Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/lyK1yEv9nJXnaxX8Ew3BveOPK0c.roa
File:                     lyK1yEv9nJXnaxX8Ew3BveOPK0c.roa (raw, json)
Hash identifier:          wm9AsmkQ/kZpfC2rGEMpRtrLBmfB0aj71fEBGu6Xm/Y=
Subject key identifier:   97:22:B5:C8:4B:FD:9C:95:E7:6B:15:FC:13:0D:C1:BD:E3:8F:2B:47
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       01932CED4FE80A246D7A4D610CB097AFD1AB
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/lyK1yEv9nJXnaxX8Ew3BveOPK0c.roa
Signing time:             Thu 14 Nov 2024 23:06:10 +0000
ROA not before:           Thu 14 Nov 2024 23:06:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214036
IP address blocks:        89.187.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2c:ed:4f:e8:0a:24:6d:7a:4d:61:0c:b0:97:af:d1:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Nov 14 23:06:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9722b5c84bfd9c95e76b15fc130dc1bde38f2b47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:65:f7:94:b5:34:d3:3b:12:a9:70:38:6b:b2:
                    4f:11:5a:f1:12:19:ac:51:ca:78:ea:35:24:1e:27:
                    8c:b3:6d:82:6e:75:06:f2:e9:36:cb:3a:34:cf:10:
                    ef:cb:27:6b:17:27:ac:14:1d:f1:28:3c:33:1e:80:
                    a6:28:f0:7a:9d:43:8f:73:e1:52:d8:ae:a5:17:32:
                    86:d4:0f:55:37:93:4c:b6:f4:89:55:b5:5b:17:15:
                    44:6b:0e:70:fd:8a:e6:d1:37:34:21:13:9e:6d:c6:
                    ea:20:ba:fa:ab:25:7c:ac:dc:5d:5d:57:e0:5b:31:
                    3f:f1:60:cd:a3:99:f2:76:7c:e7:1d:dc:2a:3d:c9:
                    f8:bd:be:3c:31:86:e8:c2:e1:5b:7f:61:f7:f9:18:
                    00:cc:b7:c8:7a:3d:52:5c:1b:a6:f0:06:35:bc:2b:
                    7e:a0:23:32:2e:3e:ac:cd:9a:eb:d1:04:73:fd:99:
                    14:4d:60:70:5c:29:ff:3b:6d:98:a5:2f:b3:1d:6e:
                    5f:12:aa:d4:13:be:7c:06:85:e5:1f:20:f9:be:f6:
                    b0:b6:4d:28:53:ba:c2:26:ca:17:f8:04:b8:74:a2:
                    ba:02:e8:da:b2:f3:71:bc:a5:da:58:ad:fa:44:03:
                    27:54:95:f6:18:b1:e8:7c:dd:95:e8:37:02:63:dc:
                    ff:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:22:B5:C8:4B:FD:9C:95:E7:6B:15:FC:13:0D:C1:BD:E3:8F:2B:47
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/lyK1yEv9nJXnaxX8Ew3BveOPK0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:e5:be:40:27:56:61:ee:48:31:e7:98:42:9b:2d:ff:b1:61:
         f8:3f:53:d5:c9:26:00:92:41:a3:d0:5c:e5:1f:91:1a:52:c6:
         61:9d:2a:0d:32:18:2d:d1:26:88:d0:7b:8f:d0:fb:49:b8:0a:
         32:4b:81:7d:28:b9:53:fe:18:ab:24:cf:4a:b9:71:b0:f6:6d:
         7c:d4:c0:12:c9:a7:d0:23:a8:65:fd:93:cc:cc:2e:de:ff:f1:
         12:bc:d8:fd:d1:80:5c:7c:48:6b:90:ab:47:ee:c6:b2:11:4e:
         a9:b9:75:60:c7:20:d8:db:12:70:aa:33:7a:9e:9d:04:5b:28:
         de:b0:72:21:9c:04:a1:b0:7a:4f:ce:69:d2:54:63:c3:05:0f:
         7e:82:a9:1d:d1:a9:ff:b1:a3:13:9d:75:71:68:aa:a5:4a:bf:
         a5:e4:03:ab:9c:44:a6:bc:9e:d0:60:e4:a9:35:74:c1:f0:f4:
         58:1d:0d:0b:a9:63:4a:9a:9c:00:09:19:3b:c8:55:a7:c6:44:
         d7:26:82:3e:6f:6a:42:fa:42:f4:f9:02:94:90:3e:99:90:f9:
         cc:d6:da:6a:1c:90:e2:fb:23:29:c9:3d:77:75:0d:7c:b5:45:
         f2:f1:0a:2e:0e:fe:19:ea:0a:5d:22:29:65:0e:af:27:8d:1a:
         70:54:dd:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMs7U/oCiRtek1hDLCXr9GrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQxMTE0MjMwNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzIyYjVjODRiZmQ5Yzk1ZTc2YjE1ZmMxMzBkYzFiZGUzOGYyYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGX3lLU00zsSqXA4a7JPEVrxEhms
Ucp46jUkHieMs22CbnUG8uk2yzo0zxDvyydrFyesFB3xKDwzHoCmKPB6nUOPc+FS
2K6lFzKG1A9VN5NMtvSJVbVbFxVEaw5w/Yrm0Tc0IROebcbqILr6qyV8rNxdXVfg
WzE/8WDNo5nydnznHdwqPcn4vb48MYbowuFbf2H3+RgAzLfIej1SXBum8AY1vCt+
oCMyLj6szZrr0QRz/ZkUTWBwXCn/O22YpS+zHW5fEqrUE758BoXlHyD5vvawtk0o
U7rCJsoX+AS4dKK6AujasvNxvKXaWK36RAMnVJX2GLHofN2V6DcCY9z/awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcitchL/ZyV52sV/BMNwb3jjytHMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvbHlLMXlFdjluSlhuYXhYOEV3M0J2ZU9QSzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsZMA0G
CSqGSIb3DQEBCwUAA4IBAQDE5b5AJ1Zh7kgx55hCmy3/sWH4P1PVySYAkkGj0Fzl
H5EaUsZhnSoNMhgt0SaI0HuP0PtJuAoyS4F9KLlT/hirJM9KuXGw9m181MASyafQ
I6hl/ZPMzC7e//ESvNj90YBcfEhrkKtH7sayEU6puXVgxyDY2xJwqjN6np0EWyje
sHIhnAShsHpPzmnSVGPDBQ9+gqkd0an/saMTnXVxaKqlSr+l5AOrnESmvJ7QYOSp
NXTB8PRYHQ0LqWNKmpwACRk7yFWnxkTXJoI+b2pC+kL0+QKUkD6ZkPnM1tpqHJDi
+yMpyT13dQ18tUXy8QouDv4Z6gpdIillDq8njRpwVN3T
-----END CERTIFICATE-----