Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/89VDXzZ_2U543z47EHsX9vI7wvM.roa
File:                     89VDXzZ_2U543z47EHsX9vI7wvM.roa (raw, json)
Hash identifier:          n04qxgmbLydbIkFMhKcNu86o1ZcGuCf69Uot3/FJo18=
Subject key identifier:   F3:D5:43:5F:36:7F:D9:4E:78:DF:3E:3B:10:7B:17:F6:F2:3B:C2:F3
Certificate issuer:       /CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
Certificate serial:       01941FFA92934F0A45C1A5CC67F4AD492F19
Authority key identifier: 7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/89VDXzZ_2U543z47EHsX9vI7wvM.roa
Signing time:             Wed 01 Jan 2025 03:48:22 +0000
ROA not before:           Wed 01 Jan 2025 03:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32787
IP address blocks:        195.225.135.0/24 maxlen: 26
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:92:93:4f:0a:45:c1:a5:cc:67:f4:ad:49:2f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
        Validity
            Not Before: Jan  1 03:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3d5435f367fd94e78df3e3b107b17f6f23bc2f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:81:10:01:c8:53:f8:bb:47:05:1c:0c:a1:63:
                    fa:b0:25:00:d8:14:f1:a2:cc:33:2b:e3:1e:d1:4a:
                    7b:72:da:29:1b:a6:8d:7e:6c:f4:61:57:74:b6:48:
                    cb:90:b7:69:d6:c5:99:db:df:f7:02:cc:56:c7:44:
                    27:f2:3f:7b:c6:4c:8a:cf:28:59:4a:7b:dc:b6:1e:
                    78:69:f8:35:8a:df:92:03:4e:df:15:3d:35:33:e4:
                    6d:44:ba:d4:50:50:e9:0b:40:10:17:45:9b:c2:c2:
                    19:c8:ac:63:5e:f2:f1:f7:4f:d1:63:f0:8a:80:5c:
                    7e:15:dc:c9:ed:14:e0:62:5c:c4:b6:b9:81:32:8c:
                    58:50:44:af:3b:21:c3:5d:ce:7a:18:52:77:bd:43:
                    da:d6:80:38:b7:67:33:f4:50:81:b3:d7:e6:06:6a:
                    33:1c:5e:14:8c:6e:c5:2b:64:df:78:4d:a3:60:ad:
                    76:97:1a:c0:a6:00:87:4b:64:29:75:cc:b6:62:b7:
                    09:6a:73:d9:83:38:dc:c2:9a:e1:4a:1e:84:02:35:
                    ba:9d:88:1e:7c:c0:a5:af:08:96:dc:49:e7:83:06:
                    db:53:09:e6:9f:70:32:2d:38:82:8f:1d:db:39:75:
                    ac:09:3c:fc:4a:7b:d4:c0:82:b6:01:81:f5:7e:4f:
                    ea:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D5:43:5F:36:7F:D9:4E:78:DF:3E:3B:10:7B:17:F6:F2:3B:C2:F3
            X509v3 Authority Key Identifier:
                keyid:7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/89VDXzZ_2U543z47EHsX9vI7wvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:2b:79:d0:41:af:8c:fc:ef:a1:dd:86:54:85:6b:77:c8:35:
         98:57:b1:63:3c:fe:d9:1a:3e:e1:84:e4:b2:1a:94:9e:97:19:
         29:5f:1b:17:c5:db:81:14:ed:52:3b:a0:82:c4:6d:16:e1:2e:
         02:5a:3f:e8:aa:03:a8:f0:d1:55:ad:e2:6e:6b:89:f8:2d:48:
         02:ef:26:a9:4a:2e:b5:a0:0f:2c:ef:d9:b6:76:cb:08:92:ff:
         95:10:50:1e:c4:96:22:f4:39:02:71:bf:9d:f2:c9:69:6b:45:
         56:09:4b:b5:05:4f:be:89:e3:0f:84:e9:b6:dd:42:28:12:e9:
         a9:5f:5b:81:b3:e5:f1:54:b7:e0:04:9a:b4:df:67:ab:87:7d:
         18:fb:cb:b8:84:57:bc:58:69:5b:5a:19:47:2b:c2:50:7c:ca:
         1f:8d:aa:f4:23:a2:81:b3:80:49:9c:02:db:a0:8c:5d:ab:4a:
         0d:6b:de:bc:e0:6b:02:42:5b:49:4d:2e:21:e3:2a:71:0e:5d:
         2d:70:9d:d0:82:02:60:4c:c7:c6:55:ca:56:41:ad:b8:68:18:
         ca:56:20:c8:d1:17:33:3d:c7:6c:02:68:12:20:ed:ef:d6:41:
         79:70:49:b5:fe:e9:60:eb:76:06:5a:c8:cb:36:1e:7a:53:be:
         00:73:33:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pKTTwpFwaXMZ/StSS8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzg5MTE2ODJiYzVjYTcxY2VjZTFlZmUzYWMxMzViZmRi
NTlkZDYwHhcNMjUwMTAxMDM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Q1NDM1ZjM2N2ZkOTRlNzhkZjNlM2IxMDdiMTdmNmYyM2JjMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIEQAchT+LtHBRwMoWP6sCUA2BTx
oswzK+Me0Up7ctopG6aNfmz0YVd0tkjLkLdp1sWZ29/3AsxWx0Qn8j97xkyKzyhZ
Snvcth54afg1it+SA07fFT01M+RtRLrUUFDpC0AQF0WbwsIZyKxjXvLx90/RY/CK
gFx+FdzJ7RTgYlzEtrmBMoxYUESvOyHDXc56GFJ3vUPa1oA4t2cz9FCBs9fmBmoz
HF4UjG7FK2TfeE2jYK12lxrApgCHS2Qpdcy2YrcJanPZgzjcwprhSh6EAjW6nYge
fMClrwiW3EnngwbbUwnmn3AyLTiCjx3bOXWsCTz8SnvUwIK2AYH1fk/qHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPVQ182f9lOeN8+OxB7F/byO8LzMB8GA1UdIwQY
MBaAFH3IkRaCvFynHOzh7+OsE1v9tZ3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQt
NzUyOTUyNTFiMWU4LzEvODlWRFh6Wl8yVTU0M3o0N0VIc1g5dkk3d3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQtNzUyOTUyNTFiMWU4
LzEvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+GHMA0G
CSqGSIb3DQEBCwUAA4IBAQB5K3nQQa+M/O+h3YZUhWt3yDWYV7FjPP7ZGj7hhOSy
GpSelxkpXxsXxduBFO1SO6CCxG0W4S4CWj/oqgOo8NFVreJua4n4LUgC7yapSi61
oA8s79m2dssIkv+VEFAexJYi9DkCcb+d8slpa0VWCUu1BU++ieMPhOm23UIoEump
X1uBs+XxVLfgBJq032erh30Y+8u4hFe8WGlbWhlHK8JQfMofjar0I6KBs4BJnALb
oIxdq0oNa9684GsCQltJTS4h4ypxDl0tcJ3QggJgTMfGVcpWQa24aBjKViDI0Rcz
PcdsAmgSIO3v1kF5cEm1/ulg63YGWsjLNh56U74AczPG
-----END CERTIFICATE-----