Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/0eJMb18P7i0Jgsq8AOGY_nh8IlE.roa
File:                     0eJMb18P7i0Jgsq8AOGY_nh8IlE.roa (raw, json)
Hash identifier:          n1GbytqGpJVLwWVuConwCuFpJh83PmnnOSQcX2Sfr+k=
Subject key identifier:   D1:E2:4C:6F:5F:0F:EE:2D:09:82:CA:BC:00:E1:98:FE:78:7C:22:51
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019334991D4A9DEA7CE90F24EB6AE6D75C66
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/0eJMb18P7i0Jgsq8AOGY_nh8IlE.roa
Signing time:             Sat 16 Nov 2024 10:51:09 +0000
ROA not before:           Sat 16 Nov 2024 10:51:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49127
IP address blocks:        89.187.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:34:99:1d:4a:9d:ea:7c:e9:0f:24:eb:6a:e6:d7:5c:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Nov 16 10:51:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1e24c6f5f0fee2d0982cabc00e198fe787c2251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:33:84:9c:12:77:13:7e:cc:a8:72:fa:fb:1f:
                    08:1f:73:09:f8:60:88:f7:56:bb:04:0c:78:2f:56:
                    ea:e2:94:04:b1:3e:79:15:a2:fc:ba:67:82:f2:00:
                    18:0b:a7:07:be:65:d1:6c:fd:77:74:93:53:c8:eb:
                    b6:33:d8:9c:fc:1a:0a:bd:49:47:0a:f5:7b:e9:29:
                    20:9c:d2:96:08:d4:c9:e7:24:03:d6:f6:8e:de:d1:
                    30:84:fc:a2:82:2b:29:f8:39:3e:43:fa:c8:80:53:
                    e9:2e:2f:6e:3f:6a:c5:34:24:b4:9f:bd:da:c4:de:
                    98:d6:94:f6:fa:bc:40:89:0a:08:52:00:cc:53:d1:
                    a2:b6:1e:d8:f6:37:23:bc:db:ef:96:ba:5f:d6:e0:
                    9b:aa:90:10:2f:c9:ff:4b:98:4d:33:fb:61:d6:f8:
                    09:a2:34:f0:90:e9:5a:48:f4:76:9e:7c:e2:4b:20:
                    53:f9:d3:5b:09:f0:05:47:27:43:6b:a3:c5:02:53:
                    37:37:bc:e2:a4:c0:06:f5:6f:90:46:43:db:4c:59:
                    15:e4:f3:58:a1:bb:8a:72:c2:0d:69:25:f3:00:d3:
                    af:68:15:61:82:36:0c:1d:1f:d0:12:d6:07:c1:62:
                    63:db:26:a3:b2:06:4f:e1:93:39:dc:4a:b0:3b:f9:
                    c4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E2:4C:6F:5F:0F:EE:2D:09:82:CA:BC:00:E1:98:FE:78:7C:22:51
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/0eJMb18P7i0Jgsq8AOGY_nh8IlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:1b:3f:a8:bd:b1:da:11:7e:dd:a6:6b:17:86:a2:ad:e6:0a:
         14:8c:68:f8:f7:ec:65:d6:6a:6d:68:bb:6a:ce:9e:10:6e:f2:
         a3:d2:1a:93:af:65:1d:83:45:5f:e7:2a:65:27:8e:db:81:a2:
         ae:68:39:e2:88:04:f9:79:e6:37:0a:ba:21:c3:39:b6:37:d1:
         69:94:8d:01:80:57:63:75:0e:32:e6:84:8b:0f:09:78:18:3d:
         57:29:27:81:68:4b:ab:eb:08:eb:ea:51:70:6b:41:ad:b3:dc:
         48:83:e0:ff:48:4e:30:57:01:e6:a8:3b:34:11:2b:15:01:12:
         df:af:0c:78:5b:54:aa:5c:08:b1:86:49:07:c9:3b:35:f6:2b:
         50:90:f2:35:6e:7f:7a:f2:9a:2e:54:65:d0:a4:00:bc:f0:37:
         00:55:27:3a:6f:34:f2:2c:b9:ed:31:63:05:e5:e4:b7:ce:7f:
         d8:58:95:1e:1d:c2:ac:44:96:cc:45:d6:34:94:53:3e:1b:5d:
         96:72:22:d2:30:04:4a:47:05:4a:85:9c:66:4f:44:75:8b:6d:
         35:d6:7f:3f:3e:76:72:67:4c:58:31:32:b9:69:32:92:dc:eb:
         52:bc:20:94:de:f6:95:c9:56:54:c2:02:a6:70:06:16:07:41:
         97:e6:a4:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM0mR1Knep86Q8k62rm11xmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQxMTE2MTA1MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWUyNGM2ZjVmMGZlZTJkMDk4MmNhYmMwMGUxOThmZTc4N2MyMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTOEnBJ3E37MqHL6+x8IH3MJ+GCI
91a7BAx4L1bq4pQEsT55FaL8umeC8gAYC6cHvmXRbP13dJNTyOu2M9ic/BoKvUlH
CvV76SkgnNKWCNTJ5yQD1vaO3tEwhPyigisp+Dk+Q/rIgFPpLi9uP2rFNCS0n73a
xN6Y1pT2+rxAiQoIUgDMU9Gith7Y9jcjvNvvlrpf1uCbqpAQL8n/S5hNM/th1vgJ
ojTwkOlaSPR2nnziSyBT+dNbCfAFRydDa6PFAlM3N7zipMAG9W+QRkPbTFkV5PNY
obuKcsINaSXzANOvaBVhgjYMHR/QEtYHwWJj2yajsgZP4ZM53EqwO/nE2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHiTG9fD+4tCYLKvADhmP54fCJRMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvMGVKTWIxOFA3aTBKZ3NxOEFPR1lfbmg4SWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsZMA0G
CSqGSIb3DQEBCwUAA4IBAQAjGz+ovbHaEX7dpmsXhqKt5goUjGj49+xl1mptaLtq
zp4QbvKj0hqTr2Udg0Vf5yplJ47bgaKuaDniiAT5eeY3Crohwzm2N9FplI0BgFdj
dQ4y5oSLDwl4GD1XKSeBaEur6wjr6lFwa0Gts9xIg+D/SE4wVwHmqDs0ESsVARLf
rwx4W1SqXAixhkkHyTs19itQkPI1bn968pouVGXQpAC88DcAVSc6bzTyLLntMWMF
5eS3zn/YWJUeHcKsRJbMRdY0lFM+G12WciLSMARKRwVKhZxmT0R1i2011n8/PnZy
Z0xYMTK5aTKS3OtSvCCU3vaVyVZUwgKmcAYWB0GX5qQA
-----END CERTIFICATE-----