Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/S1jP1kYQ9HHZV5S-4HA7z6BoL8A.roa
File:                     S1jP1kYQ9HHZV5S-4HA7z6BoL8A.roa (raw, json)
Hash identifier:          OY+UkxHEWFq3pbVFXtYWNfsRbahkapSnqANMraaa9kQ=
Subject key identifier:   4B:58:CF:D6:46:10:F4:71:D9:57:94:BE:E0:70:3B:CF:A0:68:2F:C0
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0191348AE9B4067AB384C14BD69FF1995C60
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/S1jP1kYQ9HHZV5S-4HA7z6BoL8A.roa
Signing time:             Fri 09 Aug 2024 00:30:04 +0000
ROA not before:           Fri 09 Aug 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        89.187.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:34:8a:e9:b4:06:7a:b3:84:c1:4b:d6:9f:f1:99:5c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Aug  9 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b58cfd64610f471d95794bee0703bcfa0682fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:88:35:e7:e0:e2:b5:68:c2:05:a7:87:3a:cc:
                    a7:f7:e4:c8:04:9e:e0:1d:f8:0a:2b:01:f9:d1:d8:
                    2d:f5:43:28:dd:f1:51:38:b1:3b:49:58:ce:1d:6f:
                    01:dd:24:eb:22:b8:e8:8a:b4:5c:18:bb:36:8b:36:
                    f5:96:3b:cc:60:70:14:60:2d:50:91:ee:43:06:a1:
                    97:03:6d:24:46:78:69:98:a7:bb:83:00:a2:de:d3:
                    76:06:c1:ec:7b:0c:88:9e:af:2f:5b:8c:e0:9a:fc:
                    46:fd:9a:9e:c8:5c:ed:60:19:06:8d:69:be:02:39:
                    ac:e4:37:90:63:6b:05:c1:f1:af:5c:b7:64:6f:e0:
                    71:14:72:8b:6c:3d:3c:8d:d3:a3:82:0b:0f:24:12:
                    a1:f4:d7:09:c6:5a:b3:ba:c0:05:e4:ed:6c:2d:99:
                    0f:63:2e:ac:3f:5b:14:ab:d2:ae:89:41:d7:54:1e:
                    3d:27:8d:aa:e1:f1:78:84:5f:82:a5:42:5a:72:6b:
                    f3:7e:50:d1:94:06:3f:50:c8:17:dc:7c:74:b1:c6:
                    64:e5:a9:8a:e1:b8:5e:2e:81:db:9f:7a:1a:ab:83:
                    82:9a:38:1f:36:4c:6c:3f:37:46:22:fc:a4:c9:37:
                    70:e8:19:c5:fb:1f:cf:07:f6:f6:5a:59:49:5c:e5:
                    d7:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:58:CF:D6:46:10:F4:71:D9:57:94:BE:E0:70:3B:CF:A0:68:2F:C0
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/S1jP1kYQ9HHZV5S-4HA7z6BoL8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:ca:ee:7a:53:1b:09:db:6e:49:98:62:1b:fb:7e:a4:90:91:
         e3:01:12:11:6d:ae:14:c0:c7:c9:ce:77:af:97:56:c1:fa:a9:
         d4:ef:2d:c4:2f:b7:b4:56:fe:a3:46:96:92:99:26:69:39:fe:
         61:8a:4c:2f:88:8d:9c:1b:87:c9:3a:f0:6e:60:bf:4d:3d:df:
         42:77:af:9f:94:54:d0:28:a5:2d:ec:7b:97:3b:07:16:2b:92:
         27:35:8d:52:76:1c:b4:c8:7f:3e:9b:ff:9d:77:81:f1:64:b1:
         0d:a5:bc:1a:49:d4:ba:36:8c:8d:d2:2b:74:c0:c1:c2:02:44:
         10:54:a0:ff:e7:72:82:4f:70:36:04:da:1a:b3:cf:e7:f7:b8:
         9a:96:61:a3:7a:76:ae:ef:4a:d5:89:d8:68:15:2e:c7:8f:c5:
         32:78:69:e2:bc:95:66:7d:cb:38:51:e4:d9:0b:0e:4a:cb:c8:
         59:ea:0d:f6:20:5d:a8:26:12:43:b8:a6:11:3b:ce:2d:fd:a2:
         64:a3:6d:5c:9f:5f:e0:01:56:2e:3b:b1:98:d2:7c:a8:bc:c4:
         3d:30:f3:04:58:2e:84:e1:4d:ab:76:20:2d:12:c2:13:15:0b:
         14:8e:12:a5:ed:fd:c7:24:4c:40:70:50:d5:3b:ab:2f:20:99:
         37:6c:73:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE0ium0BnqzhMFL1p/xmVxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQwODA5MDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjU4Y2ZkNjQ2MTBmNDcxZDk1Nzk0YmVlMDcwM2JjZmEwNjgyZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14g15+DitWjCBaeHOsyn9+TIBJ7g
HfgKKwH50dgt9UMo3fFROLE7SVjOHW8B3STrIrjoirRcGLs2izb1ljvMYHAUYC1Q
ke5DBqGXA20kRnhpmKe7gwCi3tN2BsHsewyInq8vW4zgmvxG/ZqeyFztYBkGjWm+
Ajms5DeQY2sFwfGvXLdkb+BxFHKLbD08jdOjggsPJBKh9NcJxlqzusAF5O1sLZkP
Yy6sP1sUq9KuiUHXVB49J42q4fF4hF+CpUJacmvzflDRlAY/UMgX3Hx0scZk5amK
4bheLoHbn3oaq4OCmjgfNkxsPzdGIvykyTdw6BnF+x/PB/b2WllJXOXXBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtYz9ZGEPRx2VeUvuBwO8+gaC/AMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvUzFqUDFrWVE5SEhaVjVTLTRIQTd6NkJvTDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsQMA0G
CSqGSIb3DQEBCwUAA4IBAQCyyu56UxsJ225JmGIb+36kkJHjARIRba4UwMfJznev
l1bB+qnU7y3EL7e0Vv6jRpaSmSZpOf5hikwviI2cG4fJOvBuYL9NPd9Cd6+flFTQ
KKUt7HuXOwcWK5InNY1Sdhy0yH8+m/+dd4HxZLENpbwaSdS6NoyN0it0wMHCAkQQ
VKD/53KCT3A2BNoas8/n97ialmGjenau70rVidhoFS7Hj8UyeGnivJVmfcs4UeTZ
Cw5Ky8hZ6g32IF2oJhJDuKYRO84t/aJko21cn1/gAVYuO7GY0nyovMQ9MPMEWC6E
4U2rdiAtEsITFQsUjhKl7f3HJExAcFDVO6svIJk3bHMh
-----END CERTIFICATE-----