Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/_7VP1m-jZV1L1ptzLJ2bDVHWkUk.roa
File:                     _7VP1m-jZV1L1ptzLJ2bDVHWkUk.roa (raw, json)
Hash identifier:          HRTZ+Jlza+zjzZ8sRsZbIPSXkZUx2e/BRG4tid3R81s=
Subject key identifier:   FF:B5:4F:D6:6F:A3:65:5D:4B:D6:9B:73:2C:9D:9B:0D:51:D6:91:49
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0192E4655F605856BF0F8DDCB55609C2E4CB
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/_7VP1m-jZV1L1ptzLJ2bDVHWkUk.roa
Signing time:             Thu 31 Oct 2024 21:05:01 +0000
ROA not before:           Thu 31 Oct 2024 21:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        89.187.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e4:65:5f:60:58:56:bf:0f:8d:dc:b5:56:09:c2:e4:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Oct 31 21:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffb54fd66fa3655d4bd69b732c9d9b0d51d69149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0c:49:f8:18:e3:a0:40:41:0d:c4:b2:83:9c:
                    96:5d:04:61:0a:59:8c:fe:e7:5a:90:8c:1d:66:9f:
                    52:01:97:ef:05:33:66:8b:06:97:3a:ba:ca:6c:c7:
                    48:e8:0c:08:ba:e4:3a:c6:85:8a:4c:39:41:39:ea:
                    ac:31:a1:52:0e:7b:35:af:53:81:b1:d9:44:4a:9f:
                    36:06:45:07:71:3a:c1:83:c1:1d:51:5d:75:41:70:
                    cb:1e:53:d5:de:32:d4:a5:00:0a:d8:7d:99:13:85:
                    1c:46:65:75:aa:bc:15:aa:68:74:f5:db:ac:3b:03:
                    62:70:77:a2:c0:32:8d:b3:82:8b:e9:b2:8b:08:2f:
                    00:d3:51:48:ec:b4:e2:a7:36:c9:ca:08:e3:fa:bf:
                    87:42:ef:e2:98:f1:0a:d7:e9:61:77:65:e0:07:66:
                    57:50:ef:23:5e:68:04:04:dc:50:8a:59:44:3a:0b:
                    95:92:c6:0a:56:44:38:31:e6:5b:5c:72:fc:e3:dd:
                    44:cd:62:87:b6:24:eb:78:55:08:7d:a7:03:58:ad:
                    d6:84:75:37:04:b8:4d:49:33:9d:c1:d7:0c:41:fa:
                    6b:20:e1:65:59:28:90:e2:00:59:06:b7:13:39:87:
                    74:d7:02:ce:9b:cb:c4:06:c6:f1:df:b2:d7:f7:ad:
                    32:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:B5:4F:D6:6F:A3:65:5D:4B:D6:9B:73:2C:9D:9B:0D:51:D6:91:49
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/_7VP1m-jZV1L1ptzLJ2bDVHWkUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:40:ce:12:19:7b:d1:77:85:a1:85:b0:a5:19:fa:07:b2:f8:
         bd:dc:f2:cc:68:0d:9a:f8:f7:69:77:12:35:c0:41:b5:86:f1:
         c0:7f:22:d2:54:8d:36:80:78:4a:79:4c:aa:72:91:7f:44:88:
         45:7d:76:54:02:21:00:d5:6e:0f:09:0b:5a:e4:ab:3c:bf:8a:
         79:07:e8:b9:cf:11:72:5d:bc:a7:1e:58:ce:20:d4:4b:8b:e4:
         7d:4e:34:1c:01:d4:2c:02:2a:a0:db:f4:4f:dd:ea:97:56:35:
         c1:ff:b8:66:d7:b0:28:e9:03:9d:e1:15:c9:43:5a:3a:3b:03:
         9a:ab:67:34:d8:a8:85:43:fd:21:7b:53:1e:b4:90:ba:6d:6b:
         80:69:1e:1c:d2:95:6b:0e:17:10:f1:39:42:f3:d2:8d:78:e2:
         3e:cc:83:51:e6:be:cd:59:b4:f0:ff:5e:7c:4b:f5:d3:11:e4:
         42:97:1a:4a:38:36:20:a5:8d:ae:7c:ac:c6:5e:05:50:26:db:
         73:a8:28:9a:5d:15:e6:0a:74:d3:a4:de:bd:95:85:d9:c7:1c:
         34:7b:7c:27:df:0d:f6:97:a2:43:b7:57:c6:e8:e9:d6:bd:e0:
         e0:27:72:c5:40:9a:87:94:02:91:b2:bb:53:4e:a6:48:9e:9c:
         cc:78:0d:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLkZV9gWFa/D43ctVYJwuTLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQxMDMxMjEwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmI1NGZkNjZmYTM2NTVkNGJkNjliNzMyYzlkOWIwZDUxZDY5MTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAxJ+BjjoEBBDcSyg5yWXQRhClmM
/udakIwdZp9SAZfvBTNmiwaXOrrKbMdI6AwIuuQ6xoWKTDlBOeqsMaFSDns1r1OB
sdlESp82BkUHcTrBg8EdUV11QXDLHlPV3jLUpQAK2H2ZE4UcRmV1qrwVqmh09dus
OwNicHeiwDKNs4KL6bKLCC8A01FI7LTipzbJygjj+r+HQu/imPEK1+lhd2XgB2ZX
UO8jXmgEBNxQillEOguVksYKVkQ4MeZbXHL8491EzWKHtiTreFUIfacDWK3WhHU3
BLhNSTOdwdcMQfprIOFlWSiQ4gBZBrcTOYd01wLOm8vEBsbx37LX960y3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+1T9Zvo2VdS9abcyydmw1R1pFJMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvXzdWUDFtLWpaVjFMMXB0ekxKMmJEVkhXa1VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsXMA0G
CSqGSIb3DQEBCwUAA4IBAQBpQM4SGXvRd4WhhbClGfoHsvi93PLMaA2a+PdpdxI1
wEG1hvHAfyLSVI02gHhKeUyqcpF/RIhFfXZUAiEA1W4PCQta5Ks8v4p5B+i5zxFy
XbynHljOINRLi+R9TjQcAdQsAiqg2/RP3eqXVjXB/7hm17Ao6QOd4RXJQ1o6OwOa
q2c02KiFQ/0he1MetJC6bWuAaR4c0pVrDhcQ8TlC89KNeOI+zINR5r7NWbTw/158
S/XTEeRClxpKODYgpY2ufKzGXgVQJttzqCiaXRXmCnTTpN69lYXZxxw0e3wn3w32
l6JDt1fG6OnWveDgJ3LFQJqHlAKRsrtTTqZInpzMeA35
-----END CERTIFICATE-----