Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/lknEfiAWsTgVxunxpJ4Cim6vi_Y.roa
File:                     lknEfiAWsTgVxunxpJ4Cim6vi_Y.roa (raw, json)
Hash identifier:          9nT6QBaPn6YGSLcfszLUc2cPb60rXG8wS9MlLTeVBhw=
Subject key identifier:   96:49:C4:7E:20:16:B1:38:15:C6:E9:F1:A4:9E:02:8A:6E:AF:8B:F6
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       0195B25E75D7581C46F7589A94DBC3CC38CB
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/lknEfiAWsTgVxunxpJ4Cim6vi_Y.roa
Signing time:             Thu 20 Mar 2025 07:04:49 +0000
ROA not before:           Thu 20 Mar 2025 07:04:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43704
IP address blocks:        89.34.100.0/24 maxlen: 24
                          185.248.137.0/24 maxlen: 24
                          2a03:9c00:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 22:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b2:5e:75:d7:58:1c:46:f7:58:9a:94:db:c3:cc:38:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Mar 20 07:04:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9649c47e2016b13815c6e9f1a49e028a6eaf8bf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:68:33:47:36:d7:d4:6a:cc:35:e6:39:5a:b6:
                    92:a7:f5:91:3c:c9:94:a3:12:84:67:7f:ae:c6:21:
                    95:b9:e4:58:80:c2:69:1c:2f:55:f9:a7:9a:28:a7:
                    d2:9f:93:98:bc:80:b8:73:dd:1d:a0:12:e3:d1:d9:
                    48:e2:e7:e8:fa:d3:4d:c5:39:f8:f9:9f:1c:10:d1:
                    36:6c:19:77:94:ea:8f:8b:e8:84:b8:46:5a:bc:40:
                    7f:4f:ab:b5:d5:c7:42:19:0a:c4:7f:4e:dc:27:19:
                    6c:02:ee:27:0c:16:7a:9a:89:eb:c7:72:e2:4d:84:
                    32:e1:99:b0:63:2b:2e:3f:b4:32:a9:93:fb:c4:30:
                    c1:fb:d3:56:c2:99:f4:fb:bc:3f:ef:a6:d9:e7:fd:
                    08:f4:f2:a6:0a:14:96:88:97:6d:e6:1d:b1:d0:1c:
                    88:bc:77:f5:18:ec:3a:0b:db:df:10:88:79:84:2d:
                    a4:52:1e:0b:09:61:9d:9c:4a:ae:86:cb:b4:53:63:
                    e1:1c:b7:9b:81:94:ab:47:29:e2:16:c5:40:59:35:
                    0d:ce:6b:e1:f5:4a:23:f4:4c:03:e5:58:2f:64:f8:
                    63:a8:11:59:66:67:a0:c4:59:b9:57:05:45:b5:a9:
                    a4:b7:18:5a:ed:ee:a5:a4:1b:12:46:a3:a7:cd:0a:
                    77:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:49:C4:7E:20:16:B1:38:15:C6:E9:F1:A4:9E:02:8A:6E:AF:8B:F6
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/lknEfiAWsTgVxunxpJ4Cim6vi_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.100.0/24
                  185.248.137.0/24
                IPv6:
                  2a03:9c00:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:1a:a7:47:cd:39:66:01:0e:19:c3:5a:f1:50:43:f0:75:f8:
         80:a1:05:7b:3a:0d:2f:b6:4b:3f:0d:e9:30:14:31:5d:a4:5f:
         3d:e7:3e:04:08:64:c6:37:2e:c0:a1:bf:77:ae:cd:7d:98:75:
         b3:71:d3:bd:f8:45:44:bb:35:21:c9:77:b8:d7:e3:a8:68:cd:
         2a:1f:ab:0a:7f:70:c2:99:a8:76:e0:de:b5:cb:7b:a9:21:cb:
         42:44:14:49:df:53:50:da:4b:0a:1a:b6:b1:05:d6:5f:ec:14:
         88:5c:75:9f:04:08:d5:70:de:78:e4:6c:e7:78:74:7f:c3:4f:
         d0:7b:c3:7e:33:9c:64:50:7c:95:8e:3f:07:d8:5f:c3:7f:cf:
         4b:98:20:06:58:a2:8e:5f:ec:77:0c:7a:1f:dc:0f:dd:0b:7d:
         00:3c:1b:9d:46:65:83:68:cf:0f:d9:74:cd:a8:34:77:85:42:
         35:14:4e:c5:46:df:96:5a:4c:26:95:e5:07:54:35:7c:8f:4c:
         ff:d7:a3:7c:63:65:11:9d:79:42:4a:02:4d:bc:7d:c7:9b:f6:
         ad:9d:45:ab:f3:c5:91:84:ad:df:f7:9d:e2:8f:ca:93:62:37:
         8b:b6:af:f5:87:86:32:b4:44:b1:3e:7f:76:9c:30:dd:17:74:
         2b:c3:46:1d
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZWyXnXXWBxG91ialNvDzDjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjUwMzIwMDcwNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjQ5YzQ3ZTIwMTZiMTM4MTVjNmU5ZjFhNDllMDI4YTZlYWY4YmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGgzRzbX1GrMNeY5WraSp/WRPMmU
oxKEZ3+uxiGVueRYgMJpHC9V+aeaKKfSn5OYvIC4c90doBLj0dlI4ufo+tNNxTn4
+Z8cENE2bBl3lOqPi+iEuEZavEB/T6u11cdCGQrEf07cJxlsAu4nDBZ6monrx3Li
TYQy4ZmwYysuP7QyqZP7xDDB+9NWwpn0+7w/76bZ5/0I9PKmChSWiJdt5h2x0ByI
vHf1GOw6C9vfEIh5hC2kUh4LCWGdnEquhsu0U2PhHLebgZSrRyniFsVAWTUNzmvh
9Uoj9EwD5VgvZPhjqBFZZmegxFm5VwVFtamktxha7e6lpBsSRqOnzQp3BQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJZJxH4gFrE4Fcbp8aSeAopur4v2MB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvbGtuRWZpQVdzVGdWeHVueHBKNENpbTZ2aV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAWSJkAwQA
ufiJMA8EAgACMAkDBwAqA5wAAAQwDQYJKoZIhvcNAQELBQADggEBADgap0fNOWYB
DhnDWvFQQ/B1+IChBXs6DS+2Sz8N6TAUMV2kXz3nPgQIZMY3LsChv3euzX2YdbNx
0734RUS7NSHJd7jX46hozSofqwp/cMKZqHbg3rXLe6khy0JEFEnfU1DaSwoatrEF
1l/sFIhcdZ8ECNVw3njkbOd4dH/DT9B7w34znGRQfJWOPwfYX8N/z0uYIAZYoo5f
7HcMeh/cD90LfQA8G51GZYNozw/ZdM2oNHeFQjUUTsVG35ZaTCaV5QdUNXyPTP/X
o3xjZRGdeUJKAk28fceb9q2dRavzxZGErd/3neKPypNiN4u2r/WHhjK0RLE+f3ac
MN0XdCvDRh0=
-----END CERTIFICATE-----