Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/pgOpZUxpIQ2hZmUA6VygSSjIq6c.roa
File:                     pgOpZUxpIQ2hZmUA6VygSSjIq6c.roa (raw, json)
Hash identifier:          U/50kfWqCnY1U/WKRcXAYKWqVIWAKEoM1w5P4DgHzxI=
Subject key identifier:   A6:03:A9:65:4C:69:21:0D:A1:66:65:00:E9:5C:A0:49:28:C8:AB:A7
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       018CE8B6C37FC087B0687E2D063D241D74A4
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/pgOpZUxpIQ2hZmUA6VygSSjIq6c.roa
Signing time:             Mon 08 Jan 2024 10:55:40 +0000
ROA not before:           Mon 08 Jan 2024 10:55:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        89.187.23.0/24 maxlen: 24
                          89.187.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:b6:c3:7f:c0:87:b0:68:7e:2d:06:3d:24:1d:74:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  8 10:55:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a603a9654c69210da1666500e95ca04928c8aba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d4:c4:1a:f7:c2:8c:0f:c4:4f:cd:33:19:d2:
                    58:ad:31:dd:ea:00:96:d9:0b:4f:fa:d7:e8:f9:43:
                    e3:8d:51:90:a1:2f:0d:a0:4c:0d:8f:fe:b4:f7:c8:
                    f5:b3:90:3e:42:7e:0b:5f:54:df:b9:af:32:29:44:
                    e5:ba:d8:6d:2c:8d:44:23:7a:44:6a:90:89:82:51:
                    42:09:e6:6c:a6:d1:89:9a:a6:36:7e:19:06:87:24:
                    11:aa:72:b4:a3:04:cf:e5:2c:33:41:d8:d2:f7:16:
                    e4:51:10:20:36:09:4d:b2:44:a6:65:15:56:b4:6d:
                    b7:4d:38:75:d5:e6:b0:6b:35:33:8c:e9:58:a1:9f:
                    a9:85:1d:f9:f3:57:d3:8d:21:d4:9c:be:5e:47:8d:
                    74:7d:3f:ec:5c:b1:16:be:64:40:03:6d:b5:81:02:
                    5d:0b:8e:b8:4d:86:8f:e6:d4:cb:c0:ea:1d:55:1f:
                    7b:f4:5e:d8:b0:72:4b:a7:06:c9:a1:3e:cd:f8:2b:
                    af:5a:28:af:41:08:29:ad:6b:62:33:1c:5a:b9:2b:
                    b9:56:e3:8f:a8:cd:06:3f:e1:3b:ed:24:ed:cc:98:
                    9c:56:9c:92:da:b6:7c:0e:d4:b7:6c:7b:0a:33:ab:
                    58:15:9c:7c:1a:c2:5d:e9:1b:77:a7:ce:c8:4f:dd:
                    a9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:03:A9:65:4C:69:21:0D:A1:66:65:00:E9:5C:A0:49:28:C8:AB:A7
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/pgOpZUxpIQ2hZmUA6VygSSjIq6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.23.0/24
                  89.187.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:45:e3:96:6c:c9:58:99:bd:cf:4e:22:82:5e:f0:1e:e5:60:
         9c:6e:ec:7b:bc:93:28:f3:ff:49:97:3f:1f:1b:d7:a8:9e:83:
         e7:a5:06:8d:3b:63:ce:0a:67:94:fd:3b:92:32:b4:7f:b9:31:
         f1:db:a7:10:2a:c2:ec:7f:36:10:71:c8:9f:53:ca:aa:10:93:
         d8:89:20:dc:94:9e:ec:22:95:15:e1:6b:4e:bf:c1:b0:28:19:
         1d:54:36:c1:ac:3e:33:f6:11:53:07:94:8e:89:1b:2a:f9:36:
         c3:ed:94:7b:66:f0:c8:33:42:b7:73:77:bc:9f:54:f9:a8:15:
         df:72:b8:13:36:0a:5b:99:c5:f6:57:4a:16:79:d4:17:8c:03:
         57:69:bb:4b:7e:13:42:9b:45:c5:3a:88:7d:4f:50:17:e2:a0:
         b3:c6:17:35:4a:c2:80:26:bc:42:ba:f0:6d:39:99:96:5f:e5:
         9c:45:76:e1:03:87:d3:51:a3:ad:19:46:6b:87:8d:1f:62:a9:
         56:1e:b3:b8:d1:fc:a0:fd:86:b3:a9:b9:28:b8:38:f6:36:62:
         8e:62:82:00:d9:48:f8:13:f2:1c:c7:05:f7:7f:34:5e:fa:a4:
         34:f0:5f:23:f3:b9:1d:d3:65:d8:f0:32:38:c4:42:bc:62:2e:
         d2:ec:c6:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzotsN/wIewaH4tBj0kHXSkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQwMTA4MTA1NTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjAzYTk2NTRjNjkyMTBkYTE2NjY1MDBlOTVjYTA0OTI4YzhhYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltTEGvfCjA/ET80zGdJYrTHd6gCW
2QtP+tfo+UPjjVGQoS8NoEwNj/6098j1s5A+Qn4LX1Tfua8yKUTluthtLI1EI3pE
apCJglFCCeZsptGJmqY2fhkGhyQRqnK0owTP5SwzQdjS9xbkURAgNglNskSmZRVW
tG23TTh11eawazUzjOlYoZ+phR3581fTjSHUnL5eR410fT/sXLEWvmRAA221gQJd
C464TYaP5tTLwOodVR979F7YsHJLpwbJoT7N+CuvWiivQQgprWtiMxxauSu5VuOP
qM0GP+E77STtzJicVpyS2rZ8DtS3bHsKM6tYFZx8GsJd6Rt3p87IT92pkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKYDqWVMaSENoWZlAOlcoEkoyKunMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvcGdPcFpVeHBJUTJoWm1VQTZWeWdTU2pJcTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWbsXAwQA
WbsfMA0GCSqGSIb3DQEBCwUAA4IBAQBGReOWbMlYmb3PTiKCXvAe5WCcbux7vJMo
8/9Jlz8fG9eonoPnpQaNO2POCmeU/TuSMrR/uTHx26cQKsLsfzYQccifU8qqEJPY
iSDclJ7sIpUV4WtOv8GwKBkdVDbBrD4z9hFTB5SOiRsq+TbD7ZR7ZvDIM0K3c3e8
n1T5qBXfcrgTNgpbmcX2V0oWedQXjANXabtLfhNCm0XFOoh9T1AX4qCzxhc1SsKA
JrxCuvBtOZmWX+WcRXbhA4fTUaOtGUZrh40fYqlWHrO40fyg/YazqbkouDj2NmKO
YoIA2Uj4E/IcxwX3fzRe+qQ08F8j87kd02XY8DI4xEK8Yi7S7MaH
-----END CERTIFICATE-----