Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/ACKW9RfobgNxFmGLo0q9xAh_d6k.roa
File:                     ACKW9RfobgNxFmGLo0q9xAh_d6k.roa (raw, json)
Hash identifier:          sd4MSbt7R4RMvGdT2hp/M6b7EN9LmdrjGUMed4jtMaw=
Subject key identifier:   00:22:96:F5:17:E8:6E:03:71:16:61:8B:A3:4A:BD:C4:08:7F:77:A9
Certificate issuer:       /CN=1e9a92daf08c20b4691b925cf032e5491fe0acc0
Certificate serial:       019425FDE441F87DD1E0E0719047091C6CB0
Authority key identifier: 1E:9A:92:DA:F0:8C:20:B4:69:1B:92:5C:F0:32:E5:49:1F:E0:AC:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/ACKW9RfobgNxFmGLo0q9xAh_d6k.roa
Signing time:             Thu 02 Jan 2025 07:49:43 +0000
ROA not before:           Thu 02 Jan 2025 07:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39785
IP address blocks:        89.105.158.0/24 maxlen: 24
                          185.26.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/HpqS2vCMILRpG5Jc8DLlSR_grMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/HpqS2vCMILRpG5Jc8DLlSR_grMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e4:41:f8:7d:d1:e0:e0:71:90:47:09:1c:6c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9a92daf08c20b4691b925cf032e5491fe0acc0
        Validity
            Not Before: Jan  2 07:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=002296f517e86e037116618ba34abdc4087f77a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a0:4f:57:6b:53:f0:bd:a3:c8:b5:56:f2:4d:
                    1c:0f:67:40:9a:bd:0c:94:a2:1c:6f:00:54:af:1e:
                    1d:5d:fa:fe:b2:dd:c8:ed:11:2d:8a:61:e3:4a:47:
                    e9:bd:84:65:cb:8d:1c:48:55:85:60:a5:e4:f9:34:
                    81:a8:a1:03:75:c8:db:5e:05:40:aa:7d:3b:f7:df:
                    dd:72:85:6d:ff:de:d8:45:be:8d:89:09:07:5e:35:
                    a3:f2:25:66:be:24:a9:c6:66:b5:cd:39:41:7c:aa:
                    11:f2:6c:ac:ef:e1:58:49:78:5f:43:1d:c3:45:1b:
                    bd:91:cd:d1:72:09:f4:30:ee:5d:93:f7:b0:64:1a:
                    e9:a7:84:37:73:50:d1:d8:04:3d:bd:c0:ea:e4:9b:
                    48:8c:8c:99:5b:13:34:a1:71:8f:a1:3d:ff:a0:a7:
                    ec:8e:bb:c2:ca:34:e9:88:a6:a9:03:76:d5:f5:fe:
                    58:d3:73:84:41:00:14:ac:ef:af:2e:8b:56:16:b8:
                    04:01:9e:d3:54:c1:3d:70:af:82:4c:f0:b0:d3:64:
                    f4:8d:a1:d1:2b:63:44:4e:92:33:a1:f2:23:ba:f8:
                    d7:fd:e2:9d:da:c9:84:de:71:d3:56:a9:74:b8:73:
                    03:7a:01:b5:e5:3f:c6:3f:c5:65:0e:66:93:67:9e:
                    fd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:22:96:F5:17:E8:6E:03:71:16:61:8B:A3:4A:BD:C4:08:7F:77:A9
            X509v3 Authority Key Identifier:
                keyid:1E:9A:92:DA:F0:8C:20:B4:69:1B:92:5C:F0:32:E5:49:1F:E0:AC:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/ACKW9RfobgNxFmGLo0q9xAh_d6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/HpqS2vCMILRpG5Jc8DLlSR_grMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.105.158.0/24
                  185.26.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:d9:fa:64:1c:05:20:c2:4c:c9:01:48:18:95:c6:98:0b:9e:
         e8:5c:36:dc:cb:a7:f5:91:7c:e4:f6:07:47:a8:8e:ee:49:67:
         0c:30:30:95:45:5f:90:f0:61:82:7a:de:2f:7a:0c:34:48:54:
         a8:7b:5e:ee:6c:57:7b:89:10:b7:6d:63:16:39:fd:9a:8e:fb:
         69:c4:d5:53:a8:fa:3d:27:7b:a3:cb:59:91:fb:d7:cc:da:c4:
         d1:36:50:d2:c2:dd:da:b2:63:71:68:d2:ee:be:01:de:36:51:
         bd:54:29:d1:17:1b:ef:fe:66:bc:b3:da:77:8e:7c:8b:a9:c2:
         13:9c:a7:2e:95:78:83:46:d5:0c:a6:47:66:97:4d:a0:d5:a1:
         46:48:89:84:a0:68:1d:5e:b2:09:b9:d1:fd:27:d2:84:15:a8:
         56:e1:f7:37:4c:70:68:c4:3a:6d:3b:5c:9b:18:2b:a7:3c:7c:
         ce:58:d9:65:33:4f:50:0d:57:6f:4f:a2:a2:5c:f7:f9:b0:0a:
         f3:4d:ac:9b:dd:79:74:2c:83:1e:71:72:01:7f:69:de:3b:67:
         cf:5f:8d:e1:76:6a:81:ba:38:39:dc:5c:e3:5d:a9:5d:7e:4f:
         91:f2:58:fb:f7:b9:99:2d:fb:79:4c:df:a7:09:23:6b:fb:e5:
         0e:61:d8:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/eRB+H3R4OBxkEcJHGywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWE5MmRhZjA4YzIwYjQ2OTFiOTI1Y2YwMzJlNTQ5MWZl
MGFjYzAwHhcNMjUwMTAyMDc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDIyOTZmNTE3ZTg2ZTAzNzExNjYxOGJhMzRhYmRjNDA4N2Y3N2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqBPV2tT8L2jyLVW8k0cD2dAmr0M
lKIcbwBUrx4dXfr+st3I7REtimHjSkfpvYRly40cSFWFYKXk+TSBqKEDdcjbXgVA
qn0799/dcoVt/97YRb6NiQkHXjWj8iVmviSpxma1zTlBfKoR8mys7+FYSXhfQx3D
RRu9kc3Rcgn0MO5dk/ewZBrpp4Q3c1DR2AQ9vcDq5JtIjIyZWxM0oXGPoT3/oKfs
jrvCyjTpiKapA3bV9f5Y03OEQQAUrO+vLotWFrgEAZ7TVME9cK+CTPCw02T0jaHR
K2NETpIzofIjuvjX/eKd2smE3nHTVql0uHMDegG15T/GP8VlDmaTZ579FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAAilvUX6G4DcRZhi6NKvcQIf3epMB8GA1UdIwQY
MBaAFB6aktrwjCC0aRuSXPAy5Ukf4KzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBxUzJ2Q01JTFJwRzVKYzhETGxTUl9nck1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9jMTQxMTUtOGNmOC00MGM4LTg3Yzgt
Y2U4MmViZTExYWM4LzEvQUNLVzlSZm9iZ054Rm1HTG8wcTl4QWhfZDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9jMTQxMTUtOGNmOC00MGM4LTg3YzgtY2U4MmViZTExYWM4
LzEvSHBxUzJ2Q01JTFJwRzVKYzhETGxTUl9nck1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWmeAwQB
uRrYMA0GCSqGSIb3DQEBCwUAA4IBAQC32fpkHAUgwkzJAUgYlcaYC57oXDbcy6f1
kXzk9gdHqI7uSWcMMDCVRV+Q8GGCet4vegw0SFSoe17ubFd7iRC3bWMWOf2ajvtp
xNVTqPo9J3ujy1mR+9fM2sTRNlDSwt3asmNxaNLuvgHeNlG9VCnRFxvv/ma8s9p3
jnyLqcITnKculXiDRtUMpkdml02g1aFGSImEoGgdXrIJudH9J9KEFahW4fc3THBo
xDptO1ybGCunPHzOWNllM09QDVdvT6KiXPf5sArzTayb3Xl0LIMecXIBf2neO2fP
X43hdmqBujg53FzjXaldfk+R8lj797mZLft5TN+nCSNr++UOYdjA
-----END CERTIFICATE-----