Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gaVkBA730_9CjnWHPI61T0yG6Ak.roa
File:                     gaVkBA730_9CjnWHPI61T0yG6Ak.roa (raw, json)
Hash identifier:          fUltAiMHiN/oJ2u09UbRUu+CX9fo6uixU4A3SRoREIw=
Subject key identifier:   81:A5:64:04:0E:F7:D3:FF:42:8E:75:87:3C:8E:B5:4F:4C:86:E8:09
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       018D56A43947B1FA3FC1D74D6343C7E9D662
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gaVkBA730_9CjnWHPI61T0yG6Ak.roa
Signing time:             Mon 29 Jan 2024 19:13:39 +0000
ROA not before:           Mon 29 Jan 2024 19:13:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        89.187.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:56:a4:39:47:b1:fa:3f:c1:d7:4d:63:43:c7:e9:d6:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan 29 19:13:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81a564040ef7d3ff428e75873c8eb54f4c86e809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d7:7c:8b:08:a3:5f:be:13:58:4d:7c:84:f8:
                    2d:1c:e6:8f:db:87:65:10:f6:44:e0:32:83:08:8e:
                    c5:bf:a9:38:7c:e5:6c:3a:98:6c:19:6a:86:36:38:
                    f4:8c:33:86:84:f8:60:ce:f7:df:a6:5f:33:ab:53:
                    69:28:8d:b8:86:1a:26:f4:f6:9b:bf:ee:45:9d:db:
                    bf:b3:83:c5:2f:b6:de:9d:f2:e9:a4:61:b3:f2:21:
                    69:8d:4a:1b:57:ee:17:51:64:ed:67:26:87:ec:e8:
                    51:53:e8:be:6f:7f:66:ff:00:88:c0:27:95:0c:5b:
                    63:07:c3:f6:e4:6b:5b:b7:21:74:a9:3b:f2:79:48:
                    5c:41:87:c1:c8:a8:cb:3f:78:fb:6a:b3:4f:a3:bf:
                    ad:1c:21:2e:17:4f:03:ee:b7:60:12:bf:21:09:8f:
                    54:dc:32:67:cf:cc:d8:50:1b:83:5a:b4:4a:3c:9e:
                    97:13:40:21:0a:3c:59:4d:d4:cf:12:97:37:76:f2:
                    8a:51:83:9d:77:10:7b:e6:54:42:f1:28:95:ac:89:
                    79:cd:5d:ee:aa:d2:8e:13:fa:9f:30:eb:ca:a9:e5:
                    4a:81:60:86:7b:78:ef:5d:c8:81:8b:16:f2:45:d9:
                    c8:ca:b9:0c:5e:b0:93:c6:61:2e:a4:de:d5:95:e7:
                    e8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A5:64:04:0E:F7:D3:FF:42:8E:75:87:3C:8E:B5:4F:4C:86:E8:09
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gaVkBA730_9CjnWHPI61T0yG6Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:86:aa:db:86:ce:ef:43:35:57:a7:38:c7:34:67:56:42:98:
         cc:97:63:b2:63:02:36:e4:03:72:5c:83:42:c3:8b:0f:8d:36:
         c4:12:13:6a:ab:b2:42:d9:8c:b9:6f:c5:3b:14:55:b9:55:9a:
         8d:3a:e3:45:9a:38:bd:69:6e:1b:52:e2:c9:9c:73:be:30:bb:
         0f:27:78:2e:ce:02:86:65:0e:a8:76:04:b9:36:f3:66:dd:a4:
         98:0b:6d:dd:32:85:3f:e1:69:b9:84:5a:d3:d8:fb:99:6e:f2:
         02:cc:3d:e4:7f:33:41:10:c1:68:87:da:94:6f:63:ff:d4:1a:
         bd:6d:84:82:9c:fb:ef:2f:20:5c:24:d3:bb:46:8d:1c:5c:7a:
         8b:c8:9f:2e:42:4b:18:a4:f0:2a:ac:d8:fb:83:97:e8:06:c9:
         3f:50:9d:c8:b5:4d:e4:2c:a3:8e:65:14:fd:cf:2a:27:d8:bb:
         90:06:3b:bc:51:06:6b:aa:36:ef:f8:9f:ba:61:42:6f:fb:49:
         2b:29:b9:59:ee:a9:30:a0:07:e2:0f:47:e2:fe:8e:87:78:72:
         84:a9:c8:8c:24:b9:ea:cc:af:29:c3:bc:67:a7:09:c0:b7:d1:
         ca:f0:27:ca:f2:f5:37:b1:97:40:3e:b3:33:08:59:ef:c2:e6:
         bb:94:70:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1WpDlHsfo/wddNY0PH6dZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQwMTI5MTkxMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWE1NjQwNDBlZjdkM2ZmNDI4ZTc1ODczYzhlYjU0ZjRjODZlODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytd8iwijX74TWE18hPgtHOaP24dl
EPZE4DKDCI7Fv6k4fOVsOphsGWqGNjj0jDOGhPhgzvffpl8zq1NpKI24hhom9Pab
v+5Fndu/s4PFL7benfLppGGz8iFpjUobV+4XUWTtZyaH7OhRU+i+b39m/wCIwCeV
DFtjB8P25GtbtyF0qTvyeUhcQYfByKjLP3j7arNPo7+tHCEuF08D7rdgEr8hCY9U
3DJnz8zYUBuDWrRKPJ6XE0AhCjxZTdTPEpc3dvKKUYOddxB75lRC8SiVrIl5zV3u
qtKOE/qfMOvKqeVKgWCGe3jvXciBixbyRdnIyrkMXrCTxmEupN7Vlefo1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGlZAQO99P/Qo51hzyOtU9MhugJMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvZ2FWa0JBNzMwXzlDam5XSFBJNjFUMHlHNkFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbscMA0G
CSqGSIb3DQEBCwUAA4IBAQC3hqrbhs7vQzVXpzjHNGdWQpjMl2OyYwI25ANyXINC
w4sPjTbEEhNqq7JC2Yy5b8U7FFW5VZqNOuNFmji9aW4bUuLJnHO+MLsPJ3guzgKG
ZQ6odgS5NvNm3aSYC23dMoU/4Wm5hFrT2PuZbvICzD3kfzNBEMFoh9qUb2P/1Bq9
bYSCnPvvLyBcJNO7Ro0cXHqLyJ8uQksYpPAqrNj7g5foBsk/UJ3ItU3kLKOOZRT9
zyon2LuQBju8UQZrqjbv+J+6YUJv+0krKblZ7qkwoAfiD0fi/o6HeHKEqciMJLnq
zK8pw7xnpwnAt9HK8CfK8vU3sZdAPrMzCFnvwua7lHCI
-----END CERTIFICATE-----