Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/B7FfGr4PsyTQ90LgGo66ojBNpI8.roa
File:                     B7FfGr4PsyTQ90LgGo66ojBNpI8.roa (raw, json)
Hash identifier:          LcPcaC5J4EjX9Uy9Vj7DgAgI9o4eOyA8xgMigpVuVY0=
Subject key identifier:   07:B1:5F:1A:BE:0F:B3:24:D0:F7:42:E0:1A:8E:BA:A2:30:4D:A4:8F
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       018CC3B6956E088386D36F0A76DE5DD6126D
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/B7FfGr4PsyTQ90LgGo66ojBNpI8.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48671
IP address blocks:        89.38.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:95:6e:08:83:86:d3:6f:0a:76:de:5d:d6:12:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07b15f1abe0fb324d0f742e01a8ebaa2304da48f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6c:73:07:9d:d5:34:29:36:bb:9e:29:ef:8b:
                    0c:d7:f7:c5:3d:eb:9d:a5:02:d2:a9:b7:3d:b0:53:
                    0d:11:3e:0c:cd:9b:0e:84:9f:65:1f:8e:6b:93:61:
                    ac:94:5d:8c:07:ee:02:7b:63:2a:9d:1a:32:b4:b2:
                    46:df:b8:26:40:b1:91:2c:d4:2c:94:62:1d:27:29:
                    d9:25:93:1c:2a:bc:12:28:51:27:a0:24:9a:3c:79:
                    2d:94:85:82:0a:34:07:88:52:86:b2:14:0c:56:60:
                    37:1f:0f:e3:44:93:93:f3:4e:a0:49:ce:27:8c:d7:
                    e6:61:ad:54:96:0d:ef:ac:6f:a3:fb:fc:b4:3e:b5:
                    93:6d:8a:1c:33:3f:d1:9d:6f:06:d5:8b:88:fc:47:
                    07:c2:fa:2b:72:3f:72:80:dd:c8:34:77:c4:41:89:
                    f2:d0:a5:ff:f1:48:29:5c:9d:35:12:64:19:d3:20:
                    a3:6a:2e:59:06:9c:22:8b:f7:23:a5:32:88:b5:1e:
                    e3:f8:16:ae:48:33:f7:1e:74:cb:ae:31:6e:d0:83:
                    a4:6e:5e:b1:1c:d5:db:14:73:30:30:28:a7:47:c7:
                    5b:17:5d:6f:5f:db:00:be:e1:99:d4:58:0d:eb:63:
                    80:82:7c:9d:c9:25:0c:7e:40:0c:b1:f4:f6:f0:27:
                    82:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B1:5F:1A:BE:0F:B3:24:D0:F7:42:E0:1A:8E:BA:A2:30:4D:A4:8F
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/B7FfGr4PsyTQ90LgGo66ojBNpI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:16:50:d9:6a:99:e3:17:16:0d:77:ac:1a:21:00:4d:6a:4a:
         b6:96:75:d2:2b:b8:c4:eb:88:ea:3c:9e:d4:60:0d:0d:86:ca:
         e6:3c:60:fb:d3:ee:a4:8a:a8:bc:c7:7e:27:6e:4e:21:e3:57:
         a0:04:0c:cf:65:06:58:ff:b5:0f:ed:d5:ee:9b:27:8e:3b:8a:
         4b:36:1a:cc:64:1c:f3:2c:77:c5:48:28:18:49:bb:49:33:fd:
         7c:c9:36:f4:7b:43:c0:2f:e8:a2:a1:44:4d:9c:39:a4:63:b8:
         54:06:4e:eb:09:58:6c:40:e6:b6:be:9c:9b:fb:b3:46:f5:dc:
         c8:fe:f6:b5:11:92:66:e6:83:6b:cd:1e:83:1d:4a:6b:b3:6e:
         9f:0f:46:a2:69:d7:a6:48:7f:4e:86:36:c9:84:60:6b:33:d7:
         e0:c3:c2:66:5a:4a:0f:b8:d1:57:36:7d:8f:27:21:59:d2:e2:
         e9:3e:b2:eb:56:cc:50:63:b3:69:2c:36:8e:6f:55:26:dd:41:
         83:f3:4b:07:e8:5a:ba:1e:e5:db:ae:78:c9:0c:a7:a6:c1:53:
         a2:5b:f2:8e:da:c4:66:af:5e:39:e9:bb:7e:df:57:ff:cb:15:
         f2:31:77:ee:de:34:8b:74:2f:69:69:46:9b:8a:c9:1f:2a:bf:
         22:0a:4e:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpVuCIOG028Kdt5d1hJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2IxNWYxYWJlMGZiMzI0ZDBmNzQyZTAxYThlYmFhMjMwNGRhNDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmxzB53VNCk2u54p74sM1/fFPeud
pQLSqbc9sFMNET4MzZsOhJ9lH45rk2GslF2MB+4Ce2MqnRoytLJG37gmQLGRLNQs
lGIdJynZJZMcKrwSKFEnoCSaPHktlIWCCjQHiFKGshQMVmA3Hw/jRJOT806gSc4n
jNfmYa1Ulg3vrG+j+/y0PrWTbYocMz/RnW8G1YuI/EcHwvorcj9ygN3INHfEQYny
0KX/8UgpXJ01EmQZ0yCjai5ZBpwii/cjpTKItR7j+BauSDP3HnTLrjFu0IOkbl6x
HNXbFHMwMCinR8dbF11vX9sAvuGZ1FgN62OAgnydySUMfkAMsfT28CeCVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAexXxq+D7Mk0PdC4BqOuqIwTaSPMB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEvQjdGZkdyNFBzeVRROTBMZ0dvNjZvakJOcEk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2MtMTkwM2VkYWZhOGJm
LzEvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSboMA0G
CSqGSIb3DQEBCwUAA4IBAQAeFlDZapnjFxYNd6waIQBNakq2lnXSK7jE64jqPJ7U
YA0NhsrmPGD70+6kiqi8x34nbk4h41egBAzPZQZY/7UP7dXumyeOO4pLNhrMZBzz
LHfFSCgYSbtJM/18yTb0e0PAL+iioURNnDmkY7hUBk7rCVhsQOa2vpyb+7NG9dzI
/va1EZJm5oNrzR6DHUprs26fD0aiademSH9OhjbJhGBrM9fgw8JmWkoPuNFXNn2P
JyFZ0uLpPrLrVsxQY7NpLDaOb1Um3UGD80sH6Fq6HuXbrnjJDKemwVOiW/KO2sRm
r1456bt+31f/yxXyMXfu3jSLdC9paUabiskfKr8iCk59
-----END CERTIFICATE-----