Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/juN5scO2Se5ibgJWhuefFYhuow8.roa
File:                     juN5scO2Se5ibgJWhuefFYhuow8.roa (raw, json)
Hash identifier:          7FUVxUG+oCbfQXWhPZm065agLV2zBdGhwYNN6FPH3LM=
Subject key identifier:   8E:E3:79:B1:C3:B6:49:EE:62:6E:02:56:86:E7:9F:15:88:6E:A3:0F
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019420687281E05816B9904E002033DE56E2
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/juN5scO2Se5ibgJWhuefFYhuow8.roa
Signing time:             Wed 01 Jan 2025 05:48:23 +0000
ROA not before:           Wed 01 Jan 2025 05:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        89.23.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:72:81:e0:58:16:b9:90:4e:00:20:33:de:56:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 05:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ee379b1c3b649ee626e025686e79f15886ea30f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2e:63:d6:77:12:55:64:17:bb:91:1c:7a:50:
                    72:7b:a2:55:3d:89:d4:c4:fd:bf:3f:34:d9:06:c0:
                    c6:b1:36:a4:7d:57:e3:bd:9b:ff:d5:f3:59:56:f0:
                    23:30:45:c7:ee:60:5c:a5:24:41:ea:01:c4:c1:71:
                    c5:ae:90:f7:70:0e:60:83:63:19:eb:04:30:1c:1c:
                    e4:79:70:8b:b4:3c:5d:d0:16:76:b1:77:f8:e8:42:
                    4e:32:c9:2c:21:93:05:46:ba:0d:5f:9c:29:16:76:
                    03:76:41:86:f5:9d:1d:60:db:fb:47:ba:4c:50:17:
                    0f:c6:e9:54:45:ce:ca:c3:5d:6e:b2:bf:2a:b1:ff:
                    eb:65:24:52:b4:b2:cc:94:31:6d:bf:c2:06:be:89:
                    19:2c:91:97:76:e1:37:a5:2c:2f:f7:4b:22:13:d9:
                    2e:a6:11:da:d7:11:34:26:53:66:1c:ee:59:82:ae:
                    50:6e:08:b1:c0:ce:6f:71:08:14:18:be:d0:24:98:
                    0a:35:b5:5d:93:94:fe:d8:03:e0:fa:aa:ca:1b:60:
                    3d:99:07:6a:7b:b9:a2:06:2b:2a:88:8a:ec:64:fb:
                    79:0a:7f:a8:bf:f9:05:f9:8e:67:53:b0:8b:80:64:
                    7e:f5:77:59:1b:d0:58:0d:5a:0a:ca:77:af:ea:df:
                    d9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E3:79:B1:C3:B6:49:EE:62:6E:02:56:86:E7:9F:15:88:6E:A3:0F
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/juN5scO2Se5ibgJWhuefFYhuow8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:dc:fc:13:b3:f3:50:9e:e8:94:c1:c9:01:7e:73:86:7e:8e:
         9a:37:1d:c3:e1:96:0e:7f:e0:69:86:41:4f:2f:a4:84:50:e1:
         c0:56:ef:75:b6:34:bd:bf:c2:db:c6:ca:9a:7e:23:01:fc:07:
         d0:5c:ac:9a:0c:53:c2:cb:57:29:bf:ef:32:a5:6e:4f:58:80:
         57:0c:8c:9f:3d:3e:c3:10:c2:37:7d:4b:4d:37:48:62:f3:e5:
         1d:1f:d7:bc:ae:1a:6f:d9:00:46:dd:f1:fc:8c:e2:52:98:81:
         47:93:d7:fa:f1:aa:6c:ec:8c:5f:e9:e2:55:8f:c9:e0:8c:d7:
         b3:f7:ca:6a:76:fc:31:90:e2:73:f7:5e:97:f1:4c:1c:3f:94:
         be:cb:eb:9e:fb:cf:e3:16:71:e0:1c:2b:8f:95:1a:e3:01:c9:
         66:45:b3:5b:30:2b:47:49:d2:98:05:e6:ea:d8:71:a4:0f:bd:
         74:7e:e7:d1:35:9b:0f:da:e4:7b:88:95:d2:dd:30:5e:29:ba:
         2a:99:36:bb:c7:91:93:83:55:9d:cc:72:35:7d:0b:d6:30:13:
         d1:c5:6b:e5:1f:72:e3:a2:22:7d:4f:43:6f:ed:70:e2:56:47:
         7c:f4:79:73:ba:4f:64:8d:2a:9a:81:fc:7f:4f:5a:73:db:30:
         79:9e:94:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaHKB4FgWuZBOACAz3lbiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwMTAxMDU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWUzNzliMWMzYjY0OWVlNjI2ZTAyNTY4NmU3OWYxNTg4NmVhMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry5j1ncSVWQXu5EcelBye6JVPYnU
xP2/PzTZBsDGsTakfVfjvZv/1fNZVvAjMEXH7mBcpSRB6gHEwXHFrpD3cA5gg2MZ
6wQwHBzkeXCLtDxd0BZ2sXf46EJOMsksIZMFRroNX5wpFnYDdkGG9Z0dYNv7R7pM
UBcPxulURc7Kw11usr8qsf/rZSRStLLMlDFtv8IGvokZLJGXduE3pSwv90siE9ku
phHa1xE0JlNmHO5Zgq5QbgixwM5vcQgUGL7QJJgKNbVdk5T+2APg+qrKG2A9mQdq
e7miBisqiIrsZPt5Cn+ov/kF+Y5nU7CLgGR+9XdZG9BYDVoKynev6t/ZUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7jebHDtknuYm4CVobnnxWIbqMPMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvanVONXNjTzJTZTVpYmdKV2h1ZWZGWWh1b3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdSMA0G
CSqGSIb3DQEBCwUAA4IBAQBL3PwTs/NQnuiUwckBfnOGfo6aNx3D4ZYOf+BphkFP
L6SEUOHAVu91tjS9v8LbxsqafiMB/AfQXKyaDFPCy1cpv+8ypW5PWIBXDIyfPT7D
EMI3fUtNN0hi8+UdH9e8rhpv2QBG3fH8jOJSmIFHk9f68aps7Ixf6eJVj8ngjNez
98pqdvwxkOJz916X8UwcP5S+y+ue+8/jFnHgHCuPlRrjAclmRbNbMCtHSdKYBebq
2HGkD710fufRNZsP2uR7iJXS3TBeKboqmTa7x5GTg1WdzHI1fQvWMBPRxWvlH3Lj
oiJ9T0Nv7XDiVkd89Hlzuk9kjSqagfx/T1pz2zB5npRh
-----END CERTIFICATE-----