Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/db3HfgukjmmWQWomG5hjPb2RuPo.roa
File:                     db3HfgukjmmWQWomG5hjPb2RuPo.roa (raw, json)
Hash identifier:          HuerYo1+VOoP0CsA2iW7ovnuNivvJL249xI7Vse7fcY=
Subject key identifier:   75:BD:C7:7E:0B:A4:8E:69:96:41:6A:26:1B:98:63:3D:BD:91:B8:FA
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019420D61DAE45DEFB8821F6AF851DBA9622
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/db3HfgukjmmWQWomG5hjPb2RuPo.roa
Signing time:             Wed 01 Jan 2025 07:48:10 +0000
ROA not before:           Wed 01 Jan 2025 07:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214637
IP address blocks:        89.43.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:1d:ae:45:de:fb:88:21:f6:af:85:1d:ba:96:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  1 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75bdc77e0ba48e6996416a261b98633dbd91b8fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:47:40:5f:bf:e2:26:f9:6b:e5:f2:0b:31:8a:
                    a2:78:2a:7a:ad:e0:ff:0f:17:c2:4d:20:0c:5f:e0:
                    cb:74:07:c5:2e:94:7f:32:b4:23:40:ce:d2:16:35:
                    bf:c1:54:d6:85:dc:2e:f9:e0:4c:a3:66:47:20:d6:
                    61:7b:bf:b5:b2:0f:fc:c7:2a:44:49:a4:43:c8:7d:
                    24:c8:6f:b0:8a:33:4c:0d:9a:02:52:c0:f4:db:31:
                    82:2d:fd:56:a5:f3:62:4d:32:4e:c2:f8:d7:06:84:
                    49:10:21:7f:5f:7a:ec:fd:a2:56:52:e9:e9:c8:3f:
                    99:75:aa:76:b1:3d:2a:36:c6:75:66:f3:09:eb:c6:
                    d1:86:a0:9d:6d:a6:25:dd:10:95:80:be:51:64:2f:
                    f8:38:f0:48:b3:69:9a:77:6d:31:04:09:09:3e:54:
                    90:1d:ce:f3:e6:89:29:2c:7b:70:fd:04:d1:d9:ac:
                    de:69:ed:a6:31:76:8b:43:b4:72:14:14:79:08:e6:
                    cb:56:d3:ee:35:58:dc:de:94:ec:20:4b:75:bc:29:
                    be:5f:46:ab:71:85:ab:74:54:2e:fd:ce:18:80:fc:
                    9e:4d:95:42:e4:fc:1c:47:01:de:3e:b0:29:ba:ca:
                    f2:45:51:4d:6f:b2:b9:9c:59:97:c2:f5:0e:ed:f4:
                    7c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:BD:C7:7E:0B:A4:8E:69:96:41:6A:26:1B:98:63:3D:BD:91:B8:FA
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/db3HfgukjmmWQWomG5hjPb2RuPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5e:88:83:93:69:5d:17:63:70:8d:7a:56:82:49:8e:6e:97:
         1e:a4:e8:ee:f3:7d:6a:48:47:57:80:f7:52:44:93:9b:91:e0:
         c9:83:54:9d:6e:45:98:10:fe:b7:46:1a:2b:6b:80:b7:78:5e:
         f3:88:9f:ec:79:88:ab:68:b3:03:d3:f3:66:c5:15:0c:28:00:
         cb:39:39:83:67:1c:27:ba:cb:76:19:a4:8a:f6:e1:05:1d:16:
         95:56:45:5a:55:eb:91:ee:cf:e4:c4:43:2a:2b:ea:0d:14:a2:
         88:c2:77:66:3a:18:76:90:5c:2a:df:3e:d0:f3:2c:a2:e2:75:
         27:36:fe:0f:35:6b:0e:4e:f2:f6:de:f4:31:cb:12:19:ff:eb:
         54:72:c7:db:56:0a:24:60:3c:0a:d2:53:7e:37:de:47:19:03:
         32:6b:db:4f:cb:d2:40:6c:0d:98:93:1a:41:d6:45:9e:97:98:
         8f:3d:f4:d4:2e:3a:1e:c2:c0:68:b9:21:85:ab:c5:09:18:04:
         49:16:6b:96:ca:f8:50:ec:a7:d3:ed:c7:d3:52:a4:26:cd:ca:
         5d:b2:9b:0c:f3:cf:04:0e:89:04:62:f5:f4:53:6b:91:b6:90:
         52:34:98:f6:62:b4:7c:4c:09:88:f0:de:be:31:7a:9a:30:fa:
         a2:14:a2:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1h2uRd77iCH2r4UdupYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwMTAxMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJkYzc3ZTBiYTQ4ZTY5OTY0MTZhMjYxYjk4NjMzZGJkOTFiOGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUdAX7/iJvlr5fILMYqieCp6reD/
DxfCTSAMX+DLdAfFLpR/MrQjQM7SFjW/wVTWhdwu+eBMo2ZHINZhe7+1sg/8xypE
SaRDyH0kyG+wijNMDZoCUsD02zGCLf1WpfNiTTJOwvjXBoRJECF/X3rs/aJWUunp
yD+Zdap2sT0qNsZ1ZvMJ68bRhqCdbaYl3RCVgL5RZC/4OPBIs2mad20xBAkJPlSQ
Hc7z5okpLHtw/QTR2azeae2mMXaLQ7RyFBR5CObLVtPuNVjc3pTsIEt1vCm+X0ar
cYWrdFQu/c4YgPyeTZVC5PwcRwHePrApusryRVFNb7K5nFmXwvUO7fR8dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHW9x34LpI5plkFqJhuYYz29kbj6MB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvZGIzSGZndWtqbW1XUVdvbUc1aGpQYjJSdVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWStJMA0G
CSqGSIb3DQEBCwUAA4IBAQCHXoiDk2ldF2NwjXpWgkmObpcepOju831qSEdXgPdS
RJObkeDJg1SdbkWYEP63Rhora4C3eF7ziJ/seYiraLMD0/NmxRUMKADLOTmDZxwn
ust2GaSK9uEFHRaVVkVaVeuR7s/kxEMqK+oNFKKIwndmOhh2kFwq3z7Q8yyi4nUn
Nv4PNWsOTvL23vQxyxIZ/+tUcsfbVgokYDwK0lN+N95HGQMya9tPy9JAbA2YkxpB
1kWel5iPPfTULjoewsBouSGFq8UJGARJFmuWyvhQ7KfT7cfTUqQmzcpdspsM888E
DokEYvX0U2uRtpBSNJj2YrR8TAmI8N6+MXqaMPqiFKJM
-----END CERTIFICATE-----