Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/FrduA3d9hf8zRluB-LvsugAyZvE.roa
File:                     FrduA3d9hf8zRluB-LvsugAyZvE.roa (raw, json)
Hash identifier:          crntf7vwfmq2JQSzVDLM15sjjrNW70Qx5rAXBtWknhs=
Subject key identifier:   16:B7:6E:03:77:7D:85:FF:33:46:5B:81:F8:BB:EC:BA:00:32:66:F1
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019421B23ED8E976F1BC25E66D5D6119BC57
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/FrduA3d9hf8zRluB-LvsugAyZvE.roa
Signing time:             Wed 01 Jan 2025 11:48:37 +0000
ROA not before:           Wed 01 Jan 2025 11:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203363
IP address blocks:        152.89.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3e:d8:e9:76:f1:bc:25:e6:6d:5d:61:19:bc:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 11:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16b76e03777d85ff33465b81f8bbecba003266f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1a:8d:4d:74:8b:35:1b:29:c7:9d:3d:9f:10:
                    63:bd:34:fb:bf:43:10:24:b5:bb:64:69:99:98:85:
                    fc:38:0a:66:c4:7d:46:4d:61:df:32:68:71:06:c4:
                    c4:2b:27:9c:f4:b5:55:75:78:0e:3e:fe:75:81:00:
                    7f:72:cb:d2:9e:3f:35:06:27:e8:0c:65:bf:0d:cb:
                    49:96:37:bb:d5:fa:0b:82:12:19:84:48:82:7c:fd:
                    0c:1d:99:9b:11:84:ee:5a:a6:b4:e8:9b:52:f1:b0:
                    7a:e4:29:75:7b:ab:48:d0:13:d3:e0:3f:9d:ff:80:
                    0b:f3:4c:f1:a3:07:7e:3b:33:9c:f0:8b:a9:44:20:
                    a8:32:de:71:cd:78:2f:fa:cc:b9:04:77:fc:96:bb:
                    f8:19:ea:bc:a5:c0:c2:ec:49:f6:ca:64:f0:a6:23:
                    03:4e:1b:da:8b:e4:d0:d1:34:3f:7d:70:07:4f:08:
                    de:b1:c8:21:cc:a7:8f:5e:6a:6c:88:42:58:cc:46:
                    3c:2d:c1:36:fc:50:fc:6f:84:e8:dd:a1:cc:42:ae:
                    69:44:83:16:68:aa:19:e2:21:14:ef:8e:d7:9d:00:
                    5e:3d:18:b9:71:1a:21:25:a4:fe:ba:07:74:4c:e1:
                    03:af:d6:c3:8e:4e:8f:1c:60:12:c1:39:07:eb:f8:
                    be:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B7:6E:03:77:7D:85:FF:33:46:5B:81:F8:BB:EC:BA:00:32:66:F1
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/FrduA3d9hf8zRluB-LvsugAyZvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:aa:8a:f7:ad:14:10:30:eb:3d:b5:bf:dd:9c:12:67:48:32:
         9a:44:b5:0b:44:17:18:27:87:1f:be:b9:bf:15:30:7e:82:61:
         40:b6:3f:d1:88:70:4f:de:be:34:1b:63:07:56:c2:de:39:c1:
         1a:88:10:73:bc:06:7d:fb:84:1d:e0:d4:86:77:2e:49:13:49:
         1c:31:fa:46:4f:40:65:fb:fd:a2:9a:20:89:c4:7b:3a:06:0d:
         e6:7e:b7:b5:d4:72:cf:2a:66:4f:d9:7e:4b:14:25:90:74:6d:
         e0:b7:a9:cb:f3:90:2e:87:ed:cd:12:c4:29:60:44:19:78:e0:
         f7:98:92:23:b1:5b:45:b0:6b:8b:19:f3:5b:7e:22:b2:f5:85:
         3b:a1:fb:27:a0:7e:a4:ae:b1:65:b8:8b:26:7b:f7:89:26:4c:
         2d:d3:06:d4:db:36:33:a8:d3:93:cc:77:9b:b8:63:19:a5:dd:
         ce:2f:3a:f5:25:63:ce:d6:d9:9e:02:ba:ad:30:60:fb:8f:09:
         ea:ec:08:32:f3:2d:0e:04:be:07:8f:e0:6d:d1:36:4e:17:b7:
         89:43:de:cd:78:ed:88:aa:06:0f:d5:c0:df:61:0d:9c:d7:45:
         9a:25:91:ae:51:1a:66:08:6b:31:d7:c1:fc:d8:19:06:ae:4e:
         50:ae:92:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsj7Y6XbxvCXmbV1hGbxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjUwMTAxMTE0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmI3NmUwMzc3N2Q4NWZmMzM0NjViODFmOGJiZWNiYTAwMzI2NmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBqNTXSLNRspx509nxBjvTT7v0MQ
JLW7ZGmZmIX8OApmxH1GTWHfMmhxBsTEKyec9LVVdXgOPv51gQB/csvSnj81Bifo
DGW/DctJlje71foLghIZhEiCfP0MHZmbEYTuWqa06JtS8bB65Cl1e6tI0BPT4D+d
/4AL80zxowd+OzOc8IupRCCoMt5xzXgv+sy5BHf8lrv4Geq8pcDC7En2ymTwpiMD
Thvai+TQ0TQ/fXAHTwjescghzKePXmpsiEJYzEY8LcE2/FD8b4To3aHMQq5pRIMW
aKoZ4iEU747XnQBePRi5cRohJaT+ugd0TOEDr9bDjk6PHGASwTkH6/i+7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBa3bgN3fYX/M0Zbgfi77LoAMmbxMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvRnJkdUEzZDloZjh6Umx1Qi1MdnN1Z0F5WnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFmrMA0G
CSqGSIb3DQEBCwUAA4IBAQACqor3rRQQMOs9tb/dnBJnSDKaRLULRBcYJ4cfvrm/
FTB+gmFAtj/RiHBP3r40G2MHVsLeOcEaiBBzvAZ9+4Qd4NSGdy5JE0kcMfpGT0Bl
+/2imiCJxHs6Bg3mfre11HLPKmZP2X5LFCWQdG3gt6nL85Auh+3NEsQpYEQZeOD3
mJIjsVtFsGuLGfNbfiKy9YU7ofsnoH6krrFluIsme/eJJkwt0wbU2zYzqNOTzHeb
uGMZpd3OLzr1JWPO1tmeArqtMGD7jwnq7Agy8y0OBL4Hj+Bt0TZOF7eJQ97NeO2I
qgYP1cDfYQ2c10WaJZGuURpmCGsx18H82BkGrk5QrpK7
-----END CERTIFICATE-----