Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/HdKdEjxCmlXNuNH48BfHxEnN4ws.roa
File:                     HdKdEjxCmlXNuNH48BfHxEnN4ws.roa (raw, json)
Hash identifier:          0moM6DO6y+AV4xbK2zakUBKb0czDfW4lfjfb6+k9TI8=
Subject key identifier:   1D:D2:9D:12:3C:42:9A:55:CD:B8:D1:F8:F0:17:C7:C4:49:CD:E3:0B
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       018CC42493585D9F5E3508F12133567AF681
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/HdKdEjxCmlXNuNH48BfHxEnN4ws.roa
Signing time:             Mon 01 Jan 2024 08:29:40 +0000
ROA not before:           Mon 01 Jan 2024 08:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200196
IP address blocks:        89.23.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:93:58:5d:9f:5e:35:08:f1:21:33:56:7a:f6:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 08:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dd29d123c429a55cdb8d1f8f017c7c449cde30b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4b:82:83:f7:f1:5a:d2:3a:55:96:ee:a1:52:
                    71:3f:ef:2a:0e:90:16:f0:e7:27:eb:a3:fa:8d:91:
                    1a:10:d6:c9:5c:64:a3:28:ce:5a:4b:5f:c1:d4:2a:
                    b6:ae:54:61:ae:36:24:8b:88:dc:79:93:b2:71:57:
                    2a:98:ee:1b:87:11:36:2a:c2:ec:77:f2:0b:b2:83:
                    c5:24:b6:94:0e:81:d8:d6:14:b8:ed:e4:4c:43:b7:
                    3c:90:9f:f2:b1:a7:32:19:20:f3:cf:67:e5:3a:d4:
                    78:60:c6:c5:9d:41:c1:51:d0:51:62:b6:98:13:3f:
                    80:be:10:b8:95:c8:6d:57:72:5b:69:09:0f:b6:49:
                    ae:5c:6d:ce:7b:6b:0e:a8:9b:0d:8a:ed:0b:37:07:
                    5e:9c:0c:ed:e9:6a:57:b0:8a:16:20:5d:61:52:93:
                    c4:4f:61:f6:49:26:93:c7:2e:a6:c3:4a:79:78:8b:
                    67:1e:2e:13:92:12:f5:d4:ee:02:51:9e:12:91:f7:
                    1c:b9:5d:2b:41:de:0c:b5:05:a1:b8:df:53:24:cd:
                    9b:2e:17:78:64:b9:27:60:c7:70:62:82:e6:38:bf:
                    3f:d6:51:f6:99:31:01:c0:9b:b8:88:1e:29:df:3a:
                    ae:4c:7b:31:29:eb:24:53:3c:d5:c5:db:96:f3:81:
                    e2:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D2:9D:12:3C:42:9A:55:CD:B8:D1:F8:F0:17:C7:C4:49:CD:E3:0B
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/HdKdEjxCmlXNuNH48BfHxEnN4ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:7d:42:d7:0a:ba:b0:a7:78:a3:fb:08:02:16:7b:9e:88:e8:
         0d:91:55:dd:8f:cd:3d:82:df:49:d7:91:0b:16:d7:bc:6e:b3:
         17:cc:39:ef:b1:cf:a4:4f:e1:ad:6d:0c:fc:7b:ae:85:93:f9:
         a1:b8:c8:a7:31:66:d1:ea:3a:91:4e:ec:ba:ca:2d:be:55:9a:
         bb:f8:5e:ad:69:e8:2f:e6:aa:41:fb:2d:d6:f0:c1:54:44:96:
         a5:e5:1a:5f:e4:6a:c3:6a:c3:16:30:be:65:1c:86:70:38:e8:
         61:dd:93:e6:2f:be:c1:0d:96:38:8d:7a:c2:2d:bd:05:90:4e:
         a6:62:2b:0a:d6:6f:6a:4d:43:01:3f:a3:07:ee:22:a9:ae:87:
         8b:46:9b:7a:62:78:4b:57:22:19:6b:6c:5d:fa:55:5e:c6:c5:
         e6:be:2a:8e:8c:d2:6f:90:d4:68:a7:43:9d:02:17:ce:3b:ea:
         b8:53:b7:08:5a:22:71:19:4f:49:3f:98:1f:60:1e:ca:f9:92:
         96:c7:f8:6f:2f:89:bd:8a:ef:4d:55:59:3b:84:ab:39:46:1b:
         77:4a:88:64:93:e8:db:c6:88:8b:8f:3d:11:03:f3:90:c1:6e:
         54:2d:1b:14:ff:d7:b0:71:73:2d:b6:b6:b3:8c:d0:1a:37:ca:
         a4:e4:b7:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJJNYXZ9eNQjxITNWevaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjQwMTAxMDgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQyOWQxMjNjNDI5YTU1Y2RiOGQxZjhmMDE3YzdjNDQ5Y2RlMzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUuCg/fxWtI6VZbuoVJxP+8qDpAW
8Ocn66P6jZEaENbJXGSjKM5aS1/B1Cq2rlRhrjYki4jceZOycVcqmO4bhxE2KsLs
d/ILsoPFJLaUDoHY1hS47eRMQ7c8kJ/ysacyGSDzz2flOtR4YMbFnUHBUdBRYraY
Ez+AvhC4lchtV3JbaQkPtkmuXG3Oe2sOqJsNiu0LNwdenAzt6WpXsIoWIF1hUpPE
T2H2SSaTxy6mw0p5eItnHi4TkhL11O4CUZ4SkfccuV0rQd4MtQWhuN9TJM2bLhd4
ZLknYMdwYoLmOL8/1lH2mTEBwJu4iB4p3zquTHsxKeskUzzVxduW84HiIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3SnRI8QppVzbjR+PAXx8RJzeMLMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvSGRLZEVqeENtbFhOdU5INDhCZkh4RW5ONHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdYMA0G
CSqGSIb3DQEBCwUAA4IBAQBnfULXCrqwp3ij+wgCFnueiOgNkVXdj809gt9J15EL
Fte8brMXzDnvsc+kT+GtbQz8e66Fk/mhuMinMWbR6jqRTuy6yi2+VZq7+F6taegv
5qpB+y3W8MFURJal5Rpf5GrDasMWML5lHIZwOOhh3ZPmL77BDZY4jXrCLb0FkE6m
YisK1m9qTUMBP6MH7iKproeLRpt6YnhLVyIZa2xd+lVexsXmviqOjNJvkNRop0Od
AhfOO+q4U7cIWiJxGU9JP5gfYB7K+ZKWx/hvL4m9iu9NVVk7hKs5Rht3Sohkk+jb
xoiLjz0RA/OQwW5ULRsU/9ewcXMttrazjNAaN8qk5Ldc
-----END CERTIFICATE-----