Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/iXw_41SDwVWtAf5ihJuQUw9Lk8I.roa
File:                     iXw_41SDwVWtAf5ihJuQUw9Lk8I.roa (raw, json)
Hash identifier:          IeaHE4eJJAlQPpX43/jtDGK9a0UQu+G72Lz6Qc9LhBM=
Subject key identifier:   89:7C:3F:E3:54:83:C1:55:AD:01:FE:62:84:9B:90:53:0F:4B:93:C2
Certificate issuer:       /CN=4196230e58decc0cbcfb15f56aa64dedd1f389f5
Certificate serial:       019522629D7A35980C0C4DDA2A92556FCC9E
Authority key identifier: 41:96:23:0E:58:DE:CC:0C:BC:FB:15:F5:6A:A6:4D:ED:D1:F3:89:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/iXw_41SDwVWtAf5ihJuQUw9Lk8I.roa
Signing time:             Thu 20 Feb 2025 08:04:02 +0000
ROA not before:           Thu 20 Feb 2025 08:04:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39855
IP address blocks:        89.106.204.0/24 maxlen: 24
                          195.128.162.0/24 maxlen: 24
                          195.128.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:22:62:9d:7a:35:98:0c:0c:4d:da:2a:92:55:6f:cc:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4196230e58decc0cbcfb15f56aa64dedd1f389f5
        Validity
            Not Before: Feb 20 08:04:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=897c3fe35483c155ad01fe62849b90530f4b93c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ff:13:ed:d6:ce:3b:32:34:e5:db:b4:73:a0:
                    b6:55:0d:f7:d8:40:7d:7e:94:8d:18:19:f3:cb:3c:
                    a5:cd:b3:da:08:f6:ca:31:e9:52:bf:6e:ab:20:e1:
                    c0:bf:38:e5:d6:44:a9:03:72:1d:c5:33:5e:5b:10:
                    72:57:f2:99:15:e4:82:12:4f:62:33:90:37:0b:ba:
                    be:e2:6c:86:f8:14:06:f6:d9:c4:a8:02:94:4e:e3:
                    ef:84:8e:23:66:02:8d:fe:ca:c3:aa:4a:52:97:cd:
                    88:c7:0e:0a:6d:c3:bd:27:fe:7f:d9:e4:cc:10:f5:
                    b3:bd:e0:ec:5b:20:c9:9c:42:77:75:b9:15:de:31:
                    75:21:72:fc:a0:3c:92:a8:2b:94:32:91:d5:6e:64:
                    43:8c:fe:74:27:d7:93:55:ac:5e:2f:60:32:1f:5e:
                    c3:97:a2:df:71:50:3f:4f:98:99:e8:d2:ec:16:20:
                    34:98:e4:15:3a:89:0f:54:29:a3:3b:d6:7d:04:c3:
                    5d:3f:6c:c5:1e:25:ca:75:a4:49:c4:5e:aa:d1:5c:
                    bc:70:f5:20:9e:fc:dc:53:af:02:ca:fe:da:42:14:
                    24:d3:9a:29:88:28:70:19:dc:c9:0f:b2:4d:3c:2a:
                    18:8b:94:bb:fa:d4:cb:fc:81:15:b5:44:e7:a3:de:
                    2e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:7C:3F:E3:54:83:C1:55:AD:01:FE:62:84:9B:90:53:0F:4B:93:C2
            X509v3 Authority Key Identifier:
                keyid:41:96:23:0E:58:DE:CC:0C:BC:FB:15:F5:6A:A6:4D:ED:D1:F3:89:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/iXw_41SDwVWtAf5ihJuQUw9Lk8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.204.0/24
                  195.128.162.0/24
                  195.128.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:6f:91:21:21:c6:9c:be:15:3a:d2:82:b5:14:bf:0e:39:e0:
         a4:2e:55:7d:b0:69:35:f4:5f:67:6d:ea:f6:aa:90:a3:d3:5f:
         6b:cc:3b:02:75:71:5d:9a:12:6d:f7:da:b6:90:40:3f:14:89:
         6e:65:c0:0d:e3:7b:72:b9:de:a2:c2:f5:25:de:f4:a6:72:2b:
         df:a4:6f:96:bd:95:03:b8:5f:5c:29:a2:88:e6:39:0e:73:70:
         40:ee:b7:91:b3:8e:6b:96:59:aa:fc:57:6e:67:e1:4c:e7:43:
         c3:95:19:e5:d2:d3:1f:b4:f9:65:a8:35:4a:9e:11:3e:ab:cb:
         bb:25:49:91:16:0c:c4:90:39:45:f6:9b:22:3b:51:80:84:07:
         34:29:71:c8:56:bc:98:23:5c:24:6f:1b:18:f5:c6:3b:c5:b7:
         e1:71:5a:fa:98:b2:ca:d2:86:73:33:57:0d:3f:32:79:88:99:
         5a:41:8c:59:d1:12:50:68:86:b9:35:b8:0c:f0:8e:fb:8b:39:
         70:01:06:6b:10:51:b3:5b:aa:45:00:f3:63:bb:a3:3a:65:d8:
         5e:e4:e6:49:ae:46:60:96:3b:fe:57:5a:11:d5:75:09:74:3e:
         b0:c2:e5:11:ed:78:00:ad:c8:fc:82:cb:28:88:8d:a9:bf:04:
         d0:03:fb:89
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZUiYp16NZgMDE3aKpJVb8yeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOTYyMzBlNThkZWNjMGNiY2ZiMTVmNTZhYTY0ZGVkZDFm
Mzg5ZjUwHhcNMjUwMjIwMDgwNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTdjM2ZlMzU0ODNjMTU1YWQwMWZlNjI4NDliOTA1MzBmNGI5M2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmv8T7dbOOzI05du0c6C2VQ332EB9
fpSNGBnzyzylzbPaCPbKMelSv26rIOHAvzjl1kSpA3IdxTNeWxByV/KZFeSCEk9i
M5A3C7q+4myG+BQG9tnEqAKUTuPvhI4jZgKN/srDqkpSl82Ixw4KbcO9J/5/2eTM
EPWzveDsWyDJnEJ3dbkV3jF1IXL8oDySqCuUMpHVbmRDjP50J9eTVaxeL2AyH17D
l6LfcVA/T5iZ6NLsFiA0mOQVOokPVCmjO9Z9BMNdP2zFHiXKdaRJxF6q0Vy8cPUg
nvzcU68Cyv7aQhQk05opiChwGdzJD7JNPCoYi5S7+tTL/IEVtUTno94u6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIl8P+NUg8FVrQH+YoSbkFMPS5PCMB8GA1UdIwQY
MBaAFEGWIw5Y3swMvPsV9WqmTe3R84n1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVpZakRsamV6QXk4LXhYMWFxWk43ZEh6aWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kYTk2ZjUtM2YzMy00NmY5LWE1MTQt
MmJlZmZmZDU3ZmI3LzEvaVh3XzQxU0R3Vld0QWY1aWhKdVFVdzlMazhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kYTk2ZjUtM2YzMy00NmY5LWE1MTQtMmJlZmZmZDU3ZmI3
LzEvUVpZakRsamV6QXk4LXhYMWFxWk43ZEh6aWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWWrMAwQA
w4CiAwQAw4CyMA0GCSqGSIb3DQEBCwUAA4IBAQCDb5EhIcacvhU60oK1FL8OOeCk
LlV9sGk19F9nber2qpCj019rzDsCdXFdmhJt99q2kEA/FIluZcAN43tyud6iwvUl
3vSmcivfpG+WvZUDuF9cKaKI5jkOc3BA7reRs45rllmq/FduZ+FM50PDlRnl0tMf
tPllqDVKnhE+q8u7JUmRFgzEkDlF9psiO1GAhAc0KXHIVryYI1wkbxsY9cY7xbfh
cVr6mLLK0oZzM1cNPzJ5iJlaQYxZ0RJQaIa5NbgM8I77izlwAQZrEFGzW6pFAPNj
u6M6Zdhe5OZJrkZgljv+V1oR1XUJdD6wwuUR7XgArcj8gssoiI2pvwTQA/uJ
-----END CERTIFICATE-----