Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/t5YmhSpQh7hJVJ9rbPKosrK995g.roa
File:                     t5YmhSpQh7hJVJ9rbPKosrK995g.roa (raw, json)
Hash identifier:          46VBCXnM3N7gfr2V6b7t3B2sNT8I6Oa9hSbR5q+FAqY=
Subject key identifier:   B7:96:26:85:2A:50:87:B8:49:54:9F:6B:6C:F2:A8:B2:B2:BD:F7:98
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       0194A6EEAB13A25A7DB77318683D53995818
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/t5YmhSpQh7hJVJ9rbPKosrK995g.roa
Signing time:             Mon 27 Jan 2025 08:44:06 +0000
ROA not before:           Mon 27 Jan 2025 08:44:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        89.23.80.0/24 maxlen: 24
                          89.23.81.0/24 maxlen: 24
                          89.23.87.0/24 maxlen: 24
                          89.23.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a6:ee:ab:13:a2:5a:7d:b7:73:18:68:3d:53:99:58:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan 27 08:44:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b79626852a5087b849549f6b6cf2a8b2b2bdf798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:30:a6:04:eb:68:42:c1:66:c3:58:fa:9b:33:
                    23:e7:54:7e:54:db:ec:fb:82:dd:7f:1f:2d:1c:97:
                    93:a2:65:a3:2b:9f:c8:3d:af:82:83:e7:23:ce:00:
                    53:f6:84:69:2a:31:54:36:68:8e:99:a1:d0:f1:4c:
                    2c:e5:b1:e1:1e:bc:79:e6:5a:0c:68:bd:fe:73:fd:
                    5b:16:8f:0c:d5:86:81:f6:3e:30:df:6c:b6:25:ff:
                    eb:09:a2:11:10:1a:fe:20:96:a3:ef:e5:0e:64:9d:
                    a7:01:0a:7a:a5:32:41:27:32:f3:ad:84:32:4b:58:
                    4f:ca:5c:01:63:d0:75:8d:c0:14:df:a7:62:a9:69:
                    82:25:f9:96:02:d2:c3:31:fe:6d:d6:26:76:24:dd:
                    00:17:90:b0:bb:18:b9:bc:3e:09:84:18:8b:38:c2:
                    c1:26:f2:5e:88:4d:8b:a3:0f:95:e5:a4:2c:82:fa:
                    90:95:80:5d:4c:97:20:8a:b9:70:d9:0a:51:2a:6a:
                    a0:39:30:ec:c5:73:1c:ee:0b:53:57:91:bf:4f:3f:
                    f2:a2:55:5e:72:d9:35:3b:1e:55:b9:6e:f0:03:7f:
                    29:12:ce:c0:a7:6c:9f:3d:88:9d:54:cf:7e:11:10:
                    b8:7e:1f:da:f0:5d:29:40:e8:e9:82:29:ff:55:0a:
                    af:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:96:26:85:2A:50:87:B8:49:54:9F:6B:6C:F2:A8:B2:B2:BD:F7:98
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/t5YmhSpQh7hJVJ9rbPKosrK995g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.80.0/23
                  89.23.87.0/24
                  89.23.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:71:74:d2:b4:1d:97:ac:f6:60:00:7a:57:8a:a8:6e:1e:6b:
         60:49:46:dc:e6:cd:08:be:cf:0a:5d:6b:8f:9b:1f:55:11:68:
         03:3b:58:a1:f6:b6:9b:9a:d9:fc:31:92:98:29:85:b4:5a:0b:
         e0:e4:bd:9d:34:8a:36:90:8c:d2:cc:e1:1c:c5:83:6d:54:d3:
         8c:a9:9c:02:c2:b1:25:15:2b:66:c3:a4:04:92:e9:b2:47:d4:
         2a:59:3c:d4:24:86:2a:4f:ab:80:e1:c3:0d:9f:e3:3b:86:af:
         8d:92:64:b8:c1:7b:25:e6:fe:40:a0:a3:28:8a:2d:54:35:e4:
         e3:a8:75:dc:95:83:b2:2a:de:69:46:23:af:13:c3:c0:73:69:
         30:05:89:56:71:90:fb:d2:97:b3:9f:55:db:63:9a:5c:7e:53:
         89:ad:2b:0f:0d:48:80:55:f0:94:46:5a:43:30:07:2f:53:f0:
         b7:13:a3:17:88:b0:bd:1a:e4:f2:6b:79:68:7d:74:39:4c:e6:
         74:f3:7f:15:3c:cf:91:21:e1:ad:e4:9d:52:1e:b7:54:e9:e5:
         bd:0b:2a:ab:a1:6b:25:09:6e:c8:6b:5d:ae:7a:06:d4:dc:8b:
         35:d9:5c:1d:d8:60:eb:6b:08:34:42:11:c2:c6:8a:d5:38:c7:
         34:a8:ac:3b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZSm7qsTolp9t3MYaD1TmVgYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwMTI3MDg0NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzk2MjY4NTJhNTA4N2I4NDk1NDlmNmI2Y2YyYThiMmIyYmRmNzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjCmBOtoQsFmw1j6mzMj51R+VNvs
+4Ldfx8tHJeTomWjK5/IPa+Cg+cjzgBT9oRpKjFUNmiOmaHQ8Uws5bHhHrx55loM
aL3+c/1bFo8M1YaB9j4w32y2Jf/rCaIREBr+IJaj7+UOZJ2nAQp6pTJBJzLzrYQy
S1hPylwBY9B1jcAU36diqWmCJfmWAtLDMf5t1iZ2JN0AF5Cwuxi5vD4JhBiLOMLB
JvJeiE2Low+V5aQsgvqQlYBdTJcgirlw2QpRKmqgOTDsxXMc7gtTV5G/Tz/yolVe
ctk1Ox5VuW7wA38pEs7Ap2yfPYidVM9+ERC4fh/a8F0pQOjpgin/VQqvnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLeWJoUqUIe4SVSfa2zyqLKyvfeYMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvdDVZbWhTcFFoN2hKVko5cmJQS29zcks5OTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBWRdQAwQA
WRdXAwQAWRdcMA0GCSqGSIb3DQEBCwUAA4IBAQBZcXTStB2XrPZgAHpXiqhuHmtg
SUbc5s0Ivs8KXWuPmx9VEWgDO1ih9rabmtn8MZKYKYW0Wgvg5L2dNIo2kIzSzOEc
xYNtVNOMqZwCwrElFStmw6QEkumyR9QqWTzUJIYqT6uA4cMNn+M7hq+NkmS4wXsl
5v5AoKMoii1UNeTjqHXclYOyKt5pRiOvE8PAc2kwBYlWcZD70pezn1XbY5pcflOJ
rSsPDUiAVfCURlpDMAcvU/C3E6MXiLC9GuTya3lofXQ5TOZ0838VPM+RIeGt5J1S
HrdU6eW9CyqroWslCW7Ia12uegbU3Is12Vwd2GDrawg0QhHCxorVOMc0qKw7
-----END CERTIFICATE-----