Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/aBEbYc13aAgho_JaXVhwN_xt6AY.roa
File:                     aBEbYc13aAgho_JaXVhwN_xt6AY.roa (raw, json)
Hash identifier:          lOxYmOxlYFFv9Fm8Ade3X/7tuhFc09gbrD2UKSsxUY0=
Subject key identifier:   68:11:1B:61:CD:77:68:08:21:A3:F2:5A:5D:58:70:37:FC:6D:E8:06
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0192777112CBB6CE2B88E36CC050B3FF1EB4
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/aBEbYc13aAgho_JaXVhwN_xt6AY.roa
Signing time:             Thu 10 Oct 2024 17:19:11 +0000
ROA not before:           Thu 10 Oct 2024 17:19:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        89.187.24.0/24 maxlen: 24
                          89.187.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:77:71:12:cb:b6:ce:2b:88:e3:6c:c0:50:b3:ff:1e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Oct 10 17:19:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68111b61cd77680821a3f25a5d587037fc6de806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:85:82:f4:33:50:a8:e9:cb:12:1d:90:5a:31:
                    d0:f1:9f:27:08:18:64:2a:d3:35:6c:e7:47:37:31:
                    57:fe:2b:2e:af:7d:02:95:d0:ae:59:ed:6d:2c:09:
                    c4:e9:93:2f:a1:e0:44:2e:3a:ee:d7:e7:6f:8e:22:
                    7e:43:ee:5d:2d:72:af:21:9c:95:6c:5d:a2:93:cd:
                    9a:83:3c:60:a1:c8:11:ae:4b:60:6a:c9:fe:31:c4:
                    07:8f:71:fa:f3:3f:56:5e:64:67:ed:8e:84:10:ff:
                    9e:43:8b:d6:12:9c:f6:ea:73:42:f8:48:f9:fd:d2:
                    fd:8d:ee:46:4e:95:4a:0b:3d:f1:56:a0:b1:4e:5a:
                    dd:9d:46:b3:77:92:94:7f:1f:f1:b9:25:9f:3b:bc:
                    00:25:72:62:99:53:9a:c4:24:fc:41:1b:93:26:d7:
                    e0:b3:89:dd:da:31:05:7d:e8:35:62:70:9f:48:d5:
                    6a:bb:6d:00:98:5a:4b:a8:b6:96:c6:00:68:73:c7:
                    3f:5e:19:d8:ef:56:60:c5:c1:d0:cd:7b:1d:9c:07:
                    11:b7:bd:94:6d:19:4a:f4:06:58:ea:75:47:93:f8:
                    c5:67:35:3f:2b:96:1f:04:22:2f:35:99:6f:53:ff:
                    7e:b9:95:7b:72:12:f8:18:11:da:e0:fa:97:e9:e9:
                    33:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:11:1B:61:CD:77:68:08:21:A3:F2:5A:5D:58:70:37:FC:6D:E8:06
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/aBEbYc13aAgho_JaXVhwN_xt6AY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.24.0/24
                  89.187.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:ea:ee:2e:d5:5f:1b:ce:86:b0:c2:1a:df:ce:c8:9f:37:e2:
         1b:40:84:03:47:aa:c5:4b:ba:a7:fd:02:4a:88:de:65:3d:1d:
         57:5a:90:da:0d:32:a8:6c:07:ac:f8:50:14:a2:e8:f3:8a:87:
         ea:94:82:cb:6b:10:b1:fb:5f:54:77:7e:42:e1:6d:c3:9f:94:
         cb:60:35:8d:4b:35:fb:10:cb:f0:45:73:57:41:61:ef:d9:27:
         23:97:3a:e4:ee:81:7b:cb:fd:8e:54:14:61:a8:eb:a2:14:59:
         b4:52:40:80:29:76:43:2f:5d:7e:7d:94:3e:c4:38:ad:d5:a6:
         60:d2:1d:d4:f7:fc:86:1b:8d:4b:69:4d:bb:31:22:d0:80:e2:
         ec:68:36:56:bc:c6:11:9a:b8:80:13:82:81:3a:67:90:d7:9e:
         db:f1:57:47:5e:02:c1:86:f5:e3:2f:b0:d2:20:17:eb:30:db:
         31:4f:32:99:79:9f:c2:bd:85:af:60:69:dc:dd:a6:37:57:c1:
         f6:16:24:91:8a:f3:31:2f:05:86:89:18:1f:9a:7a:cd:41:df:
         f4:f9:b8:29:4d:0f:b7:55:52:ba:2c:61:51:2b:96:c3:f1:e7:
         fb:60:09:e5:47:47:61:ac:ed:a8:e0:e9:c1:5e:bd:33:fd:81:
         40:32:44:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJ3cRLLts4riONswFCz/x60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQxMDEwMTcxOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODExMWI2MWNkNzc2ODA4MjFhM2YyNWE1ZDU4NzAzN2ZjNmRlODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYWC9DNQqOnLEh2QWjHQ8Z8nCBhk
KtM1bOdHNzFX/isur30CldCuWe1tLAnE6ZMvoeBELjru1+dvjiJ+Q+5dLXKvIZyV
bF2ik82agzxgocgRrktgasn+McQHj3H68z9WXmRn7Y6EEP+eQ4vWEpz26nNC+Ej5
/dL9je5GTpVKCz3xVqCxTlrdnUazd5KUfx/xuSWfO7wAJXJimVOaxCT8QRuTJtfg
s4nd2jEFfeg1YnCfSNVqu20AmFpLqLaWxgBoc8c/XhnY71ZgxcHQzXsdnAcRt72U
bRlK9AZY6nVHk/jFZzU/K5YfBCIvNZlvU/9+uZV7chL4GBHa4PqX6ekz8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGgRG2HNd2gIIaPyWl1YcDf8begGMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvYUJFYlljMTNhQWdob19KYVhWaHdOX3h0NkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWbsYAwQA
WbsaMA0GCSqGSIb3DQEBCwUAA4IBAQA76u4u1V8bzoawwhrfzsifN+IbQIQDR6rF
S7qn/QJKiN5lPR1XWpDaDTKobAes+FAUoujziofqlILLaxCx+19Ud35C4W3Dn5TL
YDWNSzX7EMvwRXNXQWHv2Scjlzrk7oF7y/2OVBRhqOuiFFm0UkCAKXZDL11+fZQ+
xDit1aZg0h3U9/yGG41LaU27MSLQgOLsaDZWvMYRmriAE4KBOmeQ157b8VdHXgLB
hvXjL7DSIBfrMNsxTzKZeZ/CvYWvYGnc3aY3V8H2FiSRivMxLwWGiRgfmnrNQd/0
+bgpTQ+3VVK6LGFRK5bD8ef7YAnlR0dhrO2o4OnBXr0z/YFAMkRS
-----END CERTIFICATE-----