Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/ls7BUQN3YEoucLPQUt0qa99dpEU.roa
File:                     ls7BUQN3YEoucLPQUt0qa99dpEU.roa (raw, json)
Hash identifier:          g5tbHIwSM9WyJkw1wyRoOoMVuhszqKQVKLupmHjjbY4=
Subject key identifier:   96:CE:C1:51:03:77:60:4A:2E:70:B3:D0:52:DD:2A:6B:DF:5D:A4:45
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       018CC86FEA2A937A9E1FA00BAE5284FED8C0
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/ls7BUQN3YEoucLPQUt0qa99dpEU.roa
Signing time:             Tue 02 Jan 2024 04:30:26 +0000
ROA not before:           Tue 02 Jan 2024 04:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        89.187.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ea:2a:93:7a:9e:1f:a0:0b:ae:52:84:fe:d8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  2 04:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96cec1510377604a2e70b3d052dd2a6bdf5da445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f6:08:d1:10:db:3f:06:1e:b2:78:0f:0e:9b:
                    b5:b3:98:39:cc:a4:4a:8d:da:dd:5d:73:ee:db:07:
                    03:7c:a6:90:bf:77:6b:f0:a8:94:90:7b:7f:dc:10:
                    da:34:c7:6b:e0:4e:7a:90:e9:f8:72:93:27:c4:4f:
                    35:31:f9:45:88:72:5a:8d:43:84:82:db:4f:f3:69:
                    63:36:1c:cb:4d:4b:1c:83:09:13:3e:46:7e:21:74:
                    db:1d:1c:57:f3:87:74:b5:fb:ec:7c:65:2b:0f:5a:
                    1b:45:63:17:99:29:40:60:07:c2:5a:1e:67:4d:3f:
                    dd:6f:7a:b2:46:69:c1:af:44:ce:a9:3f:81:c6:b1:
                    68:5e:34:b4:23:d8:02:1c:3c:21:24:ab:9a:f0:1d:
                    c9:45:a9:1c:a3:50:2d:ca:b7:16:6e:0a:3d:85:7e:
                    48:15:7f:0e:f0:5d:cf:25:90:bc:3f:1e:32:71:07:
                    53:cc:52:9f:60:19:4c:65:00:f0:d8:82:2a:24:7d:
                    d7:28:41:7f:f9:9e:1d:a8:3f:86:ed:3f:fc:7c:35:
                    89:b8:df:bd:47:e9:19:66:12:42:64:2e:8f:5e:f5:
                    3f:64:78:ce:4f:13:a1:d5:92:7b:e1:aa:85:37:20:
                    b4:5f:26:3b:6b:1e:f6:75:82:69:20:4d:fb:d9:08:
                    a8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:CE:C1:51:03:77:60:4A:2E:70:B3:D0:52:DD:2A:6B:DF:5D:A4:45
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/ls7BUQN3YEoucLPQUt0qa99dpEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:29:0f:af:a8:57:71:eb:d9:db:d1:11:6a:c1:60:bc:ef:ec:
         b9:e4:d5:30:6a:12:8d:82:61:e9:d0:95:ff:a1:af:3a:3b:98:
         a4:4c:98:bb:fb:4d:01:31:d1:c4:e9:85:58:e0:bd:c5:ab:64:
         c6:8d:b0:6b:88:65:e5:e2:58:b6:79:a4:3a:6e:55:52:a6:00:
         04:5a:30:92:b2:f2:45:4b:4d:fd:cc:08:a7:e7:5c:fe:21:27:
         64:d8:87:08:49:ff:26:60:ce:75:da:ff:21:8e:02:27:52:3d:
         cf:df:bc:89:fe:2e:c4:e6:6c:63:da:93:f3:d8:e0:d9:7f:60:
         92:40:fa:f5:48:71:96:66:49:83:a1:e6:df:05:5e:08:e8:7a:
         b6:d6:52:1b:cd:24:da:40:13:da:aa:91:fa:dd:f7:9d:69:e3:
         ee:27:30:2a:01:1a:07:0f:96:b5:6e:0c:2b:1d:fd:94:39:c5:
         f3:b3:3c:36:3c:d3:b2:5e:c3:9c:f7:60:da:60:21:7a:0f:19:
         47:d4:f0:09:9a:1c:c5:1a:c6:d7:b6:34:66:26:86:47:0b:f3:
         bb:95:12:e2:15:e9:51:3d:34:aa:f7:74:d4:57:4b:c2:97:48:
         84:4c:f4:fb:9d:77:35:85:86:89:f9:d1:65:2f:2b:4b:e6:55:
         4e:24:31:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb+oqk3qeH6ALrlKE/tjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQwMTAyMDQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmNlYzE1MTAzNzc2MDRhMmU3MGIzZDA1MmRkMmE2YmRmNWRhNDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfYI0RDbPwYesngPDpu1s5g5zKRK
jdrdXXPu2wcDfKaQv3dr8KiUkHt/3BDaNMdr4E56kOn4cpMnxE81MflFiHJajUOE
gttP82ljNhzLTUscgwkTPkZ+IXTbHRxX84d0tfvsfGUrD1obRWMXmSlAYAfCWh5n
TT/db3qyRmnBr0TOqT+BxrFoXjS0I9gCHDwhJKua8B3JRakco1AtyrcWbgo9hX5I
FX8O8F3PJZC8Px4ycQdTzFKfYBlMZQDw2IIqJH3XKEF/+Z4dqD+G7T/8fDWJuN+9
R+kZZhJCZC6PXvU/ZHjOTxOh1ZJ74aqFNyC0XyY7ax72dYJpIE372QioGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbOwVEDd2BKLnCz0FLdKmvfXaRFMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvbHM3QlVRTjNZRW91Y0xQUVV0MHFhOTlkcEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsdMA0G
CSqGSIb3DQEBCwUAA4IBAQAHKQ+vqFdx69nb0RFqwWC87+y55NUwahKNgmHp0JX/
oa86O5ikTJi7+00BMdHE6YVY4L3Fq2TGjbBriGXl4li2eaQ6blVSpgAEWjCSsvJF
S039zAin51z+ISdk2IcISf8mYM512v8hjgInUj3P37yJ/i7E5mxj2pPz2ODZf2CS
QPr1SHGWZkmDoebfBV4I6Hq21lIbzSTaQBPaqpH63fedaePuJzAqARoHD5a1bgwr
Hf2UOcXzszw2PNOyXsOc92DaYCF6DxlH1PAJmhzFGsbXtjRmJoZHC/O7lRLiFelR
PTSq93TUV0vCl0iETPT7nXc1hYaJ+dFlLytL5lVOJDGo
-----END CERTIFICATE-----