Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/7xXy4T2TIgi-3n2fM8KROSkxbkg.roa
File:                     7xXy4T2TIgi-3n2fM8KROSkxbkg.roa (raw, json)
Hash identifier:          l7gfuKpZYzgiGz1jCcTlBHIX22zYR2aQZ4mU1OZrMI4=
Subject key identifier:   EF:15:F2:E1:3D:93:22:08:BE:DE:7D:9F:33:C2:91:39:29:31:6E:48
Certificate issuer:       /CN=b541558181f7863119bf4a1554c75dab1f6c5292
Certificate serial:       01918F025ED56FBAFF23497627D3D4DF91A0
Authority key identifier: B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/7xXy4T2TIgi-3n2fM8KROSkxbkg.roa
Signing time:             Mon 26 Aug 2024 14:06:22 +0000
ROA not before:           Mon 26 Aug 2024 14:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207957
IP address blocks:        89.169.12.0/24 maxlen: 24
                          89.169.13.0/24 maxlen: 24
                          89.169.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8f:02:5e:d5:6f:ba:ff:23:49:76:27:d3:d4:df:91:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b541558181f7863119bf4a1554c75dab1f6c5292
        Validity
            Not Before: Aug 26 14:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef15f2e13d932208bede7d9f33c2913929316e48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ca:36:99:e9:85:93:42:df:fb:80:11:62:f2:
                    04:a3:a1:a3:f9:f4:aa:a5:04:d9:03:3a:5c:55:9a:
                    65:a5:45:73:36:41:43:9b:58:83:93:42:74:1a:b9:
                    61:b8:07:bc:75:23:70:9f:81:4d:99:b4:bd:6a:29:
                    96:26:cb:a2:98:32:08:ba:0d:45:cd:d4:b4:32:1c:
                    40:55:30:c0:96:88:48:2d:63:75:5c:7a:6e:cb:6c:
                    e9:45:10:eb:c4:a2:d1:cd:96:91:4b:5a:a0:12:96:
                    69:5b:8c:60:50:fd:0e:f3:fb:d9:da:4e:dd:8c:1e:
                    6f:24:c4:a7:da:28:8d:cf:b6:6a:a5:61:29:e9:3a:
                    2f:b3:51:5d:79:81:ba:2e:ce:2b:61:27:80:12:e6:
                    13:17:bf:52:8c:9a:c1:9b:54:7e:46:54:4e:bd:5e:
                    d4:f8:9c:4c:30:2e:59:3f:51:97:64:bd:3b:de:2b:
                    ea:29:aa:d5:46:74:18:70:3e:f0:00:96:db:90:61:
                    63:91:76:48:50:20:81:fd:d6:b3:3e:45:e2:89:da:
                    00:9b:f8:b8:c4:cb:85:28:ec:4b:c5:d4:ce:d5:09:
                    45:1f:89:99:8f:bd:08:8c:ae:2e:cf:74:0f:1a:5a:
                    54:ad:50:98:e9:57:71:0f:9d:28:63:6b:26:9f:98:
                    8a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:15:F2:E1:3D:93:22:08:BE:DE:7D:9F:33:C2:91:39:29:31:6E:48
            X509v3 Authority Key Identifier:
                keyid:B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/7xXy4T2TIgi-3n2fM8KROSkxbkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.169.12.0-89.169.14.255

    Signature Algorithm: sha256WithRSAEncryption
         5c:b4:af:3e:6d:a9:22:62:74:76:0a:75:52:db:02:29:36:0a:
         39:e7:ad:98:e5:94:93:b8:fe:88:84:cc:58:a6:9e:06:2b:32:
         28:2d:fd:e9:36:7e:7b:a7:cb:d5:6c:8d:3b:3a:4e:cd:0e:84:
         2f:58:85:18:c1:ce:d9:3d:61:26:b0:fc:32:27:d2:5f:8d:95:
         78:26:be:29:bb:3b:c2:e6:29:97:fa:b7:93:5f:15:d8:e9:de:
         de:8a:92:f0:37:c8:54:30:c4:44:19:1e:22:48:74:c7:53:7e:
         6c:ad:01:3f:d7:0c:77:f7:28:0d:fc:f0:52:8a:59:4c:43:7d:
         80:12:9c:58:0e:6d:75:4b:da:05:fc:80:b4:39:fa:7c:7c:29:
         d9:a1:97:17:8c:8e:1e:4d:02:14:62:9e:24:b3:b7:42:a9:a8:
         90:1b:a8:6e:a7:24:f1:34:16:e5:f2:1d:6c:18:44:31:e9:2a:
         e7:1b:0a:db:2c:d7:2d:36:c9:f2:8f:53:27:f4:a0:f4:1b:12:
         f4:e7:f0:22:47:27:cb:94:e2:b5:e7:7c:8d:6a:54:75:71:6b:
         be:dc:0f:2c:7a:96:03:49:17:a3:e9:3d:12:15:91:7f:b1:36:
         b1:ba:ce:cf:c1:86:a4:13:3f:ce:35:75:95:d5:c8:fc:d0:9a:
         8a:c6:ea:81
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZGPAl7Vb7r/I0l2J9PU35GgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDE1NTgxODFmNzg2MzExOWJmNGExNTU0Yzc1ZGFiMWY2
YzUyOTIwHhcNMjQwODI2MTQwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjE1ZjJlMTNkOTMyMjA4YmVkZTdkOWYzM2MyOTEzOTI5MzE2ZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Mo2memFk0Lf+4ARYvIEo6Gj+fSq
pQTZAzpcVZplpUVzNkFDm1iDk0J0GrlhuAe8dSNwn4FNmbS9aimWJsuimDIIug1F
zdS0MhxAVTDAlohILWN1XHpuy2zpRRDrxKLRzZaRS1qgEpZpW4xgUP0O8/vZ2k7d
jB5vJMSn2iiNz7ZqpWEp6Tovs1FdeYG6Ls4rYSeAEuYTF79SjJrBm1R+RlROvV7U
+JxMMC5ZP1GXZL073ivqKarVRnQYcD7wAJbbkGFjkXZIUCCB/dazPkXiidoAm/i4
xMuFKOxLxdTO1QlFH4mZj70IjK4uz3QPGlpUrVCY6VdxD50oY2smn5iK+wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO8V8uE9kyIIvt59nzPCkTkpMW5IMB8GA1UdIwQY
MBaAFLVBVYGB94YxGb9KFVTHXasfbFKSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMt
NTcxYjZjNjEyYmVjLzEvN3hYeTRUMlRJZ2ktM24yZk04S1JPU2t4YmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMtNTcxYjZjNjEyYmVj
LzEvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJZqQwD
BABZqQ4wDQYJKoZIhvcNAQELBQADggEBAFy0rz5tqSJidHYKdVLbAik2CjnnrZjl
lJO4/oiEzFimngYrMigt/ek2fnuny9VsjTs6Ts0OhC9YhRjBztk9YSaw/DIn0l+N
lXgmvim7O8LmKZf6t5NfFdjp3t6KkvA3yFQwxEQZHiJIdMdTfmytAT/XDHf3KA38
8FKKWUxDfYASnFgObXVL2gX8gLQ5+nx8KdmhlxeMjh5NAhRiniSzt0KpqJAbqG6n
JPE0FuXyHWwYRDHpKucbCtss1y02yfKPUyf0oPQbEvTn8CJHJ8uU4rXnfI1qVHVx
a77cDyx6lgNJF6PpPRIVkX+xNrG6zs/BhqQTP841dZXVyPzQmorG6oE=
-----END CERTIFICATE-----