Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/IwvESSEZeVzqqOFQBT2cpx35Yec.roa
File:                     IwvESSEZeVzqqOFQBT2cpx35Yec.roa (raw, json)
Hash identifier:          VCa67MvJSTsUL90me3f5SsS/YzHIgscPqUdMj6oaeh4=
Subject key identifier:   23:0B:C4:49:21:19:79:5C:EA:A8:E1:50:05:3D:9C:A7:1D:F9:61:E7
Certificate issuer:       /CN=ef678469574acc03d782e63281ff44faaab3f847
Certificate serial:       018CCA2914602A662277662C4AB1868293D4
Authority key identifier: EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/IwvESSEZeVzqqOFQBT2cpx35Yec.roa
Signing time:             Tue 02 Jan 2024 12:32:18 +0000
ROA not before:           Tue 02 Jan 2024 12:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208037
IP address blocks:        89.232.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:14:60:2a:66:22:77:66:2c:4a:b1:86:82:93:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef678469574acc03d782e63281ff44faaab3f847
        Validity
            Not Before: Jan  2 12:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=230bc4492119795ceaa8e150053d9ca71df961e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6b:81:dc:4a:1b:c5:dc:56:c3:59:ab:d7:55:
                    2f:43:a6:c2:16:7d:48:56:8c:5b:7c:81:50:55:5d:
                    e2:fe:4a:47:c1:4b:54:c8:25:9f:e6:1f:ce:28:2d:
                    e9:a1:3c:d4:77:68:02:72:1c:88:38:00:b8:9b:83:
                    6b:47:dd:60:84:35:5f:5f:eb:a0:d1:ea:2b:9b:5c:
                    c1:a0:a4:53:a1:37:39:a1:c3:04:2a:ec:cf:0f:dc:
                    fa:37:8e:38:7d:83:27:79:02:27:69:a2:ba:7b:dd:
                    30:b4:2f:28:c4:b9:57:85:2b:78:51:54:31:6c:c6:
                    5a:3a:78:f3:af:22:64:73:67:98:17:81:3d:be:28:
                    f1:01:94:37:cd:65:12:c5:2b:a5:a3:2f:e8:c3:bc:
                    ea:83:f0:ee:1d:b9:78:76:4a:ca:6b:eb:42:5c:bc:
                    e4:0e:5d:aa:3f:10:13:68:74:70:e3:82:7d:94:79:
                    ff:4a:c3:fa:d6:91:00:19:01:e2:f5:0a:ca:e6:36:
                    21:95:86:ff:b3:ca:f3:ea:22:e9:98:40:09:da:c5:
                    db:37:06:7b:3b:16:91:9a:76:17:f6:28:93:2d:45:
                    31:07:5a:20:59:a5:27:3c:25:50:68:30:67:e0:24:
                    4d:b6:38:79:85:67:6a:88:bb:de:cd:a3:f9:58:6a:
                    8f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0B:C4:49:21:19:79:5C:EA:A8:E1:50:05:3D:9C:A7:1D:F9:61:E7
            X509v3 Authority Key Identifier:
                keyid:EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/IwvESSEZeVzqqOFQBT2cpx35Yec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.232.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:3b:bc:70:15:75:51:1f:f0:ae:c6:1a:5b:94:ee:09:91:56:
         0b:fb:36:b9:81:7f:3d:52:08:96:ff:91:f3:1e:54:a8:21:c0:
         b9:a5:48:90:07:25:84:66:21:81:1a:02:ec:63:8d:41:30:94:
         b0:f5:58:46:fd:4b:bf:e2:18:df:7a:b1:76:c2:8e:ac:1c:6c:
         19:cd:d9:8d:5f:d4:95:3e:9d:f7:95:bc:b9:96:d2:e0:2b:38:
         37:bc:70:d3:f4:c9:d3:da:7b:37:84:5f:5d:79:b3:70:fa:8b:
         15:c5:4b:7e:80:c6:4d:ef:26:b0:4a:f8:7a:f7:f1:7d:a3:a0:
         76:42:6b:43:6d:9c:92:f4:f6:c2:40:a6:ac:a4:3d:1d:96:89:
         e7:71:f2:12:ad:97:a4:fd:d8:09:e2:50:0b:7f:a8:96:1a:ae:
         e5:0c:ac:d8:9f:e3:c5:93:c7:39:a0:2a:5b:a0:ec:17:ad:23:
         df:05:1a:a1:a8:69:39:a0:97:6c:a4:f0:4d:38:50:b0:dc:54:
         b6:1d:60:a1:25:ca:1c:2a:42:4e:7a:6d:33:82:e1:45:0a:50:
         d4:b0:e4:41:81:cb:22:56:ee:68:8a:f3:86:7a:e6:cb:05:ca:
         3b:0f:1a:54:a1:94:8a:3e:4b:01:5f:1a:27:a4:65:bc:0e:53:
         49:5e:ac:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKRRgKmYid2YsSrGGgpPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNjc4NDY5NTc0YWNjMDNkNzgyZTYzMjgxZmY0NGZhYWFi
M2Y4NDcwHhcNMjQwMTAyMTIzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzBiYzQ0OTIxMTk3OTVjZWFhOGUxNTAwNTNkOWNhNzFkZjk2MWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWuB3EobxdxWw1mr11UvQ6bCFn1I
VoxbfIFQVV3i/kpHwUtUyCWf5h/OKC3poTzUd2gCchyIOAC4m4NrR91ghDVfX+ug
0eorm1zBoKRToTc5ocMEKuzPD9z6N444fYMneQInaaK6e90wtC8oxLlXhSt4UVQx
bMZaOnjzryJkc2eYF4E9vijxAZQ3zWUSxSuloy/ow7zqg/DuHbl4dkrKa+tCXLzk
Dl2qPxATaHRw44J9lHn/SsP61pEAGQHi9QrK5jYhlYb/s8rz6iLpmEAJ2sXbNwZ7
OxaRmnYX9iiTLUUxB1ogWaUnPCVQaDBn4CRNtjh5hWdqiLvezaP5WGqPWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMLxEkhGXlc6qjhUAU9nKcd+WHnMB8GA1UdIwQY
MBaAFO9nhGlXSswD14LmMoH/RPqqs/hHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzJlRWFWZEt6QVBYZ3VZeWdmOUUtcXF6LUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iNDY3M2ItMjEwYi00ZTVhLTg3NmEt
ZGMwNTllNjliMWQwLzEvSXd2RVNTRVplVnpxcU9GUUJUMmNweDM1WWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iNDY3M2ItMjEwYi00ZTVhLTg3NmEtZGMwNTllNjliMWQw
LzEvNzJlRWFWZEt6QVBYZ3VZeWdmOUUtcXF6LUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWeisMA0G
CSqGSIb3DQEBCwUAA4IBAQBgO7xwFXVRH/CuxhpblO4JkVYL+za5gX89UgiW/5Hz
HlSoIcC5pUiQByWEZiGBGgLsY41BMJSw9VhG/Uu/4hjferF2wo6sHGwZzdmNX9SV
Pp33lby5ltLgKzg3vHDT9MnT2ns3hF9debNw+osVxUt+gMZN7yawSvh69/F9o6B2
QmtDbZyS9PbCQKaspD0dlonncfISrZek/dgJ4lALf6iWGq7lDKzYn+PFk8c5oCpb
oOwXrSPfBRqhqGk5oJdspPBNOFCw3FS2HWChJcocKkJOem0zguFFClDUsORBgcsi
Vu5oivOGeubLBco7DxpUoZSKPksBXxonpGW8DlNJXqyF
-----END CERTIFICATE-----