Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/Zj8EiZq6gclwDEg71U7MMe98D5s.roa
File:                     Zj8EiZq6gclwDEg71U7MMe98D5s.roa (raw, json)
Hash identifier:          oQT5tn1Rxq6PhKRO5hDiyA5qVcpG2wrdPPbr9zWp9FY=
Subject key identifier:   66:3F:04:89:9A:BA:81:C9:70:0C:48:3B:D5:4E:CC:31:EF:7C:0F:9B
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       018DC1906571C19DD2DCDC1F7822AABE73D4
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/Zj8EiZq6gclwDEg71U7MMe98D5s.roa
Signing time:             Mon 19 Feb 2024 13:31:22 +0000
ROA not before:           Mon 19 Feb 2024 13:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        89.23.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:90:65:71:c1:9d:d2:dc:dc:1f:78:22:aa:be:73:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Feb 19 13:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=663f04899aba81c9700c483bd54ecc31ef7c0f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2a:21:f3:e1:34:29:39:7f:a3:cd:7b:4a:c6:
                    43:2f:5d:07:75:78:14:b7:72:74:ef:4d:ae:70:8d:
                    9f:a7:f6:87:a0:de:f5:42:9a:f2:1c:8c:46:3e:da:
                    95:fb:0f:7f:9f:90:1e:65:e4:1f:18:7b:72:09:f5:
                    47:a1:e3:59:31:aa:c2:f2:c8:79:81:65:14:1b:9a:
                    63:82:e3:a9:81:c5:70:fa:cb:eb:ad:8b:44:a6:eb:
                    a8:fb:8e:65:9b:b3:35:8e:57:31:c9:f6:f3:f1:25:
                    7b:e5:2e:bd:2a:5f:c4:da:97:e9:a2:1b:c0:bc:42:
                    2c:06:70:b2:03:c6:f6:f8:02:a8:59:6a:77:bb:72:
                    36:ff:2e:94:ae:8e:39:df:58:5e:d2:e4:d7:66:db:
                    66:fb:a0:99:a3:6f:30:fa:41:6f:d2:3c:98:e9:56:
                    7a:ae:49:a7:82:83:07:64:c7:50:a8:94:9f:8f:87:
                    db:cb:64:9d:a0:49:c6:ad:00:42:49:5a:4a:d0:58:
                    e1:73:32:54:aa:08:a7:6f:ec:5b:cc:5d:e5:bd:5b:
                    71:51:09:28:9f:fc:89:d3:fd:20:ea:26:67:3e:68:
                    49:72:ec:53:ec:7a:73:6f:d5:14:ca:aa:81:06:ab:
                    7e:f8:1d:e9:f6:ef:db:a5:87:5d:79:3c:01:04:91:
                    a4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3F:04:89:9A:BA:81:C9:70:0C:48:3B:D5:4E:CC:31:EF:7C:0F:9B
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/Zj8EiZq6gclwDEg71U7MMe98D5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:a2:99:ac:8f:5c:a3:61:77:f8:a7:b1:c0:90:fa:79:6f:dc:
         d4:72:5f:a8:e9:4c:b4:7e:bc:b0:ef:b2:65:cd:5c:26:63:d6:
         5e:50:b0:ef:88:0a:d8:15:b4:37:e5:69:29:7f:73:45:94:c7:
         6a:ff:2d:aa:f7:63:a1:de:4d:19:d6:ba:7d:66:d2:83:49:10:
         18:70:2c:08:bc:87:8f:6f:64:d0:89:e7:37:4e:ea:38:c5:79:
         94:0b:f4:0d:ca:9e:08:ff:ec:00:b9:24:05:34:23:d8:71:c1:
         37:97:fb:1e:44:ff:2e:a6:f5:dc:f3:68:cc:86:07:f5:00:31:
         96:14:5b:c6:87:b3:20:86:54:a5:82:40:d2:3d:8d:43:23:c5:
         c2:49:b3:f2:13:53:eb:c9:55:da:9d:41:d6:25:6b:71:a4:5e:
         f9:9f:fa:db:29:61:21:45:c0:e9:fe:5d:3c:a3:50:43:82:99:
         c7:4a:dd:5c:86:74:df:4e:c4:a4:22:b6:05:4f:63:ca:4b:cf:
         a1:e0:84:ca:64:c2:2d:ac:21:e4:32:bd:a1:cd:d7:1b:0b:c8:
         62:55:27:fa:61:9d:1f:c1:1a:0e:20:d5:73:b8:89:6b:23:3a:
         6c:2d:73:10:38:78:81:a3:b4:25:0e:30:50:46:ff:d9:28:26:
         e5:3e:38:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BkGVxwZ3S3NwfeCKqvnPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjQwMjE5MTMzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjNmMDQ4OTlhYmE4MWM5NzAwYzQ4M2JkNTRlY2MzMWVmN2MwZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSoh8+E0KTl/o817SsZDL10HdXgU
t3J0702ucI2fp/aHoN71QpryHIxGPtqV+w9/n5AeZeQfGHtyCfVHoeNZMarC8sh5
gWUUG5pjguOpgcVw+svrrYtEpuuo+45lm7M1jlcxyfbz8SV75S69Kl/E2pfpohvA
vEIsBnCyA8b2+AKoWWp3u3I2/y6Uro4531he0uTXZttm+6CZo28w+kFv0jyY6VZ6
rkmngoMHZMdQqJSfj4fby2SdoEnGrQBCSVpK0FjhczJUqginb+xbzF3lvVtxUQko
n/yJ0/0g6iZnPmhJcuxT7Hpzb9UUyqqBBqt++B3p9u/bpYddeTwBBJGkcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGY/BImauoHJcAxIO9VOzDHvfA+bMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvWmo4RWlacTZnY2x3REVnNzFVN01NZTk4RDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdSMA0G
CSqGSIb3DQEBCwUAA4IBAQAJopmsj1yjYXf4p7HAkPp5b9zUcl+o6Uy0fryw77Jl
zVwmY9ZeULDviArYFbQ35Wkpf3NFlMdq/y2q92Oh3k0Z1rp9ZtKDSRAYcCwIvIeP
b2TQiec3Tuo4xXmUC/QNyp4I/+wAuSQFNCPYccE3l/seRP8upvXc82jMhgf1ADGW
FFvGh7MghlSlgkDSPY1DI8XCSbPyE1PryVXanUHWJWtxpF75n/rbKWEhRcDp/l08
o1BDgpnHSt1chnTfTsSkIrYFT2PKS8+h4ITKZMItrCHkMr2hzdcbC8hiVSf6YZ0f
wRoOINVzuIlrIzpsLXMQOHiBo7QlDjBQRv/ZKCblPjho
-----END CERTIFICATE-----