Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/7GAi5jXyv6VY2o4Nb-4InA18q60.roa
File:                     7GAi5jXyv6VY2o4Nb-4InA18q60.roa (raw, json)
Hash identifier:          rURMUB2XorA27cHZjGvYKlb1nOx6oKcS/uBeCH1PARQ=
Subject key identifier:   EC:60:22:E6:35:F2:BF:A5:58:DA:8E:0D:6F:EE:08:9C:0D:7C:AB:AD
Certificate issuer:       /CN=ca707e086640056bc271d5d2b3e24d01440baa04
Certificate serial:       018F0636D928F0E8AD4A29CFE628A237C834
Authority key identifier: CA:70:7E:08:66:40:05:6B:C2:71:D5:D2:B3:E2:4D:01:44:0B:AA:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/7GAi5jXyv6VY2o4Nb-4InA18q60.roa
Signing time:             Mon 22 Apr 2024 14:30:08 +0000
ROA not before:           Mon 22 Apr 2024 14:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        89.106.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/ynB-CGZABWvCcdXSs-JNAUQLqgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/ynB-CGZABWvCcdXSs-JNAUQLqgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:36:d9:28:f0:e8:ad:4a:29:cf:e6:28:a2:37:c8:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca707e086640056bc271d5d2b3e24d01440baa04
        Validity
            Not Before: Apr 22 14:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec6022e635f2bfa558da8e0d6fee089c0d7cabad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:55:89:c7:4e:e9:b8:73:9c:c2:73:30:92:10:
                    44:36:94:c1:0a:ed:f9:4a:28:8b:28:e2:1b:ce:a5:
                    bc:ed:17:e7:bc:7b:6f:40:52:6e:44:3d:8f:37:13:
                    a1:e0:71:e0:f4:ac:2b:9e:58:b5:86:1a:de:b5:f1:
                    cc:22:ae:27:72:df:d1:69:01:7b:ef:89:07:77:fb:
                    e1:83:21:73:e3:58:10:45:e2:e6:af:5d:cf:cc:39:
                    0a:df:f9:ef:98:b9:fe:ef:7d:ff:93:30:a1:2f:15:
                    e7:84:2d:7b:be:da:bc:30:38:57:ca:e6:9a:74:87:
                    a8:34:82:30:3c:c3:48:60:89:85:81:3c:8e:27:9a:
                    d7:c8:e1:f3:82:8f:f1:20:c1:80:5d:54:ac:21:06:
                    cd:9d:13:ea:88:bd:f5:a9:41:50:e1:04:ce:5b:9b:
                    20:d5:22:31:d7:54:c8:23:0f:eb:1e:84:20:3c:cf:
                    f7:78:e8:00:3d:3a:2b:4e:49:22:14:9a:53:0d:a6:
                    b7:cf:61:62:1a:2d:4e:4a:5b:0f:80:13:69:f1:c8:
                    24:09:e5:4f:88:cf:ba:f2:01:56:e1:a9:b2:12:99:
                    05:cd:1b:ea:d6:40:96:ef:ca:3a:75:d5:f4:12:7f:
                    a7:ea:3f:bf:91:69:96:cc:d2:11:e3:cc:08:7f:98:
                    4e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:60:22:E6:35:F2:BF:A5:58:DA:8E:0D:6F:EE:08:9C:0D:7C:AB:AD
            X509v3 Authority Key Identifier:
                keyid:CA:70:7E:08:66:40:05:6B:C2:71:D5:D2:B3:E2:4D:01:44:0B:AA:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/7GAi5jXyv6VY2o4Nb-4InA18q60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/ynB-CGZABWvCcdXSs-JNAUQLqgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:a3:27:ef:f4:77:5e:e6:45:8d:59:8e:9b:5d:8d:4c:a0:f9:
         c3:22:2c:5c:d0:1f:93:96:44:8b:20:26:ab:21:e9:1c:da:d4:
         6e:ec:79:78:62:22:d5:66:32:7f:8e:7f:2b:ce:12:22:03:2b:
         65:20:ee:d6:56:d5:5d:35:da:c2:af:0c:77:74:83:85:46:14:
         25:7a:96:9d:ab:0a:b2:91:77:47:e3:73:79:64:09:11:5a:b2:
         f9:b9:6e:fe:4d:a6:c9:a5:b5:df:e3:f6:60:f6:0a:84:39:96:
         46:79:40:c6:ef:72:cd:6c:14:6f:06:ec:bb:fb:c2:98:74:04:
         74:7d:00:2d:a7:7a:b4:c0:98:82:c2:eb:08:9a:86:5c:2c:a8:
         2e:2f:a4:d7:bf:94:c8:97:a2:5b:f5:73:b3:96:19:e2:30:b4:
         9e:e7:c5:52:6d:6b:c2:72:a6:2a:c1:ea:d7:44:f2:53:a3:3b:
         cd:07:f1:f2:67:ea:d9:bc:a5:95:ff:7d:91:54:3e:8f:1e:59:
         41:b0:20:c0:f8:50:ba:3f:81:df:c9:19:1c:bd:3e:05:19:17:
         6b:71:55:bd:04:19:11:7a:38:b4:ee:a9:86:df:80:49:a7:f6:
         fb:bf:2a:7c:3b:b6:1f:d7:1c:9d:d6:f3:f2:8c:6a:f0:68:1a:
         d8:e4:6a:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8GNtko8OitSinP5iiiN8g0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNzA3ZTA4NjY0MDA1NmJjMjcxZDVkMmIzZTI0ZDAxNDQw
YmFhMDQwHhcNMjQwNDIyMTQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzYwMjJlNjM1ZjJiZmE1NThkYThlMGQ2ZmVlMDg5YzBkN2NhYmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1WJx07puHOcwnMwkhBENpTBCu35
SiiLKOIbzqW87RfnvHtvQFJuRD2PNxOh4HHg9Kwrnli1hhretfHMIq4nct/RaQF7
74kHd/vhgyFz41gQReLmr13PzDkK3/nvmLn+733/kzChLxXnhC17vtq8MDhXyuaa
dIeoNIIwPMNIYImFgTyOJ5rXyOHzgo/xIMGAXVSsIQbNnRPqiL31qUFQ4QTOW5sg
1SIx11TIIw/rHoQgPM/3eOgAPTorTkkiFJpTDaa3z2FiGi1OSlsPgBNp8cgkCeVP
iM+68gFW4amyEpkFzRvq1kCW78o6ddX0En+n6j+/kWmWzNIR48wIf5hOFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxgIuY18r+lWNqODW/uCJwNfKutMB8GA1UdIwQY
MBaAFMpwfghmQAVrwnHV0rPiTQFEC6oEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW5CLUNHWkFCV3ZDY2RYU3MtSk5BVVFMcWdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zNzZjY2QtZGVmYS00MDI4LWFmMWMt
Yjk5Y2UzMGQ4MzlmLzEvN0dBaTVqWHl2NlZZMm80TmItNEluQTE4cTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zNzZjY2QtZGVmYS00MDI4LWFmMWMtYjk5Y2UzMGQ4Mzlm
LzEveW5CLUNHWkFCV3ZDY2RYU3MtSk5BVVFMcWdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWrNMA0G
CSqGSIb3DQEBCwUAA4IBAQCAoyfv9Hde5kWNWY6bXY1MoPnDIixc0B+TlkSLICar
Iekc2tRu7Hl4YiLVZjJ/jn8rzhIiAytlIO7WVtVdNdrCrwx3dIOFRhQlepadqwqy
kXdH43N5ZAkRWrL5uW7+TabJpbXf4/Zg9gqEOZZGeUDG73LNbBRvBuy7+8KYdAR0
fQAtp3q0wJiCwusImoZcLKguL6TXv5TIl6Jb9XOzlhniMLSe58VSbWvCcqYqwerX
RPJTozvNB/HyZ+rZvKWV/32RVD6PHllBsCDA+FC6P4HfyRkcvT4FGRdrcVW9BBkR
eji07qmG34BJp/b7vyp8O7Yf1xyd1vPyjGrwaBrY5Gq3
-----END CERTIFICATE-----