Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/6ZtoYF9Rvn8xG2oE8uBTfPW6uzs.roa
File:                     6ZtoYF9Rvn8xG2oE8uBTfPW6uzs.roa (raw, json)
Hash identifier:          26NO/pTmi2K7qXqzSVAehia1t9w84vDMml7L9yDpdrc=
Subject key identifier:   E9:9B:68:60:5F:51:BE:7F:31:1B:6A:04:F2:E0:53:7C:F5:BA:BB:3B
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0190EDCF9D43C06B9B850D35413FF02E2697
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/6ZtoYF9Rvn8xG2oE8uBTfPW6uzs.roa
Signing time:             Fri 26 Jul 2024 06:52:04 +0000
ROA not before:           Fri 26 Jul 2024 06:52:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215106
IP address blocks:        62.89.216.0/24 maxlen: 24
                          81.23.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ed:cf:9d:43:c0:6b:9b:85:0d:35:41:3f:f0:2e:26:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jul 26 06:52:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e99b68605f51be7f311b6a04f2e0537cf5babb3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:9a:d0:b0:ab:03:04:ce:b7:95:c7:77:71:53:
                    f1:da:8b:d5:1a:32:36:52:c3:21:e4:26:53:de:f8:
                    8f:17:ae:a9:4f:1e:c3:e7:03:5a:82:42:4c:22:f3:
                    59:96:a0:5a:ed:dd:45:e2:84:bc:24:6e:94:b7:d9:
                    4d:80:30:b5:85:5e:8b:d0:14:78:26:fa:3f:68:ec:
                    ea:99:18:95:55:b3:ae:58:d3:0c:27:73:3f:98:8c:
                    e2:eb:f7:70:34:54:2e:44:d0:ca:11:73:65:4c:55:
                    07:4b:04:15:b4:f3:fc:7a:f4:a7:6b:9f:11:9e:2b:
                    de:c4:0a:67:ec:73:d4:0a:a2:18:da:45:a5:56:da:
                    87:e3:e9:cf:54:86:06:8e:f1:c7:0d:7e:91:ec:8b:
                    a7:ce:33:2d:82:7a:cb:12:6e:9e:ae:ef:26:7f:8d:
                    bf:4a:be:69:92:cc:98:7f:b5:e6:3f:2b:04:ca:fb:
                    78:34:eb:f7:5e:d6:ea:e0:c8:29:c5:94:03:df:a1:
                    62:e8:eb:ef:cb:c3:c1:0d:30:b3:be:6a:b4:04:92:
                    d4:50:75:27:0c:57:f0:96:5c:4e:c6:b8:a0:34:b5:
                    5c:88:77:ae:a5:8c:2c:c1:2b:eb:0b:e1:e2:09:af:
                    c6:33:19:7e:bb:ac:34:1d:a4:0e:09:50:cf:6c:17:
                    74:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:9B:68:60:5F:51:BE:7F:31:1B:6A:04:F2:E0:53:7C:F5:BA:BB:3B
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/6ZtoYF9Rvn8xG2oE8uBTfPW6uzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.89.216.0/24
                  81.23.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:ee:33:50:20:d1:57:a5:5c:0f:58:99:14:43:5e:d6:eb:bf:
         89:c1:30:78:c5:6b:cb:10:a8:69:6b:16:ce:2b:c4:7e:eb:34:
         e8:8a:6f:9c:e3:c9:15:d4:b0:c4:38:33:c2:5b:07:3c:71:8d:
         ed:ec:3e:6d:aa:37:98:5c:19:07:37:18:85:68:4c:fe:68:c1:
         11:2d:f4:e7:ff:3b:8f:f2:02:10:48:36:5b:22:b5:fd:e0:7f:
         c1:8e:c0:31:8a:b6:fa:b8:99:f9:35:18:2d:9e:92:41:aa:d4:
         a8:6d:1b:16:90:51:bb:c7:e9:2e:73:a4:9f:81:23:ff:19:98:
         3b:d5:93:df:1f:9e:3f:8b:f9:b8:13:38:07:48:4d:e6:25:37:
         98:c9:f4:5d:63:62:bd:d9:3f:50:e3:fa:a7:ca:95:fc:1a:34:
         ad:c6:31:93:85:a0:36:a0:a1:d5:16:60:6b:92:7a:b9:23:60:
         14:27:32:fd:1f:44:e1:d7:0d:a6:e1:90:8e:72:1e:1d:b3:04:
         93:49:5f:fe:17:6b:9e:88:3c:f2:89:76:d6:c1:e8:57:21:be:
         96:3b:0c:96:b5:80:24:f2:f5:ac:7b:7b:2a:c9:26:cc:18:6f:
         39:13:af:e7:52:e5:b2:6a:ca:b3:51:7b:44:7e:5e:ac:fe:73:
         0a:79:85:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDtz51DwGubhQ01QT/wLiaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwNzI2MDY1MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTliNjg2MDVmNTFiZTdmMzExYjZhMDRmMmUwNTM3Y2Y1YmFiYjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwprQsKsDBM63lcd3cVPx2ovVGjI2
UsMh5CZT3viPF66pTx7D5wNagkJMIvNZlqBa7d1F4oS8JG6Ut9lNgDC1hV6L0BR4
Jvo/aOzqmRiVVbOuWNMMJ3M/mIzi6/dwNFQuRNDKEXNlTFUHSwQVtPP8evSna58R
nivexApn7HPUCqIY2kWlVtqH4+nPVIYGjvHHDX6R7IunzjMtgnrLEm6eru8mf42/
Sr5pksyYf7XmPysEyvt4NOv3Xtbq4MgpxZQD36Fi6Ovvy8PBDTCzvmq0BJLUUHUn
DFfwllxOxrigNLVciHeupYwswSvrC+HiCa/GMxl+u6w0HaQOCVDPbBd0YwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOmbaGBfUb5/MRtqBPLgU3z1urs7MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvNlp0b1lGOVJ2bjh4RzJvRTh1QlRmUFc2dXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPlnYAwQA
URcNMA0GCSqGSIb3DQEBCwUAA4IBAQBJ7jNQINFXpVwPWJkUQ17W67+JwTB4xWvL
EKhpaxbOK8R+6zToim+c48kV1LDEODPCWwc8cY3t7D5tqjeYXBkHNxiFaEz+aMER
LfTn/zuP8gIQSDZbIrX94H/BjsAxirb6uJn5NRgtnpJBqtSobRsWkFG7x+kuc6Sf
gSP/GZg71ZPfH54/i/m4EzgHSE3mJTeYyfRdY2K92T9Q4/qnypX8GjStxjGThaA2
oKHVFmBrknq5I2AUJzL9H0Th1w2m4ZCOch4dswSTSV/+F2ueiDzyiXbWwehXIb6W
OwyWtYAk8vWse3sqySbMGG85E6/nUuWyasqzUXtEfl6s/nMKeYW1
-----END CERTIFICATE-----