Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/6K7zDxinzXBO6KnX04w2EowA6Eo.roa
File:                     6K7zDxinzXBO6KnX04w2EowA6Eo.roa (raw, json)
Hash identifier:          NZLb7kRQTV3gLdtkDoMRT+rxDgdkZ+Lk6d41hpqTpnY=
Subject key identifier:   E8:AE:F3:0F:18:A7:CD:70:4E:E8:A9:D7:D3:8C:36:12:8C:00:E8:4A
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019112482B3463D18F4E9DA8C4783E429CF6
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/6K7zDxinzXBO6KnX04w2EowA6Eo.roa
Signing time:             Fri 02 Aug 2024 08:50:05 +0000
ROA not before:           Fri 02 Aug 2024 08:50:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        89.40.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:48:2b:34:63:d1:8f:4e:9d:a8:c4:78:3e:42:9c:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug  2 08:50:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8aef30f18a7cd704ee8a9d7d38c36128c00e84a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:be:8e:91:e8:9f:80:8f:15:17:5e:8d:6b:7d:
                    0a:9f:a3:1c:95:67:ac:8a:bd:ab:a5:b8:37:86:0b:
                    00:d9:86:2a:be:a7:17:72:b2:5a:fc:fc:84:06:c9:
                    4e:33:af:0b:85:5f:a8:d6:dd:e6:ec:c9:cd:69:29:
                    ef:32:06:17:e3:71:67:a7:61:34:7f:10:3b:67:5f:
                    b3:ba:40:aa:ec:c8:c2:fc:8f:15:23:14:17:aa:6c:
                    d0:e5:8a:92:87:c6:d5:43:7d:10:84:37:cf:3f:0c:
                    7e:5e:79:0f:1b:9e:96:cf:0b:43:ca:38:1b:f3:8a:
                    03:07:92:50:35:59:81:7f:78:58:c3:23:18:79:fc:
                    be:2f:52:5e:e2:d5:d2:ec:ef:17:96:7b:b9:5c:73:
                    57:c6:f4:2c:5c:e4:51:3f:32:fb:3d:fd:d4:65:8b:
                    7c:3e:19:4f:47:a8:21:03:54:bc:1b:73:a6:f8:1d:
                    be:7a:2b:e7:10:7a:b1:60:b3:17:d6:f3:4f:ff:29:
                    01:56:78:f3:86:b5:f2:e5:34:2e:06:16:33:82:d3:
                    9a:ad:7f:2c:d7:1d:5a:35:1a:3b:99:e4:90:63:e2:
                    be:ef:e3:e2:5d:c8:2a:45:1c:c7:34:35:07:18:cc:
                    31:ea:ff:f2:18:45:59:ea:55:8d:39:3b:47:99:28:
                    71:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:AE:F3:0F:18:A7:CD:70:4E:E8:A9:D7:D3:8C:36:12:8C:00:E8:4A
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/6K7zDxinzXBO6KnX04w2EowA6Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:87:71:26:27:40:dc:4f:d7:d1:27:33:60:4f:33:05:fe:33:
         c5:33:9f:ce:a1:f4:0a:37:57:eb:fd:02:48:af:6e:eb:b9:a9:
         a2:cf:19:db:2e:bd:ec:ab:e7:bc:7d:92:b6:d9:88:5b:dc:db:
         71:91:7c:e5:16:8a:22:12:80:3e:f8:fb:7d:60:92:98:54:31:
         24:76:f7:a4:86:96:ba:e3:5d:96:3e:9c:5b:6b:68:6f:a1:f6:
         10:9e:79:3b:c3:0f:a1:92:26:85:86:07:82:d6:ad:c1:85:e3:
         49:e2:1c:41:20:2a:5b:eb:14:11:38:58:a1:b6:72:18:2d:7a:
         37:09:e6:1a:cc:de:da:22:54:40:70:8b:0b:04:40:fc:3e:a7:
         d2:c5:7d:03:5d:ca:8f:13:1d:10:d3:1a:b5:b3:ae:3f:3b:93:
         55:fb:d1:f9:1e:79:58:f9:c8:39:62:58:f3:a8:9e:d9:98:f4:
         a2:01:1a:eb:c9:14:51:37:57:4d:73:bd:03:b7:7b:23:bc:1a:
         d9:c5:dc:29:f1:54:38:b3:aa:7d:e3:7b:f4:a1:f8:4d:77:96:
         53:ad:17:d1:f1:bc:60:45:11:37:c1:eb:d7:c9:67:8a:fd:80:
         de:0e:32:71:64:22:2e:a5:32:71:93:49:49:d0:5e:72:0f:98:
         88:ee:a6:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZESSCs0Y9GPTp2oxHg+Qpz2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwODAyMDg1MDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGFlZjMwZjE4YTdjZDcwNGVlOGE5ZDdkMzhjMzYxMjhjMDBlODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2r6OkeifgI8VF16Na30Kn6MclWes
ir2rpbg3hgsA2YYqvqcXcrJa/PyEBslOM68LhV+o1t3m7MnNaSnvMgYX43Fnp2E0
fxA7Z1+zukCq7MjC/I8VIxQXqmzQ5YqSh8bVQ30QhDfPPwx+XnkPG56WzwtDyjgb
84oDB5JQNVmBf3hYwyMYefy+L1Je4tXS7O8Xlnu5XHNXxvQsXORRPzL7Pf3UZYt8
PhlPR6ghA1S8G3Om+B2+eivnEHqxYLMX1vNP/ykBVnjzhrXy5TQuBhYzgtOarX8s
1x1aNRo7meSQY+K+7+PiXcgqRRzHNDUHGMwx6v/yGEVZ6lWNOTtHmShxFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiu8w8Yp81wTuip19OMNhKMAOhKMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvNks3ekR4aW56WEJPNktuWDA0dzJFb3dBNkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSimMA0G
CSqGSIb3DQEBCwUAA4IBAQCGh3EmJ0DcT9fRJzNgTzMF/jPFM5/OofQKN1fr/QJI
r27ruamizxnbLr3sq+e8fZK22Yhb3NtxkXzlFooiEoA++Pt9YJKYVDEkdvekhpa6
412WPpxba2hvofYQnnk7ww+hkiaFhgeC1q3BheNJ4hxBICpb6xQROFihtnIYLXo3
CeYazN7aIlRAcIsLBED8PqfSxX0DXcqPEx0Q0xq1s64/O5NV+9H5HnlY+cg5Yljz
qJ7ZmPSiARrryRRRN1dNc70Dt3sjvBrZxdwp8VQ4s6p943v0ofhNd5ZTrRfR8bxg
RRE3wevXyWeK/YDeDjJxZCIupTJxk0lJ0F5yD5iI7qbb
-----END CERTIFICATE-----