Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/16ba11-773b-4e7e-b0dd-13086ecff9d5/1/B7g1W99nK7uH0NEKYNvXvidKyic.roa
File:                     B7g1W99nK7uH0NEKYNvXvidKyic.roa (raw, json)
Hash identifier:          zZsN789FEZJWf1lIVgg+1Gew7Z5lLG4aXHxhvrskyQg=
Subject key identifier:   07:B8:35:5B:DF:67:2B:BB:87:D0:D1:0A:60:DB:D7:BE:27:4A:CA:27
Certificate issuer:       /CN=6ea2be3732f6efd59c7de5ab03072a012c71b5ed
Certificate serial:       018CC3B6F0870754672CDA3384A840CA5667
Authority key identifier: 6E:A2:BE:37:32:F6:EF:D5:9C:7D:E5:AB:03:07:2A:01:2C:71:B5:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqK-NzL279WcfeWrAwcqASxxte0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/16ba11-773b-4e7e-b0dd-13086ecff9d5/1/B7g1W99nK7uH0NEKYNvXvidKyic.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197991
IP address blocks:        89.150.47.0/24 maxlen: 24
                          89.150.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/16ba11-773b-4e7e-b0dd-13086ecff9d5/1/bqK-NzL279WcfeWrAwcqASxxte0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/16ba11-773b-4e7e-b0dd-13086ecff9d5/1/bqK-NzL279WcfeWrAwcqASxxte0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqK-NzL279WcfeWrAwcqASxxte0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f0:87:07:54:67:2c:da:33:84:a8:40:ca:56:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ea2be3732f6efd59c7de5ab03072a012c71b5ed
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07b8355bdf672bbb87d0d10a60dbd7be274aca27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f1:71:f9:71:3c:5a:88:ba:75:89:0e:2a:f5:
                    da:43:70:61:b8:35:34:5e:ba:7e:dd:42:76:88:26:
                    48:89:28:4f:5c:32:27:7e:26:ff:84:09:7c:78:c8:
                    ce:64:81:f2:6f:94:72:02:e1:56:07:8c:73:de:8b:
                    ed:d8:78:bd:62:03:8f:43:e2:e3:01:5f:c1:8c:0b:
                    1a:ea:b8:e0:2c:89:86:4a:ee:22:58:f7:3b:c6:94:
                    33:80:eb:99:3b:06:bd:cc:19:7d:81:80:2a:35:ce:
                    d0:64:e9:24:1c:f7:f4:27:b5:58:a2:b8:35:5d:29:
                    a5:84:e4:55:2d:77:6b:d1:99:d5:dc:cc:6e:f9:16:
                    f8:47:5a:f1:4f:94:97:02:bb:f4:80:87:b9:57:7b:
                    ee:44:3f:74:42:7e:ae:88:50:f2:2d:78:7b:9f:b4:
                    4e:a7:cc:bc:32:d0:23:98:63:c1:98:10:1c:57:e8:
                    55:0a:31:26:d8:76:11:fc:4d:5e:43:8f:54:a4:08:
                    71:df:06:73:99:b7:75:0c:af:07:f5:9c:88:54:30:
                    70:99:58:3f:5f:b4:25:86:8c:25:8c:86:d0:80:8d:
                    1b:0a:1f:e7:a1:24:c3:71:b9:1b:5a:9b:e3:37:b6:
                    f9:ef:f3:03:73:97:be:a4:4b:91:b6:b4:ba:c7:d5:
                    70:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B8:35:5B:DF:67:2B:BB:87:D0:D1:0A:60:DB:D7:BE:27:4A:CA:27
            X509v3 Authority Key Identifier:
                keyid:6E:A2:BE:37:32:F6:EF:D5:9C:7D:E5:AB:03:07:2A:01:2C:71:B5:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqK-NzL279WcfeWrAwcqASxxte0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/16ba11-773b-4e7e-b0dd-13086ecff9d5/1/B7g1W99nK7uH0NEKYNvXvidKyic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/16ba11-773b-4e7e-b0dd-13086ecff9d5/1/bqK-NzL279WcfeWrAwcqASxxte0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:f0:32:dc:fe:2b:a8:29:71:5a:b7:da:94:8e:9a:a9:d8:96:
         02:ea:0b:79:45:90:04:b3:3f:af:7e:fe:ca:d1:ea:89:1f:b4:
         3b:77:aa:06:c8:68:5d:c8:07:17:f7:ed:42:10:90:fa:81:32:
         df:63:97:b5:2c:b8:41:52:89:0d:a6:fc:2e:35:e2:b2:15:c8:
         23:84:3b:39:14:fe:f9:44:4c:0a:2a:c4:9d:1a:0f:a0:7b:f4:
         dc:ab:34:ed:fe:42:97:59:54:13:3e:2f:6a:9d:a6:a8:f3:8c:
         24:b1:b8:0c:5a:b9:e1:ef:cb:a5:2d:e2:a3:4e:96:02:e4:21:
         3a:68:5b:de:a0:13:4e:f4:01:e9:d4:a7:d7:d3:8c:ce:ed:d4:
         55:ab:02:44:c0:c5:1a:64:ec:f9:00:8e:f4:81:ac:70:ef:ff:
         ed:a3:6e:be:33:86:51:ec:44:7b:59:7d:99:31:15:4b:af:97:
         6c:77:12:54:58:a3:3c:17:35:74:c1:c0:86:89:a3:6d:24:16:
         96:e8:7d:e2:2a:de:24:1f:16:5b:1f:cd:24:3d:4c:ba:c2:98:
         52:d7:1b:76:d4:2b:2f:54:93:65:b0:57:68:5c:fb:7f:44:ae:
         66:2b:55:81:d8:31:80:b5:25:5b:21:ed:2b:7f:39:55:6e:f7:
         99:08:c3:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvCHB1RnLNozhKhAylZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYTJiZTM3MzJmNmVmZDU5YzdkZTVhYjAzMDcyYTAxMmM3
MWI1ZWQwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2I4MzU1YmRmNjcyYmJiODdkMGQxMGE2MGRiZDdiZTI3NGFjYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/Fx+XE8Woi6dYkOKvXaQ3BhuDU0
Xrp+3UJ2iCZIiShPXDInfib/hAl8eMjOZIHyb5RyAuFWB4xz3ovt2Hi9YgOPQ+Lj
AV/BjAsa6rjgLImGSu4iWPc7xpQzgOuZOwa9zBl9gYAqNc7QZOkkHPf0J7VYorg1
XSmlhORVLXdr0ZnV3Mxu+Rb4R1rxT5SXArv0gIe5V3vuRD90Qn6uiFDyLXh7n7RO
p8y8MtAjmGPBmBAcV+hVCjEm2HYR/E1eQ49UpAhx3wZzmbd1DK8H9ZyIVDBwmVg/
X7QlhowljIbQgI0bCh/noSTDcbkbWpvjN7b57/MDc5e+pEuRtrS6x9VwyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAe4NVvfZyu7h9DRCmDb174nSsonMB8GA1UdIwQY
MBaAFG6ivjcy9u/VnH3lqwMHKgEscbXtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnFLLU56TDI3OVdjZmVXckF3Y3FBU3h4dGUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xNmJhMTEtNzczYi00ZTdlLWIwZGQt
MTMwODZlY2ZmOWQ1LzEvQjdnMVc5OW5LN3VIME5FS1lOdlh2aWRLeWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xNmJhMTEtNzczYi00ZTdlLWIwZGQtMTMwODZlY2ZmOWQ1
LzEvYnFLLU56TDI3OVdjZmVXckF3Y3FBU3h4dGUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWZYuMA0G
CSqGSIb3DQEBCwUAA4IBAQCB8DLc/iuoKXFat9qUjpqp2JYC6gt5RZAEsz+vfv7K
0eqJH7Q7d6oGyGhdyAcX9+1CEJD6gTLfY5e1LLhBUokNpvwuNeKyFcgjhDs5FP75
REwKKsSdGg+ge/TcqzTt/kKXWVQTPi9qnaao84wksbgMWrnh78ulLeKjTpYC5CE6
aFveoBNO9AHp1KfX04zO7dRVqwJEwMUaZOz5AI70gaxw7//to26+M4ZR7ER7WX2Z
MRVLr5dsdxJUWKM8FzV0wcCGiaNtJBaW6H3iKt4kHxZbH80kPUy6wphS1xt21Csv
VJNlsFdoXPt/RK5mK1WB2DGAtSVbIe0rfzlVbveZCMPk
-----END CERTIFICATE-----