Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/eIoqOEoCNEqB48vn4pY5CDfXpRs.roa
File:                     eIoqOEoCNEqB48vn4pY5CDfXpRs.roa (raw, json)
Hash identifier:          TrBYBymq2Kr44lTDvg9r6FQq6qY7n895f0c6NwftWw8=
Subject key identifier:   78:8A:2A:38:4A:02:34:4A:81:E3:CB:E7:E2:96:39:08:37:D7:A5:1B
Certificate issuer:       /CN=7ba7fda6a692236c223f74d63ea7bb9fef2f1274
Certificate serial:       0190FED6702FA15C678C3B3B941AFC1943B4
Authority key identifier: 7B:A7:FD:A6:A6:92:23:6C:22:3F:74:D6:3E:A7:BB:9F:EF:2F:12:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/eIoqOEoCNEqB48vn4pY5CDfXpRs.roa
Signing time:             Mon 29 Jul 2024 14:13:04 +0000
ROA not before:           Mon 29 Jul 2024 14:13:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206173
IP address blocks:        89.31.214.0/23 maxlen: 24
                          185.145.246.0/24 maxlen: 24
                          2a10:1e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fe:d6:70:2f:a1:5c:67:8c:3b:3b:94:1a:fc:19:43:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba7fda6a692236c223f74d63ea7bb9fef2f1274
        Validity
            Not Before: Jul 29 14:13:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=788a2a384a02344a81e3cbe7e296390837d7a51b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b6:7a:08:b5:70:a9:35:aa:cc:cc:06:e5:7e:
                    14:4a:9c:9b:cd:9a:83:22:53:53:ed:50:63:a3:0b:
                    bb:19:37:8a:a3:ec:c1:1d:58:1f:ea:e4:7c:a4:d2:
                    52:02:32:02:19:f5:75:78:db:06:c0:f8:c8:85:aa:
                    c1:25:10:fc:e0:f4:85:f0:a2:77:4f:e8:ea:61:4f:
                    0d:46:07:83:60:bf:ce:b7:7b:5b:9d:d8:3e:b2:13:
                    13:49:b7:5d:89:36:db:f5:3b:40:58:ba:0b:66:89:
                    e4:10:b9:7a:b2:e6:15:23:da:b6:ba:c0:a1:f3:62:
                    aa:3f:97:ba:5f:e1:de:e9:7c:62:0f:51:09:ac:0f:
                    cc:12:d0:a8:ff:24:33:e7:8d:48:6f:86:0f:42:63:
                    a3:d1:a4:b3:5d:dc:ff:58:23:20:b4:98:6d:94:02:
                    46:24:de:41:e1:24:3f:19:17:38:2d:69:24:1e:cc:
                    b9:a1:a6:94:99:14:a6:4c:18:a9:03:1a:0e:c6:47:
                    b3:d5:66:18:ac:d4:5e:04:e6:47:c4:12:15:a4:b4:
                    0f:42:48:bc:c8:84:aa:46:1d:8c:92:4c:7e:2e:55:
                    cf:0e:3b:74:b4:2f:c1:73:1f:20:01:0b:26:ee:d9:
                    35:6c:7c:95:f7:86:9b:3b:eb:52:60:9a:1b:63:bd:
                    95:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:8A:2A:38:4A:02:34:4A:81:E3:CB:E7:E2:96:39:08:37:D7:A5:1B
            X509v3 Authority Key Identifier:
                keyid:7B:A7:FD:A6:A6:92:23:6C:22:3F:74:D6:3E:A7:BB:9F:EF:2F:12:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/eIoqOEoCNEqB48vn4pY5CDfXpRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/ae9cef-e937-4f80-9978-db4ad25d99a8/1/e6f9pqaSI2wiP3TWPqe7n-8vEnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.214.0/23
                  185.145.246.0/24
                IPv6:
                  2a10:1e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:d8:ef:bb:0d:7d:f4:99:3f:b7:cb:07:94:6d:a8:9d:c1:13:
         2f:e2:32:4b:25:e1:05:6e:f0:3b:1f:9e:00:17:78:5d:f4:d5:
         17:81:0c:3a:fb:ae:2c:3b:85:6d:6c:d1:88:73:86:17:ce:62:
         76:6a:7b:a9:31:eb:6e:ae:e6:fe:f6:1a:03:df:f5:7e:29:3a:
         8d:1e:84:e8:d5:e7:1e:b7:84:c7:16:05:3f:22:96:45:90:28:
         e9:3b:40:82:d6:2c:3d:53:5c:03:6c:e2:64:77:d2:30:07:e2:
         6a:a8:e1:18:4a:de:9a:0b:e0:3d:33:dd:03:61:b3:9b:3a:95:
         f9:44:f2:4e:2c:65:d6:e0:5c:93:99:b2:51:f8:c0:24:e7:7d:
         4d:88:fd:2a:e1:33:ed:43:c4:16:0f:8c:6a:e8:ed:7c:7a:cb:
         ae:3a:30:01:bd:be:4d:a8:73:99:98:41:d8:c7:8b:26:49:64:
         9c:d4:26:91:fa:34:52:c2:7f:fd:bc:80:73:12:bc:62:b3:d7:
         94:b5:4d:3e:eb:17:d3:10:c4:0c:22:d1:e7:f5:94:07:35:7e:
         33:e8:40:c0:26:8b:55:7b:5c:d6:5c:fa:3a:f7:f5:95:9e:f1:
         c0:a8:e3:d3:7b:e7:81:bb:80:a9:f0:e5:03:0c:bd:8c:98:95:
         fe:4c:65:e4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZD+1nAvoVxnjDs7lBr8GUO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYTdmZGE2YTY5MjIzNmMyMjNmNzRkNjNlYTdiYjlmZWYy
ZjEyNzQwHhcNMjQwNzI5MTQxMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODhhMmEzODRhMDIzNDRhODFlM2NiZTdlMjk2MzkwODM3ZDdhNTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7Z6CLVwqTWqzMwG5X4USpybzZqD
IlNT7VBjowu7GTeKo+zBHVgf6uR8pNJSAjICGfV1eNsGwPjIharBJRD84PSF8KJ3
T+jqYU8NRgeDYL/Ot3tbndg+shMTSbddiTbb9TtAWLoLZonkELl6suYVI9q2usCh
82KqP5e6X+He6XxiD1EJrA/MEtCo/yQz541Ib4YPQmOj0aSzXdz/WCMgtJhtlAJG
JN5B4SQ/GRc4LWkkHsy5oaaUmRSmTBipAxoOxkez1WYYrNReBOZHxBIVpLQPQki8
yISqRh2Mkkx+LlXPDjt0tC/Bcx8gAQsm7tk1bHyV94abO+tSYJobY72VkwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHiKKjhKAjRKgePL5+KWOQg316UbMB8GA1UdIwQY
MBaAFHun/aamkiNsIj901j6nu5/vLxJ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZmOXBxYVNJMndpUDNUV1BxZTduLTh2RW5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9hZTljZWYtZTkzNy00ZjgwLTk5Nzgt
ZGI0YWQyNWQ5OWE4LzEvZUlvcU9Fb0NORXFCNDh2bjRwWTVDRGZYcFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9hZTljZWYtZTkzNy00ZjgwLTk5NzgtZGI0YWQyNWQ5OWE4
LzEvZTZmOXBxYVNJMndpUDNUV1BxZTduLTh2RW5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBWR/WAwQA
uZH2MA0EAgACMAcDBQMqEB5AMA0GCSqGSIb3DQEBCwUAA4IBAQBo2O+7DX30mT+3
yweUbaidwRMv4jJLJeEFbvA7H54AF3hd9NUXgQw6+64sO4VtbNGIc4YXzmJ2anup
Meturub+9hoD3/V+KTqNHoTo1ecet4THFgU/IpZFkCjpO0CC1iw9U1wDbOJkd9Iw
B+JqqOEYSt6aC+A9M90DYbObOpX5RPJOLGXW4FyTmbJR+MAk531NiP0q4TPtQ8QW
D4xq6O18esuuOjABvb5NqHOZmEHYx4smSWSc1CaR+jRSwn/9vIBzErxis9eUtU0+
6xfTEMQMItHn9ZQHNX4z6EDAJotVe1zWXPo69/WVnvHAqOPTe+eBu4Cp8OUDDL2M
mJX+TGXk
-----END CERTIFICATE-----