Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/0KWI-KG0WB4DWCuGh1gn99tn_N4.roa
File:                     0KWI-KG0WB4DWCuGh1gn99tn_N4.roa (raw, json)
Hash identifier:          h8Vr2MAflmUzVAGtVkIeSE/MSkV47xAfz3GIoaJRtC4=
Subject key identifier:   D0:A5:88:F8:A1:B4:58:1E:03:58:2B:86:87:58:27:F7:DB:67:FC:DE
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019420D613D79ACD0902DA6B24BFD18F46A7
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/0KWI-KG0WB4DWCuGh1gn99tn_N4.roa
Signing time:             Wed 01 Jan 2025 07:48:08 +0000
ROA not before:           Wed 01 Jan 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39391
IP address blocks:        89.33.176.0/22 maxlen: 24
                          89.47.91.0/24 maxlen: 24
                          139.28.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:13:d7:9a:cd:09:02:da:6b:24:bf:d1:8f:46:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  1 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0a588f8a1b4581e03582b86875827f7db67fcde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a5:fe:f3:e7:f8:27:e5:21:aa:18:90:8f:a6:
                    2a:39:60:e8:c5:28:72:32:4d:55:52:62:cb:6f:74:
                    48:69:16:92:82:ec:ab:cc:6a:12:a1:28:ad:73:42:
                    36:e6:be:c1:3b:98:0e:16:b0:ef:ab:57:61:1a:ec:
                    e6:6d:9b:5c:7e:2c:6d:3d:7d:92:88:03:b1:82:20:
                    cb:8f:59:5e:35:06:5b:cc:44:08:3d:55:84:d7:6f:
                    bf:57:1b:ff:9d:c0:01:74:a8:1b:44:bb:56:7a:d6:
                    be:b8:8a:99:8e:08:77:5f:63:c2:e8:49:6f:0c:88:
                    e5:52:7c:1a:fc:88:07:56:67:f5:3f:58:60:67:e9:
                    aa:af:65:71:81:36:65:5d:99:6b:eb:fc:b4:e5:67:
                    ce:63:a5:84:74:c5:91:86:5f:85:ec:af:cb:05:6d:
                    a1:47:2e:d4:bf:1c:bf:fe:04:c2:20:1a:9a:9c:1a:
                    25:9d:de:72:f2:f8:7a:c4:76:c7:27:cf:ca:9a:81:
                    92:e5:f6:3f:44:34:93:ff:ae:66:e1:da:c2:55:bf:
                    b9:51:14:5b:ca:8a:61:49:45:fe:28:f8:0a:bd:49:
                    79:02:f1:fc:ae:6c:d0:84:ca:5f:1f:2d:b9:be:95:
                    e9:7a:d6:42:e4:cc:83:95:b2:f4:56:c0:eb:9d:ce:
                    32:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:A5:88:F8:A1:B4:58:1E:03:58:2B:86:87:58:27:F7:DB:67:FC:DE
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/0KWI-KG0WB4DWCuGh1gn99tn_N4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.176.0/22
                  89.47.91.0/24
                  139.28.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:f9:44:27:6f:be:86:20:7f:d0:9a:f4:e8:81:52:2c:55:dd:
         07:dc:83:ba:48:61:de:cf:e2:ab:66:d6:91:5a:d9:c9:79:a9:
         ae:e1:00:93:2f:6f:30:47:ff:81:f2:9e:02:4b:a9:75:07:d9:
         79:1f:c6:1d:58:e6:91:46:45:3a:6a:0c:d2:76:bc:02:fa:69:
         ad:69:47:f4:83:50:a1:ce:51:f0:07:d8:ea:02:5b:6d:5f:b5:
         4e:d5:d8:80:9f:bf:06:ee:32:78:cb:97:83:24:7c:84:cd:58:
         26:82:d8:5e:79:1d:58:6c:c3:69:13:e1:89:f1:96:48:b8:aa:
         3f:62:6b:2a:4e:96:0f:88:6e:e3:32:34:b4:43:ec:d6:6a:8d:
         b7:3a:94:26:15:39:25:81:da:5d:4c:33:25:2d:95:c3:67:c7:
         f4:f5:a1:6c:7b:a0:03:bf:ec:8b:77:63:50:3f:d0:db:45:8f:
         a4:b6:99:c1:91:3c:4d:79:06:a7:9c:47:af:87:57:88:74:d8:
         f3:59:d4:52:45:e7:01:dc:74:03:a8:99:6c:fa:ac:72:f3:21:
         6e:a7:4e:df:73:03:f2:70:0c:97:fb:a9:a7:45:51:ca:6b:71:
         b0:60:c2:55:9b:e0:1b:2b:28:44:d7:15:d5:7b:aa:2c:5d:5e:
         e2:40:1e:cf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQg1hPXms0JAtprJL/Rj0anMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwMTAxMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGE1ODhmOGExYjQ1ODFlMDM1ODJiODY4NzU4MjdmN2RiNjdmY2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaX+8+f4J+UhqhiQj6YqOWDoxShy
Mk1VUmLLb3RIaRaSguyrzGoSoSitc0I25r7BO5gOFrDvq1dhGuzmbZtcfixtPX2S
iAOxgiDLj1leNQZbzEQIPVWE12+/Vxv/ncABdKgbRLtWeta+uIqZjgh3X2PC6Elv
DIjlUnwa/IgHVmf1P1hgZ+mqr2VxgTZlXZlr6/y05WfOY6WEdMWRhl+F7K/LBW2h
Ry7Uvxy//gTCIBqanBolnd5y8vh6xHbHJ8/KmoGS5fY/RDST/65m4drCVb+5URRb
yophSUX+KPgKvUl5AvH8rmzQhMpfHy25vpXpetZC5MyDlbL0VsDrnc4yHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNCliPihtFgeA1grhodYJ/fbZ/zeMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvMEtXSS1LRzBXQjREV0N1R2gxZ245OXRuX040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCWSGwAwQA
WS9bAwQCixwIMA0GCSqGSIb3DQEBCwUAA4IBAQBJ+UQnb76GIH/QmvTogVIsVd0H
3IO6SGHez+KrZtaRWtnJeamu4QCTL28wR/+B8p4CS6l1B9l5H8YdWOaRRkU6agzS
drwC+mmtaUf0g1ChzlHwB9jqAlttX7VO1diAn78G7jJ4y5eDJHyEzVgmgtheeR1Y
bMNpE+GJ8ZZIuKo/YmsqTpYPiG7jMjS0Q+zWao23OpQmFTklgdpdTDMlLZXDZ8f0
9aFse6ADv+yLd2NQP9DbRY+ktpnBkTxNeQannEevh1eIdNjzWdRSRecB3HQDqJls
+qxy8yFup07fcwPycAyX+6mnRVHKa3GwYMJVm+AbKyhE1xXVe6osXV7iQB7P
-----END CERTIFICATE-----