Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/7xFb4pIWeKg18ylZXcy08Nqd3G4.roa
File:                     7xFb4pIWeKg18ylZXcy08Nqd3G4.roa (raw, json)
Hash identifier:          je1YOaA6SMM0LYheUVhUQYVpHXV/W8OTnggiPAbs+f4=
Subject key identifier:   EF:11:5B:E2:92:16:78:A8:35:F3:29:59:5D:CC:B4:F0:DA:9D:DC:6E
Certificate issuer:       /CN=e0e3976d9ecb8309a8181fbd025ca52fef161999
Certificate serial:       018CC6B8ABE9B6554D1A71667D00FD838E87
Authority key identifier: E0:E3:97:6D:9E:CB:83:09:A8:18:1F:BD:02:5C:A5:2F:EF:16:19:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4OOXbZ7LgwmoGB-9AlylL-8WGZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/7xFb4pIWeKg18ylZXcy08Nqd3G4.roa
Signing time:             Mon 01 Jan 2024 20:30:40 +0000
ROA not before:           Mon 01 Jan 2024 20:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200348
IP address blocks:        185.179.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/4OOXbZ7LgwmoGB-9AlylL-8WGZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/4OOXbZ7LgwmoGB-9AlylL-8WGZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4OOXbZ7LgwmoGB-9AlylL-8WGZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ab:e9:b6:55:4d:1a:71:66:7d:00:fd:83:8e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0e3976d9ecb8309a8181fbd025ca52fef161999
        Validity
            Not Before: Jan  1 20:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef115be2921678a835f329595dccb4f0da9ddc6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:4e:8e:4c:19:27:d2:3a:17:7a:02:cd:67:20:
                    ea:0a:48:79:44:aa:b7:7d:24:5b:fd:dc:67:b5:22:
                    45:44:ed:41:46:ab:a0:16:94:b4:06:0f:93:a1:ae:
                    2e:90:78:f6:c6:9d:eb:b3:97:20:90:d2:ae:f9:e6:
                    c2:b5:78:7c:87:8e:bc:f7:3f:a5:d2:50:79:a1:85:
                    54:b8:1b:89:5c:8a:88:46:83:4a:fe:5e:1c:ac:de:
                    20:61:4f:ee:ea:8a:fb:fb:07:e0:39:59:c3:7f:28:
                    14:ed:bf:d0:18:e4:4c:45:f7:fa:23:fe:93:d2:38:
                    3d:e1:21:2f:b0:62:7d:a9:a8:d2:a7:ba:f7:fa:7b:
                    41:54:65:c0:4f:e4:d4:b4:21:47:07:fe:e9:7b:f9:
                    13:cb:97:81:39:ad:7a:18:2d:cf:c1:85:8d:6b:4f:
                    9d:3f:97:66:46:53:8f:c6:a7:e6:27:28:1b:15:81:
                    fb:c4:7e:a6:34:c5:56:f5:ff:db:11:76:02:9b:82:
                    cc:10:6c:fd:50:c3:be:8b:c7:05:2b:0c:83:66:a4:
                    74:12:43:31:9c:d7:df:19:8b:5d:c5:3a:4d:f6:75:
                    4b:66:61:3c:29:af:3d:3d:25:95:e2:4c:58:3d:d3:
                    b9:8a:c7:f1:bd:aa:3d:55:8e:e8:5a:c6:1e:a0:40:
                    2e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:11:5B:E2:92:16:78:A8:35:F3:29:59:5D:CC:B4:F0:DA:9D:DC:6E
            X509v3 Authority Key Identifier:
                keyid:E0:E3:97:6D:9E:CB:83:09:A8:18:1F:BD:02:5C:A5:2F:EF:16:19:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4OOXbZ7LgwmoGB-9AlylL-8WGZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/7xFb4pIWeKg18ylZXcy08Nqd3G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/4OOXbZ7LgwmoGB-9AlylL-8WGZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:cf:50:af:de:22:4b:71:3c:8f:19:b7:6f:33:25:39:9b:81:
         da:b8:34:09:1d:3e:f5:47:f3:4e:0b:dc:bb:d1:cc:e1:ab:1f:
         b2:0a:ec:fb:a0:e3:30:c4:bf:7f:39:fb:5d:29:64:a1:22:72:
         1e:ca:c3:6b:20:cb:5f:29:78:2b:56:0b:c9:94:39:e1:37:d2:
         ca:4f:36:b9:6f:25:d6:12:82:55:1e:19:e3:33:f3:a4:a3:1f:
         68:fa:fd:e2:2f:31:3f:ac:6f:cf:b1:25:f3:09:e5:2f:59:51:
         60:10:e2:d1:2b:a6:39:8c:52:07:29:de:d1:dc:3d:31:1a:7b:
         b3:66:3b:4c:0b:9e:5a:81:3e:c3:0c:e3:ad:11:7d:68:19:e8:
         b2:68:3c:f9:ee:27:c3:78:a2:8e:39:fe:d1:39:7a:2e:32:40:
         db:f0:dd:6e:3a:15:7a:b0:db:fd:b0:ad:c4:bc:ed:4a:b4:29:
         19:f6:82:67:ec:cb:ef:b8:e7:96:e8:6f:25:da:5d:66:3a:7e:
         95:ba:5b:87:83:3d:70:05:67:2b:6e:3a:78:c2:c4:ac:83:34:
         84:b5:ac:b2:ff:39:57:01:57:4e:a9:a9:ae:4c:76:f9:66:0e:
         ff:4c:0c:b4:3b:5b:56:21:6a:be:61:42:50:93:81:cf:fc:84:
         02:3a:c0:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuKvptlVNGnFmfQD9g46HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZTM5NzZkOWVjYjgzMDlhODE4MWZiZDAyNWNhNTJmZWYx
NjE5OTkwHhcNMjQwMTAxMjAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjExNWJlMjkyMTY3OGE4MzVmMzI5NTk1ZGNjYjRmMGRhOWRkYzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmk6OTBkn0joXegLNZyDqCkh5RKq3
fSRb/dxntSJFRO1BRqugFpS0Bg+Toa4ukHj2xp3rs5cgkNKu+ebCtXh8h4689z+l
0lB5oYVUuBuJXIqIRoNK/l4crN4gYU/u6or7+wfgOVnDfygU7b/QGORMRff6I/6T
0jg94SEvsGJ9qajSp7r3+ntBVGXAT+TUtCFHB/7pe/kTy5eBOa16GC3PwYWNa0+d
P5dmRlOPxqfmJygbFYH7xH6mNMVW9f/bEXYCm4LMEGz9UMO+i8cFKwyDZqR0EkMx
nNffGYtdxTpN9nVLZmE8Ka89PSWV4kxYPdO5isfxvao9VY7oWsYeoEAuCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8RW+KSFnioNfMpWV3MtPDandxuMB8GA1UdIwQY
MBaAFODjl22ey4MJqBgfvQJcpS/vFhmZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE9PWGJaN0xnd21vR0ItOUFseWxMLThXR1prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9kNjEyYTMtNDYzMS00N2RlLTk0MGQt
OGJlMGQ5NzY4MmFiLzEvN3hGYjRwSVdlS2cxOHlsWlhjeTA4TnFkM0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9kNjEyYTMtNDYzMS00N2RlLTk0MGQtOGJlMGQ5NzY4MmFi
LzEvNE9PWGJaN0xnd21vR0ItOUFseWxMLThXR1prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubNZMA0G
CSqGSIb3DQEBCwUAA4IBAQB1z1Cv3iJLcTyPGbdvMyU5m4HauDQJHT71R/NOC9y7
0czhqx+yCuz7oOMwxL9/OftdKWShInIeysNrIMtfKXgrVgvJlDnhN9LKTza5byXW
EoJVHhnjM/Okox9o+v3iLzE/rG/PsSXzCeUvWVFgEOLRK6Y5jFIHKd7R3D0xGnuz
ZjtMC55agT7DDOOtEX1oGeiyaDz57ifDeKKOOf7ROXouMkDb8N1uOhV6sNv9sK3E
vO1KtCkZ9oJn7MvvuOeW6G8l2l1mOn6VuluHgz1wBWcrbjp4wsSsgzSEtayy/zlX
AVdOqamuTHb5Zg7/TAy0O1tWIWq+YUJQk4HP/IQCOsD0
-----END CERTIFICATE-----