Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xI1uDcMpUKXrwgsDSL-4ztG3chE.roa
File:                     xI1uDcMpUKXrwgsDSL-4ztG3chE.roa (raw, json)
Hash identifier:          ufGhBq6TYWFg8/IQhCEP7vX1jl7KIbIAuw4PzOua9VM=
Subject key identifier:   C4:8D:6E:0D:C3:29:50:A5:EB:C2:0B:03:48:BF:B8:CE:D1:B7:72:11
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       0192902D77A1727286742C78A8DEA8B9B6F6
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xI1uDcMpUKXrwgsDSL-4ztG3chE.roa
Signing time:             Tue 15 Oct 2024 12:35:51 +0000
ROA not before:           Tue 15 Oct 2024 12:35:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        89.23.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:90:2d:77:a1:72:72:86:74:2c:78:a8:de:a8:b9:b6:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Oct 15 12:35:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c48d6e0dc32950a5ebc20b0348bfb8ced1b77211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4e:02:ad:45:96:93:a4:20:ea:e0:cd:c8:7a:
                    bf:af:20:38:fe:fb:7c:49:ab:bf:e6:3a:58:0a:ef:
                    43:ed:a9:b5:a7:02:c9:8a:87:18:f3:ee:de:4f:7b:
                    82:33:e2:41:05:e2:9e:ad:08:4c:ce:50:30:6b:00:
                    e7:be:1c:3d:fa:36:1d:ed:6a:e0:10:b1:5f:89:90:
                    6e:34:9d:0d:5c:fd:ed:8d:8a:d2:71:d1:cb:3f:89:
                    84:30:eb:ce:ba:9d:8f:96:19:3c:61:ec:d9:b0:a2:
                    7a:17:9e:ba:a0:72:3a:1a:dd:28:1c:43:a7:5a:89:
                    05:cc:a8:7d:72:c5:03:e4:11:49:97:92:74:51:45:
                    dc:b6:89:fe:b1:fa:d4:e0:24:7f:a8:a0:68:00:5e:
                    94:c2:20:7d:f4:8f:92:f9:45:83:70:dc:72:56:6e:
                    2e:ae:80:b5:0e:54:9a:36:a2:9b:5f:c7:38:f7:e8:
                    dd:39:1b:b7:11:12:ca:d9:1e:5b:ea:50:93:8c:84:
                    e9:b4:44:04:4b:2c:a3:e3:d0:0c:cf:3a:4b:0b:81:
                    24:66:07:a4:6e:69:36:4d:4c:3a:a9:06:d8:b4:c1:
                    f6:8e:08:42:ae:e6:50:e8:a2:1f:ba:06:fb:f1:ac:
                    e9:4d:70:3a:f0:09:ea:9c:06:09:92:a2:d8:e5:ec:
                    0a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8D:6E:0D:C3:29:50:A5:EB:C2:0B:03:48:BF:B8:CE:D1:B7:72:11
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xI1uDcMpUKXrwgsDSL-4ztG3chE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:4b:1e:6a:10:a9:b3:b5:66:46:b9:9b:86:6f:6c:62:23:cf:
         7a:8d:cb:ad:89:f8:a2:0c:3c:3c:68:d8:78:be:f2:25:03:1d:
         27:e4:56:9c:ca:f3:61:3c:e1:dc:01:90:3c:06:36:c4:62:bd:
         fc:ea:91:64:fc:dd:2b:36:ab:25:2e:5e:3a:f1:9b:50:8d:2b:
         b9:38:1c:5c:94:19:1f:48:53:94:ec:b3:b5:d7:2d:34:7a:30:
         7e:0d:1f:ea:c8:f6:ec:93:2c:6e:37:4e:55:3c:eb:ad:ac:20:
         6a:b8:3c:00:6d:a2:07:20:51:6c:1d:77:d1:d0:62:bb:1f:ad:
         41:fa:08:ab:9e:75:19:41:84:dc:24:9d:fb:53:f6:31:3c:c1:
         02:b6:7c:9d:8d:66:21:2c:8e:8d:df:12:8d:2b:34:f8:10:00:
         98:cd:6a:0b:8b:05:7e:a0:4b:d2:b1:44:d0:a7:34:c1:56:98:
         3a:95:aa:1a:a6:ee:3d:66:86:7a:52:61:f1:c4:01:1b:66:c4:
         ab:68:7a:b0:b0:38:2e:5c:6d:b8:42:b6:c0:21:34:36:03:94:
         50:a5:d5:36:70:b4:59:e3:fa:96:13:a1:2c:fd:f5:a1:c6:bf:
         28:df:27:95:82:60:28:6e:3b:1e:05:11:75:66:0c:36:e9:ca:
         d4:9a:23:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKQLXehcnKGdCx4qN6oubb2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjQxMDE1MTIzNTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDhkNmUwZGMzMjk1MGE1ZWJjMjBiMDM0OGJmYjhjZWQxYjc3MjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj04CrUWWk6Qg6uDNyHq/ryA4/vt8
Sau/5jpYCu9D7am1pwLJiocY8+7eT3uCM+JBBeKerQhMzlAwawDnvhw9+jYd7Wrg
ELFfiZBuNJ0NXP3tjYrScdHLP4mEMOvOup2Plhk8YezZsKJ6F566oHI6Gt0oHEOn
WokFzKh9csUD5BFJl5J0UUXcton+sfrU4CR/qKBoAF6UwiB99I+S+UWDcNxyVm4u
roC1DlSaNqKbX8c49+jdORu3ERLK2R5b6lCTjITptEQESyyj49AMzzpLC4EkZgek
bmk2TUw6qQbYtMH2jghCruZQ6KIfugb78azpTXA68AnqnAYJkqLY5ewKNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSNbg3DKVCl68ILA0i/uM7Rt3IRMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEveEkxdURjTXBVS1hyd2dzRFNMLTR6dEczY2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdSMA0G
CSqGSIb3DQEBCwUAA4IBAQAaSx5qEKmztWZGuZuGb2xiI896jcutifiiDDw8aNh4
vvIlAx0n5FacyvNhPOHcAZA8BjbEYr386pFk/N0rNqslLl468ZtQjSu5OBxclBkf
SFOU7LO11y00ejB+DR/qyPbskyxuN05VPOutrCBquDwAbaIHIFFsHXfR0GK7H61B
+girnnUZQYTcJJ37U/YxPMECtnydjWYhLI6N3xKNKzT4EACYzWoLiwV+oEvSsUTQ
pzTBVpg6laoapu49ZoZ6UmHxxAEbZsSraHqwsDguXG24QrbAITQ2A5RQpdU2cLRZ
4/qWE6Es/fWhxr8o3yeVgmAobjseBRF1Zgw26crUmiO9
-----END CERTIFICATE-----