Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7CW5-QQGU9Mx-0CmxxkhSL0UikA.roa
File:                     7CW5-QQGU9Mx-0CmxxkhSL0UikA.roa (raw, json)
Hash identifier:          Ex6D5SCIAkOWoVvz0+fIKxXhAJEPVKZL5iwOFfODD7k=
Subject key identifier:   EC:25:B9:F9:04:06:53:D3:31:FB:40:A6:C7:19:21:48:BD:14:8A:40
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954EAAF9C0561FE1DB8243EACD6539
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7CW5-QQGU9Mx-0CmxxkhSL0UikA.roa
Signing time:             Tue 02 Jan 2024 00:31:40 +0000
ROA not before:           Tue 02 Jan 2024 00:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48161
IP address blocks:        89.39.120.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4e:aa:f9:c0:56:1f:e1:db:82:43:ea:cd:65:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec25b9f9040653d331fb40a6c7192148bd148a40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e6:1d:11:1c:b6:78:f0:87:f1:cb:2f:d1:bc:
                    4c:1e:68:5e:bd:97:e6:0f:39:52:d3:33:aa:8b:63:
                    d2:97:d7:4b:e5:da:82:c7:d7:2c:bd:a6:97:fb:8b:
                    87:09:a0:7c:d2:ee:4d:7d:91:de:24:9d:10:31:61:
                    f6:24:dc:48:49:de:ec:a4:44:19:f0:44:f3:91:cc:
                    4a:b1:19:e7:25:0f:79:93:6f:db:ba:4f:8d:19:86:
                    20:ac:51:75:54:6b:e4:38:86:58:63:0f:73:e1:09:
                    a4:7e:50:d2:b1:f0:64:c0:7e:73:40:8a:a8:13:64:
                    8f:10:be:f1:3b:b8:46:1a:de:ab:36:35:f5:c6:2a:
                    93:01:59:66:58:2b:cb:3f:db:60:75:92:e3:c9:68:
                    42:99:9e:4f:c7:30:0c:4e:60:61:23:82:49:90:be:
                    f9:33:3c:69:2e:58:f3:26:21:31:2f:f7:ff:6a:bc:
                    11:38:12:b3:f9:7e:6a:78:46:68:4f:22:dc:e2:1b:
                    fb:35:db:8e:67:0e:5f:91:27:42:c3:88:91:ce:93:
                    bb:a9:3e:b6:c0:9a:6e:5d:d6:84:e2:02:b2:3f:fa:
                    88:ad:85:bf:d1:aa:da:d5:4a:02:84:7f:04:fa:17:
                    75:1a:9e:e2:b3:cb:f3:ba:25:31:ff:2f:ea:04:c1:
                    08:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:25:B9:F9:04:06:53:D3:31:FB:40:A6:C7:19:21:48:BD:14:8A:40
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7CW5-QQGU9Mx-0CmxxkhSL0UikA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:c8:40:70:95:2d:56:52:41:58:2d:54:70:6a:b3:55:20:76:
         2d:bc:9f:40:65:c5:87:43:04:bc:19:22:2a:57:93:40:2d:5a:
         5c:f2:6f:de:d2:c7:d6:fc:c5:31:d8:b0:fc:35:2c:c4:69:ce:
         dc:b9:e0:5e:af:cf:62:53:41:e2:63:1c:4f:3f:b1:63:55:bf:
         79:87:f4:47:69:0b:17:12:3c:99:b2:89:16:af:4d:6d:1c:50:
         87:6d:b3:ec:df:20:1a:d3:0c:f6:2b:32:f1:d0:62:e0:7f:f5:
         46:13:68:8f:11:d3:1b:bc:95:17:20:59:87:7b:63:c2:d4:2c:
         c1:a7:43:18:5c:f0:39:6b:08:ee:ad:f7:15:f1:02:60:46:60:
         b7:a6:c7:05:20:fb:14:82:4a:0a:4d:9c:fd:e4:23:af:97:7c:
         19:85:de:43:cf:75:50:50:fe:d2:37:27:24:14:67:9a:8a:0f:
         31:f0:50:24:51:91:25:99:49:80:6c:cc:11:5c:a7:b3:e5:4a:
         53:6d:ce:9a:dd:23:87:9c:1b:f4:2e:9b:64:e0:47:1b:79:13:
         4c:37:aa:b2:41:83:38:be:24:66:8f:63:ff:c5:09:1e:e0:00:
         20:6b:c1:4d:66:64:3d:f0:9a:7a:de:5f:ec:36:10:f9:a8:d0:
         62:79:12:28
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlU6q+cBWH+HbgkPqzWU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzI1YjlmOTA0MDY1M2QzMzFmYjQwYTZjNzE5MjE0OGJkMTQ4YTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOYdERy2ePCH8csv0bxMHmhevZfm
DzlS0zOqi2PSl9dL5dqCx9csvaaX+4uHCaB80u5NfZHeJJ0QMWH2JNxISd7spEQZ
8ETzkcxKsRnnJQ95k2/buk+NGYYgrFF1VGvkOIZYYw9z4QmkflDSsfBkwH5zQIqo
E2SPEL7xO7hGGt6rNjX1xiqTAVlmWCvLP9tgdZLjyWhCmZ5PxzAMTmBhI4JJkL75
MzxpLljzJiExL/f/arwROBKz+X5qeEZoTyLc4hv7NduOZw5fkSdCw4iRzpO7qT62
wJpuXdaE4gKyP/qIrYW/0ara1UoChH8E+hd1Gp7is8vzuiUx/y/qBMEItQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOwlufkEBlPTMftApscZIUi9FIpAMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzdDVzUtUVFHVTlNeC0wQ214eGtoU0wwVWlrQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFZJ3gw
DQYJKoZIhvcNAQELBQADggEBAFDIQHCVLVZSQVgtVHBqs1Ugdi28n0BlxYdDBLwZ
IipXk0AtWlzyb97Sx9b8xTHYsPw1LMRpzty54F6vz2JTQeJjHE8/sWNVv3mH9Edp
CxcSPJmyiRavTW0cUIdts+zfIBrTDPYrMvHQYuB/9UYTaI8R0xu8lRcgWYd7Y8LU
LMGnQxhc8DlrCO6t9xXxAmBGYLemxwUg+xSCSgpNnP3kI6+XfBmF3kPPdVBQ/tI3
JyQUZ5qKDzHwUCRRkSWZSYBszBFcp7PlSlNtzprdI4ecG/Qum2TgRxt5E0w3qrJB
gzi+JGaPY//FCR7gACBrwU1mZD3wmnreX+w2EPmo0GJ5Eig=
-----END CERTIFICATE-----