Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/aBvNqbFcye0cedLBmvVY6phYUjA.roa
File:                     aBvNqbFcye0cedLBmvVY6phYUjA.roa (raw, json)
Hash identifier:          NuV70ibXg+FxXWb3tKkanDbaEJAkw6l6oFKMZs5z0xI=
Subject key identifier:   68:1B:CD:A9:B1:5C:C9:ED:1C:79:D2:C1:9A:F5:58:EA:98:58:52:30
Certificate issuer:       /CN=ef7cca8aa3f178b999a46e5ff4fa7daf9f9f2e6f
Certificate serial:       018CC50052437C9664C90881DFF4B6C756F9
Authority key identifier: EF:7C:CA:8A:A3:F1:78:B9:99:A4:6E:5F:F4:FA:7D:AF:9F:9F:2E:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73zKiqPxeLmZpG5f9Pp9r5-fLm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/aBvNqbFcye0cedLBmvVY6phYUjA.roa
Signing time:             Mon 01 Jan 2024 12:29:41 +0000
ROA not before:           Mon 01 Jan 2024 12:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        89.251.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/73zKiqPxeLmZpG5f9Pp9r5-fLm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/73zKiqPxeLmZpG5f9Pp9r5-fLm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73zKiqPxeLmZpG5f9Pp9r5-fLm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:52:43:7c:96:64:c9:08:81:df:f4:b6:c7:56:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7cca8aa3f178b999a46e5ff4fa7daf9f9f2e6f
        Validity
            Not Before: Jan  1 12:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=681bcda9b15cc9ed1c79d2c19af558ea98585230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:55:5e:68:21:b2:6d:8d:e0:c3:a7:1b:3e:0a:
                    2e:25:a7:93:06:d8:39:6b:64:e1:f8:1d:1e:1a:ba:
                    4c:a6:d8:a7:4f:35:2d:33:e4:46:9f:3d:26:0d:06:
                    c6:e1:57:02:00:df:6a:80:65:11:1e:58:bc:4e:63:
                    50:72:35:ac:45:c4:31:cb:ee:aa:7e:4d:97:07:eb:
                    91:01:38:8a:14:8f:d0:a0:6e:d7:61:40:ac:96:6c:
                    c1:15:b6:1e:80:7b:f9:ba:5e:a2:3c:2e:11:a8:9b:
                    ac:88:8c:1a:1e:77:5a:f5:a8:c6:8f:f7:e8:1f:67:
                    88:e1:de:4f:40:d0:4c:08:66:78:5f:b0:ee:44:7d:
                    b7:75:d4:da:f6:1e:c7:12:ba:48:83:a4:5e:a9:28:
                    8f:b8:92:60:c7:32:f3:5b:4a:0c:27:bc:c4:c7:07:
                    2f:28:d1:a6:55:1d:14:a1:0c:ec:33:e4:fc:f8:fc:
                    ef:80:66:36:b5:e6:08:30:a8:db:98:49:62:7b:30:
                    8a:1d:8a:a9:e3:9a:f0:03:de:84:eb:01:3f:b0:56:
                    bb:9e:64:64:d4:19:b3:a8:4b:cc:80:54:53:e3:a7:
                    42:c7:1a:94:30:2e:a4:e1:ac:46:d4:d0:07:ca:d5:
                    f3:93:bc:ab:a9:7b:35:b8:50:97:7d:9b:39:79:dc:
                    a0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:1B:CD:A9:B1:5C:C9:ED:1C:79:D2:C1:9A:F5:58:EA:98:58:52:30
            X509v3 Authority Key Identifier:
                keyid:EF:7C:CA:8A:A3:F1:78:B9:99:A4:6E:5F:F4:FA:7D:AF:9F:9F:2E:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73zKiqPxeLmZpG5f9Pp9r5-fLm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/aBvNqbFcye0cedLBmvVY6phYUjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/73zKiqPxeLmZpG5f9Pp9r5-fLm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:e2:f9:c8:3a:4b:28:59:85:cc:d8:72:18:54:83:89:bf:a0:
         ed:49:d5:fe:a8:05:ed:d0:e5:46:dd:2b:44:03:2b:51:7b:d3:
         9d:96:71:e6:3e:4a:d7:09:3e:4e:87:15:63:35:86:7e:d8:4c:
         69:fd:1c:72:d2:cc:56:8c:ff:ec:74:9c:3f:00:6b:88:78:a6:
         d5:91:86:f8:5a:12:37:81:f2:26:8b:05:4e:cb:11:69:81:af:
         5d:d1:8c:e4:cd:a5:2c:bf:f9:74:e5:93:0a:45:a7:e7:2f:ed:
         f2:f8:04:47:12:ad:20:d8:24:6b:07:b6:61:45:32:c2:fc:44:
         d2:ce:ff:79:ed:90:25:a5:73:d4:6e:cb:c5:84:de:2c:d3:a1:
         1c:0e:fd:a1:0a:7d:4f:87:3e:6b:a8:bf:d5:c9:3e:98:1e:17:
         e1:8f:31:65:d1:73:a6:ce:fa:58:93:95:bf:23:e9:cf:fa:98:
         1f:c5:4b:f2:18:a1:db:6a:99:f8:f8:a6:7b:56:b6:a1:1d:06:
         9b:e1:2d:bb:a1:b8:3a:1e:7f:4b:09:86:05:19:74:25:2d:41:
         e0:f6:11:be:59:b9:72:9b:06:8f:f4:50:9d:e8:a3:81:d9:4a:
         26:2a:9f:b6:dd:0f:41:20:fb:d2:39:e8:8a:b6:6c:11:20:56:
         ea:02:12:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFJDfJZkyQiB3/S2x1b5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2NjYThhYTNmMTc4Yjk5OWE0NmU1ZmY0ZmE3ZGFmOWY5
ZjJlNmYwHhcNMjQwMTAxMTIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODFiY2RhOWIxNWNjOWVkMWM3OWQyYzE5YWY1NThlYTk4NTg1MjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVVeaCGybY3gw6cbPgouJaeTBtg5
a2Th+B0eGrpMptinTzUtM+RGnz0mDQbG4VcCAN9qgGURHli8TmNQcjWsRcQxy+6q
fk2XB+uRATiKFI/QoG7XYUCslmzBFbYegHv5ul6iPC4RqJusiIwaHnda9ajGj/fo
H2eI4d5PQNBMCGZ4X7DuRH23ddTa9h7HErpIg6ReqSiPuJJgxzLzW0oMJ7zExwcv
KNGmVR0UoQzsM+T8+PzvgGY2teYIMKjbmEliezCKHYqp45rwA96E6wE/sFa7nmRk
1BmzqEvMgFRT46dCxxqUMC6k4axG1NAHytXzk7yrqXs1uFCXfZs5edygjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgbzamxXMntHHnSwZr1WOqYWFIwMB8GA1UdIwQY
MBaAFO98yoqj8Xi5maRuX/T6fa+fny5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzN6S2lxUHhlTG1acEc1ZjlQcDlyNS1mTG04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8zNmQ2NDItNTY0My00NTRmLWI1YzAt
OTkwNzc3YzM1N2UzLzEvYUJ2TnFiRmN5ZTBjZWRMQm12Vlk2cGhZVWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8zNmQ2NDItNTY0My00NTRmLWI1YzAtOTkwNzc3YzM1N2Uz
LzEvNzN6S2lxUHhlTG1acEc1ZjlQcDlyNS1mTG04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWfsMMA0G
CSqGSIb3DQEBCwUAA4IBAQB24vnIOksoWYXM2HIYVIOJv6DtSdX+qAXt0OVG3StE
AytRe9OdlnHmPkrXCT5OhxVjNYZ+2Exp/Rxy0sxWjP/sdJw/AGuIeKbVkYb4WhI3
gfImiwVOyxFpga9d0YzkzaUsv/l05ZMKRafnL+3y+ARHEq0g2CRrB7ZhRTLC/ETS
zv957ZAlpXPUbsvFhN4s06EcDv2hCn1Phz5rqL/VyT6YHhfhjzFl0XOmzvpYk5W/
I+nP+pgfxUvyGKHbapn4+KZ7VrahHQab4S27obg6Hn9LCYYFGXQlLUHg9hG+Wbly
mwaP9FCd6KOB2UomKp+23Q9BIPvSOeiKtmwRIFbqAhLK
-----END CERTIFICATE-----