Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8AnjP8cTklBJ0JtVbNG8OVZJe1s.roa
File:                     8AnjP8cTklBJ0JtVbNG8OVZJe1s.roa (raw, json)
Hash identifier:          aSbv3UgsXAfRAFxighQZalnm/Ni/uT1cG4Wjg5yAXWQ=
Subject key identifier:   F0:09:E3:3F:C7:13:92:50:49:D0:9B:55:6C:D1:BC:39:56:49:7B:5B
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018DE8894D18BA3CCBD9D8FDD2B4921872CF
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8AnjP8cTklBJ0JtVbNG8OVZJe1s.roa
Signing time:             Tue 27 Feb 2024 03:08:48 +0000
ROA not before:           Tue 27 Feb 2024 03:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20771
IP address blocks:        89.23.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e8:89:4d:18:ba:3c:cb:d9:d8:fd:d2:b4:92:18:72:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Feb 27 03:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f009e33fc713925049d09b556cd1bc3956497b5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:82:48:55:4d:81:2b:01:41:79:9f:ac:ae:94:
                    e5:b3:a8:a3:ab:16:33:fc:40:90:f8:b7:e2:64:7d:
                    ae:75:50:ee:89:af:cb:b6:21:3a:85:db:0d:47:04:
                    f6:85:cd:fd:44:2c:cc:0f:51:aa:1f:06:12:15:3e:
                    e0:3d:26:62:13:6b:97:10:99:09:d3:f7:bf:87:5c:
                    85:24:ad:99:a7:54:fa:63:bf:17:cc:d5:5b:78:0b:
                    4f:d6:dc:b3:a1:e2:fc:56:42:4e:50:eb:61:92:62:
                    4f:2b:b9:5e:f4:85:7c:e8:1a:bb:7a:7b:28:28:39:
                    10:d8:df:56:2b:3e:c0:2e:dd:65:4a:11:79:78:88:
                    17:ed:19:d3:5e:91:80:ba:19:1b:20:60:ff:f9:5e:
                    88:ff:7c:ff:83:49:f0:3e:4b:92:0d:2c:d8:77:10:
                    ca:3a:0f:6e:5b:12:72:0b:4d:1b:48:64:81:c8:49:
                    0a:44:65:df:b9:a2:f5:09:e7:07:6a:b9:5b:51:82:
                    04:29:9a:68:ae:20:d6:97:88:b0:1f:c8:25:e2:50:
                    2c:b1:dd:5f:0c:3c:7b:be:27:40:01:22:be:36:8f:
                    d6:f2:d5:c3:d6:1e:c2:e4:65:ec:e6:73:95:3b:8d:
                    68:55:b1:e2:2d:a2:09:b3:2f:d1:65:e5:51:55:0b:
                    09:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:09:E3:3F:C7:13:92:50:49:D0:9B:55:6C:D1:BC:39:56:49:7B:5B
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8AnjP8cTklBJ0JtVbNG8OVZJe1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:04:76:e4:98:ab:5e:ea:94:2f:64:7d:38:a4:06:9a:9c:b4:
         26:9d:8e:d5:a8:37:6d:4a:1a:8f:f3:62:93:79:c0:3b:8b:49:
         70:cf:e0:1a:ab:d8:73:e7:a9:6d:1a:65:d2:60:67:b0:4a:b8:
         40:42:6b:67:7f:83:93:31:f0:dc:38:a3:44:3a:83:c9:d7:e5:
         97:b6:0f:51:c8:c1:58:3c:97:75:30:64:37:32:d3:27:83:33:
         74:74:90:c2:5f:95:d7:f3:16:94:dd:59:04:0f:d2:3a:f4:2a:
         81:69:d7:28:ea:93:48:0b:26:01:d3:e7:ed:1f:31:f1:96:8a:
         34:4b:a5:5c:b7:1c:bc:6f:01:dc:a5:bd:ca:6f:5b:95:61:b5:
         d8:b7:b5:13:dd:0b:6f:0f:f4:a9:b0:58:a8:bf:8d:07:08:79:
         ea:cd:06:de:44:1d:30:2a:d3:e6:fc:fa:25:d1:7b:32:c8:67:
         73:c6:e2:13:3b:c4:e8:b1:51:cb:88:14:e3:50:66:48:61:fc:
         ab:2e:96:48:bd:b8:6c:cb:07:65:46:5d:07:43:de:4d:8e:08:
         bf:5c:46:1f:ee:6b:8a:72:9c:5e:b7:09:38:5f:b2:be:d2:df:
         aa:30:5e:d7:de:b5:af:dd:0d:04:14:1c:2a:bf:0b:d8:f2:e7:
         ea:de:d5:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3oiU0YujzL2dj90rSSGHLPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMjI3MDMwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDA5ZTMzZmM3MTM5MjUwNDlkMDliNTU2Y2QxYmMzOTU2NDk3YjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoJIVU2BKwFBeZ+srpTls6ijqxYz
/ECQ+LfiZH2udVDuia/LtiE6hdsNRwT2hc39RCzMD1GqHwYSFT7gPSZiE2uXEJkJ
0/e/h1yFJK2Zp1T6Y78XzNVbeAtP1tyzoeL8VkJOUOthkmJPK7le9IV86Bq7enso
KDkQ2N9WKz7ALt1lShF5eIgX7RnTXpGAuhkbIGD/+V6I/3z/g0nwPkuSDSzYdxDK
Og9uWxJyC00bSGSByEkKRGXfuaL1CecHarlbUYIEKZporiDWl4iwH8gl4lAssd1f
DDx7vidAASK+No/W8tXD1h7C5GXs5nOVO41oVbHiLaIJsy/RZeVRVQsJ+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAJ4z/HE5JQSdCbVWzRvDlWSXtbMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvOEFualA4Y1RrbEJKMEp0VmJORzhPVlpKZTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdrMA0G
CSqGSIb3DQEBCwUAA4IBAQCEBHbkmKte6pQvZH04pAaanLQmnY7VqDdtShqP82KT
ecA7i0lwz+Aaq9hz56ltGmXSYGewSrhAQmtnf4OTMfDcOKNEOoPJ1+WXtg9RyMFY
PJd1MGQ3MtMngzN0dJDCX5XX8xaU3VkED9I69CqBadco6pNICyYB0+ftHzHxloo0
S6Vctxy8bwHcpb3Kb1uVYbXYt7UT3QtvD/SpsFiov40HCHnqzQbeRB0wKtPm/Pol
0XsyyGdzxuITO8TosVHLiBTjUGZIYfyrLpZIvbhsywdlRl0HQ95Njgi/XEYf7muK
cpxetwk4X7K+0t+qMF7X3rWv3Q0EFBwqvwvY8ufq3tVj
-----END CERTIFICATE-----