Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/t5BDJd8Dzrg2IC09MFuU9BxT5Uk.roa
File:                     t5BDJd8Dzrg2IC09MFuU9BxT5Uk.roa (raw, json)
Hash identifier:          9AOu1bBqC0e4A6DdOt1aKlQ9vH6ddvoaCculzcrBvgw=
Subject key identifier:   B7:90:43:25:DF:03:CE:B8:36:20:2D:3D:30:5B:94:F4:1C:53:E5:49
Certificate issuer:       /CN=4c6319fe7859c342f7cd9f711306f56590828d60
Certificate serial:       0194244487039E0702BD2D88A6D568FD1470
Authority key identifier: 4C:63:19:FE:78:59:C3:42:F7:CD:9F:71:13:06:F5:65:90:82:8D:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/t5BDJd8Dzrg2IC09MFuU9BxT5Uk.roa
Signing time:             Wed 01 Jan 2025 23:47:38 +0000
ROA not before:           Wed 01 Jan 2025 23:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398387
IP address blocks:        89.40.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:87:03:9e:07:02:bd:2d:88:a6:d5:68:fd:14:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c6319fe7859c342f7cd9f711306f56590828d60
        Validity
            Not Before: Jan  1 23:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7904325df03ceb836202d3d305b94f41c53e549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:34:5a:66:97:d9:6e:ed:35:3d:95:c7:13:d5:
                    a6:22:e3:f6:ea:a9:86:98:a0:f6:9c:3a:2e:d7:52:
                    c8:a1:9d:9e:82:1d:b4:a3:5b:92:02:93:7d:d0:42:
                    7d:f8:32:9b:86:02:78:0f:19:41:4c:59:3c:f3:7d:
                    40:d4:a0:1b:5b:89:6c:17:67:74:47:61:2a:bc:72:
                    86:46:59:24:e6:b5:f9:a3:1b:45:95:39:d7:f0:df:
                    a8:ce:64:80:7d:f3:e4:fc:70:e2:59:47:d0:07:c7:
                    d7:b6:62:58:05:4e:28:2f:04:80:70:e0:bf:f8:1d:
                    37:bb:63:8a:5c:5b:64:4c:41:18:9b:49:35:74:c7:
                    91:e3:9c:25:57:18:86:68:88:16:a4:c0:3b:39:23:
                    50:83:ab:85:8b:7d:e6:d3:78:0d:57:57:e3:80:c8:
                    dd:7e:ac:69:2e:d5:06:e5:2d:3f:c5:af:fb:3d:5e:
                    da:5d:e2:e8:b1:3e:3f:e7:a8:b0:8c:65:8b:0f:b2:
                    96:2a:f7:71:81:22:ba:0c:2f:11:b8:3b:19:12:f3:
                    0b:c0:2b:c7:ab:96:9b:0b:bf:60:28:2f:9a:b4:58:
                    d4:ca:c8:9c:46:85:0c:2a:7d:2e:73:c2:5c:19:cc:
                    6f:e8:e6:a9:d4:22:2f:1b:1d:d9:c3:f8:c0:61:08:
                    cf:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:90:43:25:DF:03:CE:B8:36:20:2D:3D:30:5B:94:F4:1C:53:E5:49
            X509v3 Authority Key Identifier:
                keyid:4C:63:19:FE:78:59:C3:42:F7:CD:9F:71:13:06:F5:65:90:82:8D:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/t5BDJd8Dzrg2IC09MFuU9BxT5Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:22:a8:9e:d6:7a:71:b6:09:ab:6e:92:4a:bb:bf:cf:ff:ec:
         1d:30:04:6f:04:8e:0a:89:88:e9:53:63:da:98:33:8b:8a:d0:
         a3:60:08:0e:83:94:3f:2a:c3:7b:41:d9:99:42:e7:be:91:fe:
         bb:f1:c9:9a:fd:fe:ff:c7:f7:2c:3b:16:62:a8:1c:d1:b2:bc:
         9e:87:b2:41:88:2f:24:05:e8:68:5c:87:ce:b1:a3:00:f7:c5:
         15:0d:f0:41:65:02:c8:ef:f2:15:13:9b:5a:03:8f:2e:39:34:
         f1:b7:3a:25:30:f3:f8:02:b5:6d:36:11:89:38:a2:81:93:51:
         49:1a:14:83:95:c8:97:65:77:cc:66:92:6c:74:1d:6b:cc:76:
         27:25:65:7a:58:e2:5a:74:df:1c:fb:5e:12:e6:f8:e9:ad:2f:
         ed:88:54:eb:ec:53:da:b0:32:f5:1f:9f:92:f7:de:ca:e4:0d:
         cc:18:14:08:e9:cd:0d:b4:f5:43:f6:69:50:b1:33:40:3d:63:
         fd:e5:10:aa:d7:f4:de:08:6b:e9:99:63:16:ed:b4:c5:3c:e7:
         e0:57:8c:79:7a:e8:49:2c:d7:8a:f9:31:fd:17:6f:50:7d:f5:
         4d:fe:2b:5b:03:92:dd:ac:87:44:15:de:84:82:86:11:43:a7:
         4f:c7:34:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRIcDngcCvS2IptVo/RRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNjMxOWZlNzg1OWMzNDJmN2NkOWY3MTEzMDZmNTY1OTA4
MjhkNjAwHhcNMjUwMTAxMjM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzkwNDMyNWRmMDNjZWI4MzYyMDJkM2QzMDViOTRmNDFjNTNlNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujRaZpfZbu01PZXHE9WmIuP26qmG
mKD2nDou11LIoZ2egh20o1uSApN90EJ9+DKbhgJ4DxlBTFk8831A1KAbW4lsF2d0
R2EqvHKGRlkk5rX5oxtFlTnX8N+ozmSAffPk/HDiWUfQB8fXtmJYBU4oLwSAcOC/
+B03u2OKXFtkTEEYm0k1dMeR45wlVxiGaIgWpMA7OSNQg6uFi33m03gNV1fjgMjd
fqxpLtUG5S0/xa/7PV7aXeLosT4/56iwjGWLD7KWKvdxgSK6DC8RuDsZEvMLwCvH
q5abC79gKC+atFjUysicRoUMKn0uc8JcGcxv6Oap1CIvGx3Zw/jAYQjPhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeQQyXfA864NiAtPTBblPQcU+VJMB8GA1UdIwQY
MBaAFExjGf54WcNC982fcRMG9WWQgo1gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEdNWl9uaFp3MEwzelo5eEV3YjFaWkNDaldBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8wMWU3ZGYtMTQxMC00OTFmLWE3MWIt
NTU4MzBmOWVkZGU0LzEvdDVCREpkOER6cmcySUMwOU1GdVU5QnhUNVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8wMWU3ZGYtMTQxMC00OTFmLWE3MWItNTU4MzBmOWVkZGU0
LzEvVEdNWl9uaFp3MEwzelo5eEV3YjFaWkNDaldBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSipMA0G
CSqGSIb3DQEBCwUAA4IBAQCRIqie1npxtgmrbpJKu7/P/+wdMARvBI4KiYjpU2Pa
mDOLitCjYAgOg5Q/KsN7QdmZQue+kf678cma/f7/x/csOxZiqBzRsryeh7JBiC8k
BehoXIfOsaMA98UVDfBBZQLI7/IVE5taA48uOTTxtzolMPP4ArVtNhGJOKKBk1FJ
GhSDlciXZXfMZpJsdB1rzHYnJWV6WOJadN8c+14S5vjprS/tiFTr7FPasDL1H5+S
997K5A3MGBQI6c0NtPVD9mlQsTNAPWP95RCq1/TeCGvpmWMW7bTFPOfgV4x5euhJ
LNeK+TH9F29QffVN/itbA5LdrIdEFd6EgoYRQ6dPxzQe
-----END CERTIFICATE-----