Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/dAqvCdWWWLaD7DpKhHjyPMUKxD8.roa
File:                     dAqvCdWWWLaD7DpKhHjyPMUKxD8.roa (raw, json)
Hash identifier:          ICjqowyJZl+tnm/tFML81YM05+devBA5jkzQG68wsIM=
Subject key identifier:   74:0A:AF:09:D5:96:58:B6:83:EC:3A:4A:84:78:F2:3C:C5:0A:C4:3F
Certificate issuer:       /CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
Certificate serial:       0196387B0E1DD0D4222069972F782A19E851
Authority key identifier: B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/dAqvCdWWWLaD7DpKhHjyPMUKxD8.roa
Signing time:             Tue 15 Apr 2025 08:05:10 +0000
ROA not before:           Tue 15 Apr 2025 08:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5430
IP address blocks:        89.63.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 17:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:7b:0e:1d:d0:d4:22:20:69:97:2f:78:2a:19:e8:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
        Validity
            Not Before: Apr 15 08:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=740aaf09d59658b683ec3a4a8478f23cc50ac43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a3:97:42:4d:75:e0:8f:9a:90:d6:c7:b9:3a:
                    0a:35:b4:28:7e:a2:8e:b6:6b:85:13:34:4d:0f:01:
                    77:3b:a0:91:cc:39:01:79:e4:6e:cd:55:ec:b9:44:
                    4d:f3:c3:1c:67:d7:c7:71:0d:12:69:7c:2f:38:77:
                    f7:c9:7d:fc:8f:7a:3a:c3:46:16:e0:0f:5d:5b:f1:
                    40:a5:87:33:12:14:83:b5:17:5d:c5:85:1b:18:37:
                    bb:cb:07:8b:81:75:d1:43:b8:fe:6c:f3:97:f9:99:
                    71:ae:60:90:1d:8e:b2:d9:70:6e:e0:8e:23:6f:2e:
                    24:e1:25:8e:83:3e:64:03:c6:59:3f:90:0d:c4:31:
                    06:6b:ea:79:69:43:0c:bc:41:a8:aa:2f:3c:d2:ad:
                    67:84:ce:50:a3:e9:c0:df:53:c6:e6:31:2e:2e:07:
                    e5:3e:dd:10:eb:89:3c:68:02:d7:b1:92:79:3b:e8:
                    26:12:ad:44:25:28:bb:d6:d5:e1:8b:98:0c:b0:0d:
                    e9:fd:2e:69:b3:08:0b:4d:70:f4:e5:9c:1c:b3:75:
                    12:b6:6c:1d:6f:2b:d0:94:90:25:e4:73:db:1d:2b:
                    d1:ea:fb:36:99:9f:f9:57:7b:84:fd:e5:a4:d6:5e:
                    7f:9c:d9:10:09:59:3a:a6:3c:11:a4:2e:8c:08:10:
                    7a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:0A:AF:09:D5:96:58:B6:83:EC:3A:4A:84:78:F2:3C:C5:0A:C4:3F
            X509v3 Authority Key Identifier:
                keyid:B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/dAqvCdWWWLaD7DpKhHjyPMUKxD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.63.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c9:82:1b:5e:72:4b:d6:b1:11:e2:d9:63:f5:66:37:11:b9:b7:
         45:89:d0:67:8d:f2:20:4d:74:2f:29:a6:93:68:b5:06:e8:5c:
         c8:57:82:60:73:47:c7:06:6a:57:1b:f2:cc:dd:31:bd:f2:65:
         13:82:0f:7e:01:2c:78:fb:be:40:4e:95:50:94:66:5d:dd:8e:
         16:b5:19:a5:63:03:61:eb:82:79:e4:bb:ae:64:28:72:4a:9a:
         b9:cc:78:6b:d0:f9:14:2f:98:7e:d0:df:ca:03:74:2f:62:37:
         70:83:c7:8b:70:38:59:37:4a:ca:f5:22:78:2b:61:cc:1a:bb:
         dc:57:c1:3e:12:98:56:4c:e1:2e:70:2c:08:14:5c:14:ba:30:
         8c:c7:11:17:49:8f:7f:32:b5:3d:4b:cc:32:ac:a3:27:62:f4:
         7b:b8:18:6d:ba:f4:88:ae:0d:60:fe:e3:2f:93:79:21:a9:64:
         fd:dc:6e:15:62:0d:63:93:a2:39:40:3b:b2:4a:41:12:3b:0a:
         96:20:df:b5:56:40:04:9f:a3:16:61:f6:42:49:59:b1:eb:3c:
         89:b9:41:b6:60:93:de:4a:d2:b4:6a:78:14:50:62:49:bb:30:
         04:cc:9a:35:fd:03:f5:e4:fb:b8:9d:40:3b:bf:05:72:b5:a1:
         d8:9b:3d:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY4ew4d0NQiIGmXL3gqGehRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmVlMmIzOTcxMjM3N2I0YmZlYzllNjZhYzdlNmU5MDhl
ZmNlZWMwHhcNMjUwNDE1MDgwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDBhYWYwOWQ1OTY1OGI2ODNlYzNhNGE4NDc4ZjIzY2M1MGFjNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaOXQk114I+akNbHuToKNbQofqKO
tmuFEzRNDwF3O6CRzDkBeeRuzVXsuURN88McZ9fHcQ0SaXwvOHf3yX38j3o6w0YW
4A9dW/FApYczEhSDtRddxYUbGDe7yweLgXXRQ7j+bPOX+ZlxrmCQHY6y2XBu4I4j
by4k4SWOgz5kA8ZZP5ANxDEGa+p5aUMMvEGoqi880q1nhM5Qo+nA31PG5jEuLgfl
Pt0Q64k8aALXsZJ5O+gmEq1EJSi71tXhi5gMsA3p/S5pswgLTXD05Zwcs3UStmwd
byvQlJAl5HPbHSvR6vs2mZ/5V3uE/eWk1l5/nNkQCVk6pjwRpC6MCBB6+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQKrwnVlli2g+w6SoR48jzFCsQ/MB8GA1UdIwQY
MBaAFLMu4rOXEjd7S/7J5mrH5ukI787sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMt
ZjAxNmNhNWRhMjE5LzEvZEFxdkNkV1dXTGFEN0RwS2hIanlQTVVLeEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMtZjAxNmNhNWRhMjE5
LzEvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWT/wMA0G
CSqGSIb3DQEBCwUAA4IBAQDJghteckvWsRHi2WP1ZjcRubdFidBnjfIgTXQvKaaT
aLUG6FzIV4Jgc0fHBmpXG/LM3TG98mUTgg9+ASx4+75ATpVQlGZd3Y4WtRmlYwNh
64J55LuuZChySpq5zHhr0PkUL5h+0N/KA3QvYjdwg8eLcDhZN0rK9SJ4K2HMGrvc
V8E+EphWTOEucCwIFFwUujCMxxEXSY9/MrU9S8wyrKMnYvR7uBhtuvSIrg1g/uMv
k3khqWT93G4VYg1jk6I5QDuySkESOwqWIN+1VkAEn6MWYfZCSVmx6zyJuUG2YJPe
StK0angUUGJJuzAEzJo1/QP15Pu4nUA7vwVytaHYmz0n
-----END CERTIFICATE-----