Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/2zV_ea94pAzBetHTuu9Dly46S34.roa
File:                     2zV_ea94pAzBetHTuu9Dly46S34.roa (raw, json)
Hash identifier:          6eYpiesMeSHeh3ORVKxpdbSkwTWmOvcHweO8pjBy3ug=
Subject key identifier:   DB:35:7F:79:AF:78:A4:0C:C1:7A:D1:D3:BA:EF:43:97:2E:3A:4B:7E
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802CEF1647A22433FDFCC20FAE530F4
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/2zV_ea94pAzBetHTuu9Dly46S34.roa
Signing time:             Tue 02 Jan 2024 02:31:16 +0000
ROA not before:           Tue 02 Jan 2024 02:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207752
IP address blocks:        89.44.141.0/24 maxlen: 24
                          89.44.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:ce:f1:64:7a:22:43:3f:df:cc:20:fa:e5:30:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db357f79af78a40cc17ad1d3baef43972e3a4b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b7:ac:6f:bd:62:d2:cd:7a:81:8b:ca:cd:86:
                    73:5b:fb:39:98:f0:67:22:5f:c3:f3:23:fa:c6:cd:
                    39:37:1e:4a:5d:34:59:82:f4:91:66:44:f9:92:d0:
                    83:a6:e9:5d:07:f4:b3:5e:21:d7:66:4c:61:59:c9:
                    b3:3f:fe:75:15:d2:d9:1f:65:9d:5c:37:d6:7a:9d:
                    69:b5:28:43:38:01:54:38:60:3a:16:79:cc:f0:6f:
                    91:03:78:09:7a:8f:31:65:76:8c:57:1f:56:6d:24:
                    ce:36:fc:b5:36:10:65:b0:bc:43:19:3a:f8:90:a5:
                    c9:bb:59:bf:74:09:ee:5c:3e:9b:00:f6:af:ab:f5:
                    60:ac:9f:9e:d5:12:25:fd:64:95:ae:f4:37:38:9e:
                    6d:04:16:e9:fb:01:b4:65:c0:6d:7a:05:b1:88:0c:
                    84:08:d3:17:70:da:3a:1d:e6:fb:8b:a5:d5:ad:4b:
                    94:75:3d:73:b0:f5:32:1e:71:5e:e9:d6:6e:d6:f1:
                    76:06:9a:d4:0c:e2:d7:ef:7f:57:18:55:1d:68:ac:
                    d0:59:ef:68:01:6a:01:4c:c6:c4:e7:a3:bc:60:ad:
                    c4:df:ac:bb:c7:31:94:02:ff:ac:2d:a0:d1:5c:e1:
                    ff:e6:8c:3c:7d:23:27:75:99:3d:65:85:44:4f:3b:
                    dc:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:35:7F:79:AF:78:A4:0C:C1:7A:D1:D3:BA:EF:43:97:2E:3A:4B:7E
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/2zV_ea94pAzBetHTuu9Dly46S34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:31:25:d2:a6:98:11:54:9b:f3:3d:7d:50:ca:52:84:bf:e9:
         6e:47:51:60:71:94:9c:b1:50:e8:58:15:d3:fa:93:3e:36:2a:
         cd:29:9e:8e:5b:24:8d:16:3b:56:4a:35:e9:26:4a:7b:b8:89:
         84:e0:4c:fe:42:99:d2:50:86:26:03:bf:18:a4:33:70:be:37:
         db:f0:40:e1:cb:a3:78:1f:46:fb:cf:7e:36:8a:b3:a1:32:3f:
         9b:fa:a6:90:c7:70:29:c3:a4:93:26:72:6e:8b:6f:fd:99:b2:
         d1:04:3d:46:f4:53:60:77:30:d9:b1:44:c0:48:af:6c:03:c5:
         9e:dc:de:df:e9:e2:2d:d3:7c:16:1b:fc:02:dc:19:0a:19:71:
         47:db:52:35:68:c4:c1:2f:1f:b8:15:72:a9:4d:3a:bd:c7:3e:
         ad:ac:dd:62:04:ba:af:dd:84:72:b1:46:54:fd:4c:51:f7:dc:
         59:19:fe:c9:16:30:da:4c:4d:cf:19:f8:bf:60:22:5b:a1:02:
         5b:41:69:06:d3:f2:3f:ab:8f:b1:81:f7:1b:88:7f:59:db:f3:
         68:bb:6c:7e:5d:60:4b:e0:d0:74:9e:d3:37:b3:40:7f:15:14:
         f6:d7:7e:64:cd:87:83:ee:23:fd:3f:21:db:53:22:76:b2:38:
         26:ff:f0:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAs7xZHoiQz/fzCD65TD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjM1N2Y3OWFmNzhhNDBjYzE3YWQxZDNiYWVmNDM5NzJlM2E0YjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqresb71i0s16gYvKzYZzW/s5mPBn
Il/D8yP6xs05Nx5KXTRZgvSRZkT5ktCDpuldB/SzXiHXZkxhWcmzP/51FdLZH2Wd
XDfWep1ptShDOAFUOGA6FnnM8G+RA3gJeo8xZXaMVx9WbSTONvy1NhBlsLxDGTr4
kKXJu1m/dAnuXD6bAPavq/VgrJ+e1RIl/WSVrvQ3OJ5tBBbp+wG0ZcBtegWxiAyE
CNMXcNo6Heb7i6XVrUuUdT1zsPUyHnFe6dZu1vF2BprUDOLX739XGFUdaKzQWe9o
AWoBTMbE56O8YK3E36y7xzGUAv+sLaDRXOH/5ow8fSMndZk9ZYVETzvc6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs1f3mveKQMwXrR07rvQ5cuOkt+MB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvMnpWX2VhOTRwQXpCZXRIVHV1OURseTQ2UzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSyMMA0G
CSqGSIb3DQEBCwUAA4IBAQApMSXSppgRVJvzPX1QylKEv+luR1FgcZScsVDoWBXT
+pM+NirNKZ6OWySNFjtWSjXpJkp7uImE4Ez+QpnSUIYmA78YpDNwvjfb8EDhy6N4
H0b7z342irOhMj+b+qaQx3Apw6STJnJui2/9mbLRBD1G9FNgdzDZsUTASK9sA8We
3N7f6eIt03wWG/wC3BkKGXFH21I1aMTBLx+4FXKpTTq9xz6trN1iBLqv3YRysUZU
/UxR99xZGf7JFjDaTE3PGfi/YCJboQJbQWkG0/I/q4+xgfcbiH9Z2/Nou2x+XWBL
4NB0ntM3s0B/FRT2135kzYeD7iP9PyHbUyJ2sjgm//A1
-----END CERTIFICATE-----