Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/eG4EuOEvaqGtgT9xpAJ2SBm_uFk.roa
File:                     eG4EuOEvaqGtgT9xpAJ2SBm_uFk.roa (raw, json)
Hash identifier:          oO5335yZqK2ohVm509pBxw6a6w6ub4sVEqwiM5655m4=
Subject key identifier:   78:6E:04:B8:E1:2F:6A:A1:AD:81:3F:71:A4:02:76:48:19:BF:B8:59
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       018DC19065F2FFB110CB0165C31C4882ED51
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/eG4EuOEvaqGtgT9xpAJ2SBm_uFk.roa
Signing time:             Mon 19 Feb 2024 13:31:22 +0000
ROA not before:           Mon 19 Feb 2024 13:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        89.23.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:90:65:f2:ff:b1:10:cb:01:65:c3:1c:48:82:ed:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Feb 19 13:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=786e04b8e12f6aa1ad813f71a402764819bfb859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:06:11:69:23:f2:8f:b7:1b:1d:df:dd:d0:b3:
                    e2:2c:9b:0c:fd:9a:d8:de:a2:85:d4:32:22:cf:ea:
                    9f:27:ea:d9:73:32:8b:75:5e:01:1b:cc:bb:8c:46:
                    30:69:26:9a:64:46:48:d5:f5:ce:d3:17:c1:ce:a6:
                    5f:b5:73:29:37:9e:79:e8:43:2a:1c:e4:1e:08:40:
                    24:c8:e8:20:40:37:94:7a:95:b6:b3:f0:cb:d6:2e:
                    fa:20:d5:fa:f6:6e:32:4e:43:7f:23:3e:6a:0d:b2:
                    bd:98:4f:1d:aa:7d:99:f0:81:3e:97:b2:43:78:57:
                    ca:e8:c3:19:e8:4e:de:2b:1f:7b:6f:9b:f0:3b:fb:
                    1f:a1:0a:e8:fe:52:2d:40:6b:a8:c3:29:94:bf:f6:
                    86:ac:47:8e:ca:ad:65:0c:2f:49:b8:b3:29:13:47:
                    52:86:7b:94:7e:0c:58:96:13:ca:3d:09:b8:bd:5e:
                    5b:29:3c:3d:59:3b:6b:f7:a6:3d:e0:b4:44:05:db:
                    ce:13:7e:f8:d7:77:12:75:3e:03:ef:04:18:f9:fb:
                    7c:4e:c6:49:be:11:43:95:8d:ec:21:11:b1:63:a7:
                    49:7a:83:3d:51:c7:1e:cf:5d:e1:83:ae:21:23:bd:
                    0d:98:10:76:32:d1:6d:d0:75:7a:06:44:42:0e:c4:
                    53:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:6E:04:B8:E1:2F:6A:A1:AD:81:3F:71:A4:02:76:48:19:BF:B8:59
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/eG4EuOEvaqGtgT9xpAJ2SBm_uFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:61:bb:9c:9a:d3:6f:5d:ae:02:7e:e2:47:59:70:fd:b7:af:
         a6:b1:e0:2f:58:c6:a1:bb:16:70:46:85:d9:45:e8:a5:e5:cb:
         35:33:6b:15:b0:25:1a:a8:46:15:f7:ab:db:0f:ff:3c:a6:f9:
         09:43:b0:7f:9d:ae:75:db:f4:86:b7:6b:ab:72:47:88:76:66:
         17:86:63:74:ff:07:bc:d8:09:2a:61:5d:29:0f:e3:8b:55:32:
         1d:79:20:09:7e:4b:3f:d3:bb:9e:d8:15:ed:04:32:2a:38:d9:
         ea:87:7c:01:34:f9:f6:48:4a:05:a4:bc:37:83:86:31:6d:b8:
         5d:dc:f8:07:79:da:5f:f6:16:33:f9:28:a6:b3:4a:cb:50:a3:
         ac:e8:48:f9:03:15:a2:a7:9e:60:3b:36:f5:01:5b:82:83:b7:
         24:09:e1:23:6b:8c:59:ed:da:b2:07:b9:32:a4:92:f8:be:2b:
         1d:22:af:c6:08:a8:7d:36:ce:d2:10:b4:d0:e2:80:0a:f7:ff:
         f0:9c:48:33:7f:2b:4c:92:3a:67:cd:49:fe:73:09:ae:05:cf:
         1d:09:2e:d7:1e:cd:fe:e4:e1:9e:c0:9c:af:d3:4d:a9:ca:69:
         b7:2a:76:97:e3:0c:f1:7c:e4:d8:39:af:8d:32:df:d3:e3:62:
         9e:03:58:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BkGXy/7EQywFlwxxIgu1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjQwMjE5MTMzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODZlMDRiOGUxMmY2YWExYWQ4MTNmNzFhNDAyNzY0ODE5YmZiODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggYRaSPyj7cbHd/d0LPiLJsM/ZrY
3qKF1DIiz+qfJ+rZczKLdV4BG8y7jEYwaSaaZEZI1fXO0xfBzqZftXMpN5556EMq
HOQeCEAkyOggQDeUepW2s/DL1i76INX69m4yTkN/Iz5qDbK9mE8dqn2Z8IE+l7JD
eFfK6MMZ6E7eKx97b5vwO/sfoQro/lItQGuowymUv/aGrEeOyq1lDC9JuLMpE0dS
hnuUfgxYlhPKPQm4vV5bKTw9WTtr96Y94LREBdvOE37413cSdT4D7wQY+ft8TsZJ
vhFDlY3sIRGxY6dJeoM9Uccez13hg64hI70NmBB2MtFt0HV6BkRCDsRThQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhuBLjhL2qhrYE/caQCdkgZv7hZMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvZUc0RXVPRXZhcUd0Z1Q5eHBBSjJTQm1fdUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdSMA0G
CSqGSIb3DQEBCwUAA4IBAQBuYbucmtNvXa4CfuJHWXD9t6+mseAvWMahuxZwRoXZ
Reil5cs1M2sVsCUaqEYV96vbD/88pvkJQ7B/na512/SGt2urckeIdmYXhmN0/we8
2AkqYV0pD+OLVTIdeSAJfks/07ue2BXtBDIqONnqh3wBNPn2SEoFpLw3g4Yxbbhd
3PgHedpf9hYz+Sims0rLUKOs6Ej5AxWip55gOzb1AVuCg7ckCeEja4xZ7dqyB7ky
pJL4visdIq/GCKh9Ns7SELTQ4oAK9//wnEgzfytMkjpnzUn+cwmuBc8dCS7XHs3+
5OGewJyv002pymm3KnaX4wzxfOTYOa+NMt/T42KeA1hB
-----END CERTIFICATE-----