhq6EQo0XO6x0vBW+F6+jC+zbKB3XL0byC1oCqqJf7xhh9+R+OO2a6wp
B++4Ubj1dd/NYr9wta0KGVcX+83bhw31YjxyLTxxBiY2qx9kuWBJ94X3ru4EhgmZ
gsdd5zyfJIPLhHweddtYz0sXpZZTIeTR+1Xw+7FQGSChvre/RewBmCZKqjQqGcw8
IWZClkVhjNKEsrR6baYn4hVOTtCpukaUvxS7BpnMBbsyfOmYFUHZ+uhONp5hSh2Z
pnFMkLvTscCiY1pxN+bmsBwhWw7Dn4i4+KcxTi2IdxK9AGBJNnLft5onWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCi4YTvtCeE2k4PX88fnWd3BdAZPMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvS0xoaE8tMEo0VGFUZzlmengtZFozY0YwQms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfnMAwQB
WfnOMA0GCSqGSIb3DQEBCwUAA4IBAQBCHZbof6/gdnL7hdH/UYGIeo1Bohh8HGLk
wnvmMDu8NbAxquu4tdWhe7YaTrRvtxknL1KcLgpNQunFnNa2Auzo67kjRWIKRRrJ
WCv4WTwt/X2Rf0wO1ZceTO3VbHCHV4J+7w1aOT7URiGD6ZyEC40UaGE6h0Gru/Mv
EUHaysECy2JfVYj5OJ5q0LrhTm9vtQ72Mo/v9K+i4pO49FgzcwAC43MEsxffN5rC
CtzSHAumwklE4aFAguvBpI6vwg5ee3UDwKjyjV5UMOQjoGfDW83umFbOCpoExIO5
MIO0PcIkyv4dk7JR5MxrFb1/oBb17/o5/50RL+dfW8eUNsR8BCj0
-----END CERTIFICATE-----