Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/d2rbL0g_I4y2ebefcjHyJgn7lkY.roa
File:                     d2rbL0g_I4y2ebefcjHyJgn7lkY.roa (raw, json)
Hash identifier:          EtByGbJNRCNF9mClgDELF/775o3ROAJZREySRXE5OgU=
Subject key identifier:   77:6A:DB:2F:48:3F:23:8C:B6:79:B7:9F:72:31:F2:26:09:FB:96:46
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       018CC86FE84D8EFB87367C0276A3A0884E2B
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/d2rbL0g_I4y2ebefcjHyJgn7lkY.roa
Signing time:             Tue 02 Jan 2024 04:30:26 +0000
ROA not before:           Tue 02 Jan 2024 04:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42689
IP address blocks:        89.187.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:e8:4d:8e:fb:87:36:7c:02:76:a3:a0:88:4e:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  2 04:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=776adb2f483f238cb679b79f7231f22609fb9646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9d:97:5f:1c:79:66:5c:ad:37:f9:63:20:55:
                    cd:40:74:0e:3e:dc:d3:d3:56:35:10:15:ef:de:d7:
                    80:1c:1b:de:08:a4:47:c2:6b:00:bb:b6:84:fa:84:
                    17:6a:e3:53:e3:47:b4:54:f3:26:98:cd:ec:4f:91:
                    ab:01:1c:06:f4:52:d1:64:62:8f:99:71:15:ee:ab:
                    42:2f:ee:3c:b0:18:ea:55:25:23:09:2b:ed:25:f6:
                    14:87:20:18:dc:fb:c5:7b:d3:25:27:ee:46:f4:99:
                    d7:ce:a3:9e:30:65:46:f8:ca:de:57:96:0b:57:10:
                    37:11:1c:cd:ca:db:9f:be:2e:23:c7:6e:96:e3:db:
                    09:0b:d1:c3:60:c8:d2:5d:6d:7f:4b:1f:db:d1:0f:
                    53:be:11:8e:e1:12:77:aa:38:92:18:c4:b8:a0:c9:
                    b9:39:d2:7d:1e:85:d6:b8:be:bc:5e:fe:ff:61:bc:
                    8f:97:a5:5b:a3:7b:3e:60:0f:9d:d0:2b:01:23:2d:
                    38:28:2f:b7:95:d5:08:c0:cd:84:0e:e3:0b:30:27:
                    a3:ba:e9:61:9c:5f:b4:d8:e4:ef:b4:01:83:4c:23:
                    00:12:4a:11:b2:b9:87:2c:af:53:f0:53:20:1e:23:
                    40:af:83:f6:14:e0:fe:f1:64:6c:5b:1e:67:a9:57:
                    0c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6A:DB:2F:48:3F:23:8C:B6:79:B7:9F:72:31:F2:26:09:FB:96:46
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/d2rbL0g_I4y2ebefcjHyJgn7lkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:5e:d7:b0:07:88:db:ca:7f:47:c0:c2:d6:0b:c7:26:d1:76:
         b9:36:c1:ef:33:7f:c2:c8:70:b9:56:2f:69:8a:59:93:34:44:
         77:ad:44:ad:56:ec:72:72:e8:d2:19:ae:f5:64:69:19:6f:38:
         f5:70:4d:21:01:38:ea:e4:91:96:1a:cf:c7:15:2a:b6:4e:97:
         b5:ba:b7:52:0e:b6:1c:48:22:97:33:e5:e9:12:e9:ba:ee:d4:
         38:89:c3:b0:f0:32:a3:25:36:7c:e2:3c:2d:bc:b0:c6:7c:38:
         ee:a7:67:03:40:38:08:92:7c:45:76:e1:fb:25:30:2f:da:5b:
         60:9e:11:6b:0a:89:36:b1:3d:83:0a:6a:2b:12:d0:4e:c9:48:
         39:07:cc:b0:d6:69:fa:3c:3f:17:4b:dd:da:22:36:5b:fe:a1:
         8a:09:82:07:2f:53:cc:8c:90:76:a3:d7:ec:bb:66:b3:fa:51:
         0b:d5:f0:55:d5:b4:19:d2:2c:45:71:fc:c9:9a:44:01:58:b2:
         9e:03:f1:ca:fe:f6:8c:c6:e7:08:3a:29:76:85:12:f1:21:be:
         ff:77:25:d0:61:e7:9e:5b:db:15:06:24:4a:d8:ea:ec:a9:96:
         4f:9a:c3:1d:f6:ac:ac:88:98:8a:c1:1b:a1:83:c9:f8:2d:34:
         05:60:b2:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb+hNjvuHNnwCdqOgiE4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQwMTAyMDQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzZhZGIyZjQ4M2YyMzhjYjY3OWI3OWY3MjMxZjIyNjA5ZmI5NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJ2XXxx5ZlytN/ljIFXNQHQOPtzT
01Y1EBXv3teAHBveCKRHwmsAu7aE+oQXauNT40e0VPMmmM3sT5GrARwG9FLRZGKP
mXEV7qtCL+48sBjqVSUjCSvtJfYUhyAY3PvFe9MlJ+5G9JnXzqOeMGVG+MreV5YL
VxA3ERzNytufvi4jx26W49sJC9HDYMjSXW1/Sx/b0Q9TvhGO4RJ3qjiSGMS4oMm5
OdJ9HoXWuL68Xv7/YbyPl6Vbo3s+YA+d0CsBIy04KC+3ldUIwM2EDuMLMCejuulh
nF+02OTvtAGDTCMAEkoRsrmHLK9T8FMgHiNAr4P2FOD+8WRsWx5nqVcMLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdq2y9IPyOMtnm3n3Ix8iYJ+5ZGMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvZDJyYkwwZ19JNHkyZWJlZmNqSHlKZ243bGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsEMA0G
CSqGSIb3DQEBCwUAA4IBAQCXXtewB4jbyn9HwMLWC8cm0Xa5NsHvM3/CyHC5Vi9p
ilmTNER3rUStVuxycujSGa71ZGkZbzj1cE0hATjq5JGWGs/HFSq2Tpe1urdSDrYc
SCKXM+XpEum67tQ4icOw8DKjJTZ84jwtvLDGfDjup2cDQDgIknxFduH7JTAv2ltg
nhFrCok2sT2DCmorEtBOyUg5B8yw1mn6PD8XS93aIjZb/qGKCYIHL1PMjJB2o9fs
u2az+lEL1fBV1bQZ0ixFcfzJmkQBWLKeA/HK/vaMxucIOil2hRLxIb7/dyXQYeee
W9sVBiRK2OrsqZZPmsMd9qysiJiKwRuhg8n4LTQFYLI9
-----END CERTIFICATE-----