Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/dpfO8kmH7XVzleMe_wkUuIRVWy0.roa
File:                     dpfO8kmH7XVzleMe_wkUuIRVWy0.roa (raw, json)
Hash identifier:          uPSIPfsJ117Jgf0DJdfjT4DifVQ0xpGdmtSuae+Hbn4=
Subject key identifier:   76:97:CE:F2:49:87:ED:75:73:95:E3:1E:FF:09:14:B8:84:55:5B:2D
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01942068772F2EBE737918653A3A0D7FE496
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/dpfO8kmH7XVzleMe_wkUuIRVWy0.roa
Signing time:             Wed 01 Jan 2025 05:48:24 +0000
ROA not before:           Wed 01 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212669
IP address blocks:        89.23.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 09:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:77:2f:2e:be:73:79:18:65:3a:3a:0d:7f:e4:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7697cef24987ed757395e31eff0914b884555b2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:bf:1a:6e:bd:a3:c0:96:75:8a:cc:c9:ef:c6:
                    f7:8f:70:a7:cf:3e:cc:a6:d4:4e:a0:8b:31:4a:57:
                    42:c2:ad:80:31:ba:ae:a4:82:ec:95:c1:62:9d:1f:
                    d7:83:b4:b3:b3:fb:04:a1:0a:4b:46:dc:0f:7e:12:
                    b6:23:52:72:08:2f:f5:21:75:df:e8:4a:7d:91:bf:
                    14:ba:ef:08:2e:c2:1a:3d:fb:9b:09:92:19:9b:02:
                    53:22:e0:3e:0d:13:a0:e8:5c:df:38:af:c0:8f:30:
                    eb:d7:c7:d9:93:db:5a:4f:e3:fa:90:17:3c:5d:07:
                    90:c7:83:d2:55:10:68:d2:6b:4e:cf:55:cf:e8:30:
                    0d:ca:32:13:73:43:1f:df:fc:70:fc:e2:d6:cd:e5:
                    b6:97:a6:c7:dd:10:e2:e7:26:39:40:39:c6:33:36:
                    57:21:35:d6:83:33:85:00:0a:ca:f6:e0:ba:e0:d7:
                    37:c3:35:eb:e2:fe:93:f7:66:47:38:b3:e5:06:30:
                    db:56:26:2c:3a:10:99:79:5b:23:0a:1a:73:87:6d:
                    3c:71:4d:f4:47:83:7d:eb:66:af:b3:69:60:3f:b1:
                    d7:bd:9e:10:e0:11:da:0b:83:ca:5b:c2:21:66:a9:
                    a3:ab:c9:96:70:fe:82:cc:40:7e:3d:cf:25:cb:e5:
                    9c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:97:CE:F2:49:87:ED:75:73:95:E3:1E:FF:09:14:B8:84:55:5B:2D
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/dpfO8kmH7XVzleMe_wkUuIRVWy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:ba:24:f1:7c:e4:73:78:89:9c:b7:29:45:c7:a5:a5:d7:41:
         06:e6:c9:b5:1e:d5:94:3f:f7:54:dc:4f:c5:cb:a9:e1:c6:46:
         76:3e:c4:f9:30:7b:ae:09:95:f1:d0:45:10:8d:ac:bd:b2:5b:
         fa:09:25:4b:c2:ab:f6:59:4d:7f:a2:70:09:44:02:25:ad:e8:
         86:93:2a:02:34:74:aa:20:a9:39:40:ce:84:ad:71:08:a9:56:
         36:01:cf:4d:24:e0:ea:10:e3:3f:0a:24:09:cc:c2:ca:ac:47:
         91:7f:25:a4:48:83:e2:37:84:ab:76:df:11:e5:cd:19:50:7c:
         9d:27:4e:a4:2c:e3:a1:f3:64:a4:c5:7f:bb:cc:30:a0:14:48:
         80:3d:02:02:57:8f:3a:e6:ea:97:19:1a:2f:78:5b:44:75:15:
         29:05:3b:80:dc:20:dd:ac:07:84:db:54:2f:ca:9b:49:f9:cc:
         0c:e9:44:d5:7c:d0:d1:01:9f:58:95:e6:24:27:a3:23:d3:59:
         13:b7:5b:2f:4f:c1:93:92:ea:45:33:24:5a:c2:2f:46:f8:cc:
         22:e3:b3:2c:8a:68:01:7a:9e:c0:b3:9d:a5:ce:97:ad:f3:9b:
         0d:19:7b:b8:67:1c:c7:9b:52:df:a5:41:b9:ca:2a:7e:13:09:
         8c:56:45:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaHcvLr5zeRhlOjoNf+SWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njk3Y2VmMjQ5ODdlZDc1NzM5NWUzMWVmZjA5MTRiODg0NTU1YjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3b8abr2jwJZ1iszJ78b3j3Cnzz7M
ptROoIsxSldCwq2AMbqupILslcFinR/Xg7Szs/sEoQpLRtwPfhK2I1JyCC/1IXXf
6Ep9kb8Uuu8ILsIaPfubCZIZmwJTIuA+DROg6FzfOK/AjzDr18fZk9taT+P6kBc8
XQeQx4PSVRBo0mtOz1XP6DANyjITc0Mf3/xw/OLWzeW2l6bH3RDi5yY5QDnGMzZX
ITXWgzOFAArK9uC64Nc3wzXr4v6T92ZHOLPlBjDbViYsOhCZeVsjChpzh208cU30
R4N962avs2lgP7HXvZ4Q4BHaC4PKW8IhZqmjq8mWcP6CzEB+Pc8ly+WctQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaXzvJJh+11c5XjHv8JFLiEVVstMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvZHBmTzhrbUg3WFZ6bGVNZV93a1V1SVJWV3kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdMMA0G
CSqGSIb3DQEBCwUAA4IBAQBjuiTxfORzeImctylFx6Wl10EG5sm1HtWUP/dU3E/F
y6nhxkZ2PsT5MHuuCZXx0EUQjay9slv6CSVLwqv2WU1/onAJRAIlreiGkyoCNHSq
IKk5QM6ErXEIqVY2Ac9NJODqEOM/CiQJzMLKrEeRfyWkSIPiN4Srdt8R5c0ZUHyd
J06kLOOh82SkxX+7zDCgFEiAPQICV4865uqXGRoveFtEdRUpBTuA3CDdrAeE21Qv
yptJ+cwM6UTVfNDRAZ9YleYkJ6Mj01kTt1svT8GTkupFMyRawi9G+Mwi47MsimgB
ep7As52lzpet85sNGXu4ZxzHm1LfpUG5yip+EwmMVkUa
-----END CERTIFICATE-----