Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/1-6SjtCWGZZthR4RrGfQ-dAu7m3E.roa
File:                     1-6SjtCWGZZthR4RrGfQ-dAu7m3E.roa (raw, json)
Hash identifier:          IFx7FElB4PWBL71wWYbTzdrLVqQEQ4QVJ3/uuJOsVAI=
Subject key identifier:   FB:A4:A3:B4:25:86:65:9B:61:47:84:6B:19:F4:3E:74:0B:BB:9B:71
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       01941FFA3F9CACEDCD853435CA0379D0622C
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/1-6SjtCWGZZthR4RrGfQ-dAu7m3E.roa
Signing time:             Wed 01 Jan 2025 03:48:01 +0000
ROA not before:           Wed 01 Jan 2025 03:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207752
IP address blocks:        89.44.140.0/24 maxlen: 24
                          89.44.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3f:9c:ac:ed:cd:85:34:35:ca:03:79:d0:62:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  1 03:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fba4a3b42586659b6147846b19f43e740bbb9b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:78:49:58:b0:12:d5:75:8e:7d:5e:eb:33:4f:
                    48:ab:f0:1c:57:3f:a1:03:58:c7:5d:c0:32:2c:35:
                    b5:27:4c:a4:8d:5a:f1:bd:84:a2:36:c9:a3:e3:61:
                    82:c4:ff:b0:20:75:83:e3:b9:a1:96:a2:b0:57:fd:
                    ed:f0:49:39:8c:0e:7e:e2:28:4c:34:06:11:d8:b6:
                    93:69:a9:50:27:bc:8e:25:ac:37:7e:77:a0:c8:0b:
                    39:9a:b8:d2:32:6e:ae:a2:f4:c5:b5:7f:27:55:a6:
                    79:c3:d8:61:e1:e6:65:ed:4f:fe:02:69:ef:b8:de:
                    56:34:93:b0:af:ec:7f:5d:2f:87:02:13:70:c3:68:
                    b3:a7:c6:e0:0e:35:f7:79:ba:25:e8:c9:a5:0f:51:
                    c1:c7:03:17:14:85:32:4a:af:af:d7:5d:07:1c:61:
                    f1:25:50:8f:e9:8b:9b:e5:89:d3:d5:dd:f4:8d:0f:
                    91:42:f7:76:fd:c5:c2:5d:88:37:a5:c8:9a:16:83:
                    82:f1:39:05:50:a9:10:b5:0a:23:f1:62:28:5c:56:
                    eb:42:7c:dd:39:9c:44:a6:3e:e0:49:59:ca:45:b8:
                    20:98:52:6d:da:ed:a7:b9:51:b1:9f:8d:12:36:be:
                    f2:b0:88:3b:57:fd:07:8b:8b:85:10:ae:d0:7b:b4:
                    1d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:A4:A3:B4:25:86:65:9B:61:47:84:6B:19:F4:3E:74:0B:BB:9B:71
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/1-6SjtCWGZZthR4RrGfQ-dAu7m3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:fa:b4:48:91:0d:0c:cb:1d:8f:2b:11:ba:32:e4:ac:fc:92:
         37:99:e1:b8:63:bc:cb:8f:3b:d0:59:b9:5a:e1:82:31:60:0a:
         ec:bc:28:aa:50:e6:9d:44:ca:5f:2d:dc:e6:3c:ea:ce:37:67:
         e2:6b:a6:7f:20:c2:b5:77:5e:2e:81:0f:47:4c:37:65:1e:7e:
         43:00:40:b1:ca:61:3a:56:ec:d2:c8:a7:fb:1e:ee:af:e1:79:
         60:4c:20:57:ef:29:9f:3d:3a:aa:0f:48:f1:db:f4:9d:41:47:
         6d:19:87:05:d3:d5:f9:09:36:c6:6a:85:1c:16:4d:aa:c4:5f:
         2a:01:b4:5b:b3:95:3d:f1:bc:84:7a:be:0d:f4:f7:76:3d:44:
         36:c6:cb:c4:64:51:75:49:e3:69:d9:e4:9f:d1:90:a9:45:2d:
         92:42:63:84:3a:ca:c3:3a:d3:3a:5c:da:05:0c:60:ce:6e:e5:
         81:81:a6:a5:ba:48:a3:34:79:a7:df:f6:2a:9e:42:14:6a:34:
         e2:e1:c7:df:4f:a3:c9:25:db:ac:78:ae:20:e8:06:e3:b8:ac:
         af:a3:80:5c:35:fb:e5:4e:61:85:ad:12:3a:fd:2a:38:d9:a8:
         af:e4:00:f9:b6:02:cc:ff:e3:ed:e8:d7:91:55:ba:eb:cb:8b:
         bb:4c:ec:f1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQf+j+crO3NhTQ1ygN50GIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjUwMTAxMDM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmE0YTNiNDI1ODY2NTliNjE0Nzg0NmIxOWY0M2U3NDBiYmI5YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznhJWLAS1XWOfV7rM09Iq/AcVz+h
A1jHXcAyLDW1J0ykjVrxvYSiNsmj42GCxP+wIHWD47mhlqKwV/3t8Ek5jA5+4ihM
NAYR2LaTaalQJ7yOJaw3fnegyAs5mrjSMm6uovTFtX8nVaZ5w9hh4eZl7U/+Amnv
uN5WNJOwr+x/XS+HAhNww2izp8bgDjX3ebol6MmlD1HBxwMXFIUySq+v110HHGHx
JVCP6Yub5YnT1d30jQ+RQvd2/cXCXYg3pciaFoOC8TkFUKkQtQoj8WIoXFbrQnzd
OZxEpj7gSVnKRbggmFJt2u2nuVGxn40SNr7ysIg7V/0Hi4uFEK7Qe7Qd6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuko7QlhmWbYUeEaxn0PnQLu5txMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvMS02U2p0Q1dHWlp0aFI0UnJHZlEtZEF1N20zRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmUvYzM3NDk3LTYzNzYtNDYxZS05M2M2LTk3Nzg2NzRlZGM5
Ny8xL2ZmRXkzeFBrdmxQWUpReU1TRUlDWk83MndVdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVksjDAN
BgkqhkiG9w0BAQsFAAOCAQEAc/q0SJENDMsdjysRujLkrPySN5nhuGO8y4870Fm5
WuGCMWAK7LwoqlDmnUTKXy3c5jzqzjdn4mumfyDCtXdeLoEPR0w3ZR5+QwBAscph
Olbs0sin+x7ur+F5YEwgV+8pnz06qg9I8dv0nUFHbRmHBdPV+Qk2xmqFHBZNqsRf
KgG0W7OVPfG8hHq+DfT3dj1ENsbLxGRRdUnjadnkn9GQqUUtkkJjhDrKwzrTOlza
BQxgzm7lgYGmpbpIozR5p9/2Kp5CFGo04uHH30+jySXbrHiuIOgG47isr6OAXDX7
5U5hha0SOv0qONmor+QA+bYCzP/j7ejXkVW668uLu0zs8Q==
-----END CERTIFICATE-----