Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/KfQZ5u-_I0_QYQ9mkjFt4B3BaNA.roa
File:                     KfQZ5u-_I0_QYQ9mkjFt4B3BaNA.roa (raw, json)
Hash identifier:          1iJ+fygR3DmbG8UYOT8vpVNBF3oJtjUIFWE2eVEiPZs=
Subject key identifier:   29:F4:19:E6:EF:BF:23:4F:D0:61:0F:66:92:31:6D:E0:1D:C1:68:D0
Certificate issuer:       /CN=7981ea4d507fb0ae07159f6f88def958430fd070
Certificate serial:       018CC86F4A7554BC0405E31895149741F7DB
Authority key identifier: 79:81:EA:4D:50:7F:B0:AE:07:15:9F:6F:88:DE:F9:58:43:0F:D0:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/KfQZ5u-_I0_QYQ9mkjFt4B3BaNA.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202269
IP address blocks:        89.106.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4a:75:54:bc:04:05:e3:18:95:14:97:41:f7:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7981ea4d507fb0ae07159f6f88def958430fd070
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29f419e6efbf234fd0610f6692316de01dc168d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:26:0c:7d:16:dd:5b:8c:84:eb:6b:db:d0:12:
                    d1:3b:9e:27:ce:f0:1b:f9:b6:1c:e2:03:d9:8c:83:
                    5d:39:7c:71:53:ab:95:0e:67:bc:08:c3:ed:c1:35:
                    db:35:1a:17:71:2c:58:a0:c1:90:08:c2:e1:99:da:
                    62:8d:25:d5:d8:00:c5:0d:1f:5b:68:ce:ac:fb:25:
                    f1:78:a2:d1:bf:4a:84:88:b0:10:75:40:bd:c0:61:
                    e9:2c:a7:92:e5:f6:68:93:76:02:af:90:7b:e7:92:
                    b3:2b:9c:60:df:84:8f:2a:41:4b:85:62:99:56:20:
                    8c:b0:fe:59:9c:d1:0e:c5:62:db:d2:77:04:73:77:
                    d1:21:c1:5a:13:b0:f9:5b:a5:7a:cc:d1:8a:a0:51:
                    4d:e3:2a:df:0c:35:25:6d:52:30:5e:40:95:44:c0:
                    a3:c8:4c:f1:bf:a7:15:6d:0a:a1:8e:78:f0:98:39:
                    2f:0a:65:31:4d:3c:8c:c6:ac:88:76:4a:d3:ff:34:
                    07:39:a7:65:54:51:d7:ce:06:25:a0:47:35:62:ee:
                    95:73:02:0d:47:b3:f6:87:99:9f:30:d9:4b:12:97:
                    0e:8f:6b:b0:6d:38:7c:33:58:72:60:2a:9f:3f:6a:
                    24:a7:1c:b2:b7:38:49:63:c4:15:42:1a:57:4a:3a:
                    f0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F4:19:E6:EF:BF:23:4F:D0:61:0F:66:92:31:6D:E0:1D:C1:68:D0
            X509v3 Authority Key Identifier:
                keyid:79:81:EA:4D:50:7F:B0:AE:07:15:9F:6F:88:DE:F9:58:43:0F:D0:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/KfQZ5u-_I0_QYQ9mkjFt4B3BaNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:91:4c:88:57:5e:40:00:23:67:74:64:f6:50:c2:27:f4:05:
         a6:04:67:b6:6e:53:6e:94:e7:5d:df:7e:da:ac:1a:cb:43:06:
         76:87:d8:b5:05:60:ed:8b:31:7f:e4:fe:5d:22:bf:46:d1:41:
         e8:0a:54:6a:f3:41:d7:56:b0:7c:1a:77:23:5d:62:a1:11:22:
         a0:75:1a:4a:7d:40:ac:ee:b7:40:cf:36:20:49:76:22:fb:f3:
         28:9c:f7:95:23:bc:4e:81:af:e0:d0:6f:f1:42:6a:f8:0a:32:
         e2:55:fb:25:de:1b:81:66:a4:b1:94:1c:e7:f0:7b:a7:78:3c:
         96:13:87:ce:c7:f5:69:39:cc:8e:47:b1:cf:30:ae:ac:06:e6:
         38:56:ba:5e:05:2f:39:01:99:94:24:63:23:3e:da:a0:5b:21:
         28:17:9a:66:b4:34:90:55:0e:56:e3:87:11:a4:04:22:06:1e:
         4d:66:e6:ce:65:d3:80:64:cc:9f:59:5b:52:62:07:c7:7b:bb:
         1f:2f:ff:6e:ac:2d:38:e0:9b:8f:c1:72:83:fa:73:5e:dd:12:
         2c:a1:5d:36:cf:00:8e:20:9b:63:b2:56:1b:32:ec:82:ae:19:
         96:ac:08:79:7d:e7:e6:c1:b9:95:24:15:43:59:7a:ef:1a:7a:
         a0:c1:36:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0p1VLwEBeMYlRSXQffbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ODFlYTRkNTA3ZmIwYWUwNzE1OWY2Zjg4ZGVmOTU4NDMw
ZmQwNzAwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY0MTllNmVmYmYyMzRmZDA2MTBmNjY5MjMxNmRlMDFkYzE2OGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCYMfRbdW4yE62vb0BLRO54nzvAb
+bYc4gPZjINdOXxxU6uVDme8CMPtwTXbNRoXcSxYoMGQCMLhmdpijSXV2ADFDR9b
aM6s+yXxeKLRv0qEiLAQdUC9wGHpLKeS5fZok3YCr5B755KzK5xg34SPKkFLhWKZ
ViCMsP5ZnNEOxWLb0ncEc3fRIcFaE7D5W6V6zNGKoFFN4yrfDDUlbVIwXkCVRMCj
yEzxv6cVbQqhjnjwmDkvCmUxTTyMxqyIdkrT/zQHOadlVFHXzgYloEc1Yu6VcwIN
R7P2h5mfMNlLEpcOj2uwbTh8M1hyYCqfP2okpxyytzhJY8QVQhpXSjrwCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCn0GebvvyNP0GEPZpIxbeAdwWjQMB8GA1UdIwQY
MBaAFHmB6k1Qf7CuBxWfb4je+VhDD9BwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVlIcVRWQl9zSzRIRlo5dmlONzVXRU1QMEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lNDRiZDctMGY3MC00NWM4LTg1NmUt
NDBlMmVmMzM4M2IwLzEvS2ZRWjV1LV9JMF9RWVE5bWtqRnQ0QjNCYU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lNDRiZDctMGY3MC00NWM4LTg1NmUtNDBlMmVmMzM4M2Iw
LzEvZVlIcVRWQl9zSzRIRlo5dmlONzVXRU1QMEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWrOMA0G
CSqGSIb3DQEBCwUAA4IBAQBLkUyIV15AACNndGT2UMIn9AWmBGe2blNulOdd337a
rBrLQwZ2h9i1BWDtizF/5P5dIr9G0UHoClRq80HXVrB8GncjXWKhESKgdRpKfUCs
7rdAzzYgSXYi+/MonPeVI7xOga/g0G/xQmr4CjLiVfsl3huBZqSxlBzn8HuneDyW
E4fOx/VpOcyOR7HPMK6sBuY4VrpeBS85AZmUJGMjPtqgWyEoF5pmtDSQVQ5W44cR
pAQiBh5NZubOZdOAZMyfWVtSYgfHe7sfL/9urC044JuPwXKD+nNe3RIsoV02zwCO
IJtjslYbMuyCrhmWrAh5fefmwbmVJBVDWXrvGnqgwTb4
-----END CERTIFICATE-----