Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/P7ur9HsbIkmVlGIFRNNM8-KDxSU.roa
File:                     P7ur9HsbIkmVlGIFRNNM8-KDxSU.roa (raw, json)
Hash identifier:          l81e1+InRaHELRHFcRI2zltUmwGJfA5aBSQpxzFuiro=
Subject key identifier:   3F:BB:AB:F4:7B:1B:22:49:95:94:62:05:44:D3:4C:F3:E2:83:C5:25
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       018CC42494C86B98CF8CD17B3883238A44C3
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/P7ur9HsbIkmVlGIFRNNM8-KDxSU.roa
Signing time:             Mon 01 Jan 2024 08:29:40 +0000
ROA not before:           Mon 01 Jan 2024 08:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        89.23.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:94:c8:6b:98:cf:8c:d1:7b:38:83:23:8a:44:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 08:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fbbabf47b1b22499594620544d34cf3e283c525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:71:d7:16:84:78:0c:df:88:d6:be:77:97:5a:
                    91:c0:18:71:b2:32:48:81:be:e0:54:e2:78:b1:7a:
                    dd:e7:23:e5:48:29:1a:bf:11:55:23:0e:75:db:56:
                    a7:8a:24:5e:09:70:2d:4d:e8:64:55:94:55:62:68:
                    01:4c:e3:f6:b9:ed:f8:b2:2a:4d:be:06:f8:32:ce:
                    44:c2:d6:a6:f7:cd:de:1b:de:8b:5c:57:23:9f:cf:
                    fa:1e:b9:6d:3e:71:a6:03:87:1f:5a:b4:fd:12:b2:
                    79:34:10:ef:0c:27:9d:5e:24:68:2d:f4:80:ae:ef:
                    fc:8b:81:1e:71:30:a0:a2:66:a2:04:f9:a7:51:6e:
                    dd:e1:5e:fc:cf:8e:01:67:be:82:f6:a4:e5:98:cb:
                    86:99:79:eb:b4:d0:3c:00:b3:2a:52:da:0e:2f:ef:
                    57:57:32:1a:3e:70:78:e7:ad:89:00:3e:f0:28:f0:
                    b7:7c:f9:b9:8d:4c:6d:ea:57:5c:ff:ad:a7:55:93:
                    42:47:3d:25:22:97:90:e8:da:44:47:07:24:94:b5:
                    db:8f:90:cd:e3:f6:9c:d4:40:86:21:eb:4d:cc:e9:
                    66:c1:ad:4e:3f:1a:83:2e:40:74:a7:75:06:9d:6d:
                    9e:d3:12:98:13:ed:ba:fa:ba:ea:ac:35:c2:5f:51:
                    95:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:BB:AB:F4:7B:1B:22:49:95:94:62:05:44:D3:4C:F3:E2:83:C5:25
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/P7ur9HsbIkmVlGIFRNNM8-KDxSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:fd:51:19:9e:fb:2a:70:95:d1:ca:41:b6:28:d5:30:79:b4:
         b0:ca:39:a7:38:78:cc:69:cc:5b:a0:dc:7f:de:15:65:ca:9b:
         df:70:95:a1:16:bf:22:51:f5:d5:95:62:ff:94:86:cb:72:eb:
         1d:8f:17:89:15:c5:44:c2:6d:8c:0f:ef:86:fd:06:16:c1:0f:
         43:74:d5:22:1c:20:b5:46:de:ff:83:5b:98:50:3f:74:c2:f8:
         ac:8b:36:86:d4:e4:3c:fb:d8:d2:72:e7:ca:db:cb:ed:3a:2b:
         10:5a:4c:34:e4:27:60:c2:86:5b:47:65:2d:fe:77:62:10:24:
         0a:cb:45:b0:43:b8:71:d2:93:8c:e4:ee:b1:a3:dd:20:f0:3f:
         53:06:14:7a:4a:50:37:66:b7:0e:3e:cb:06:be:4b:5e:e2:33:
         b2:47:04:80:05:c6:6e:cb:dc:9b:fc:20:1f:bc:53:62:3e:14:
         90:58:d1:76:2e:48:dc:ac:28:06:c7:14:d2:a0:7e:35:83:c3:
         1e:51:4d:7f:dd:c8:22:26:12:ed:ef:75:3f:05:e2:a7:ae:cd:
         87:cb:e6:7a:26:19:1c:9e:fc:ff:d0:ea:70:ac:4f:22:46:ee:
         7e:da:e0:f9:00:ff:cf:d4:9e:8c:d9:8f:c1:b4:27:47:fe:c4:
         e6:f4:2f:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJJTIa5jPjNF7OIMjikTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjQwMTAxMDgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmJiYWJmNDdiMWIyMjQ5OTU5NDYyMDU0NGQzNGNmM2UyODNjNTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXHXFoR4DN+I1r53l1qRwBhxsjJI
gb7gVOJ4sXrd5yPlSCkavxFVIw5121aniiReCXAtTehkVZRVYmgBTOP2ue34sipN
vgb4Ms5Ewtam983eG96LXFcjn8/6HrltPnGmA4cfWrT9ErJ5NBDvDCedXiRoLfSA
ru/8i4EecTCgomaiBPmnUW7d4V78z44BZ76C9qTlmMuGmXnrtNA8ALMqUtoOL+9X
VzIaPnB4562JAD7wKPC3fPm5jUxt6ldc/62nVZNCRz0lIpeQ6NpERwcklLXbj5DN
4/ac1ECGIetNzOlmwa1OPxqDLkB0p3UGnW2e0xKYE+26+rrqrDXCX1GVUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+7q/R7GyJJlZRiBUTTTPPig8UlMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvUDd1cjlIc2JJa21WbEdJRlJOTk04LUtEeFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdMMA0G
CSqGSIb3DQEBCwUAA4IBAQB9/VEZnvsqcJXRykG2KNUwebSwyjmnOHjMacxboNx/
3hVlypvfcJWhFr8iUfXVlWL/lIbLcusdjxeJFcVEwm2MD++G/QYWwQ9DdNUiHCC1
Rt7/g1uYUD90wvisizaG1OQ8+9jScufK28vtOisQWkw05CdgwoZbR2Ut/ndiECQK
y0WwQ7hx0pOM5O6xo90g8D9TBhR6SlA3ZrcOPssGvkte4jOyRwSABcZuy9yb/CAf
vFNiPhSQWNF2LkjcrCgGxxTSoH41g8MeUU1/3cgiJhLt73U/BeKnrs2Hy+Z6Jhkc
nvz/0OpwrE8iRu5+2uD5AP/P1J6M2Y/BtCdH/sTm9C+M
-----END CERTIFICATE-----