Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/adPv80nsAvDoMdbWFhmbQrTYx_c.roa
File:                     adPv80nsAvDoMdbWFhmbQrTYx_c.roa (raw, json)
Hash identifier:          4ui5pcCs9o10PJAGBjhy0LQC0IJvn6eEg11QBgbYrhM=
Subject key identifier:   69:D3:EF:F3:49:EC:02:F0:E8:31:D6:D6:16:19:9B:42:B4:D8:C7:F7
Certificate issuer:       /CN=a389e7035b08e181a341f37eda7343d23f1cafa4
Certificate serial:       0194258F0490053D709614CA2686C7C6A508
Authority key identifier: A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/adPv80nsAvDoMdbWFhmbQrTYx_c.roa
Signing time:             Thu 02 Jan 2025 05:48:37 +0000
ROA not before:           Thu 02 Jan 2025 05:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54588
IP address blocks:        176.121.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:04:90:05:3d:70:96:14:ca:26:86:c7:c6:a5:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a389e7035b08e181a341f37eda7343d23f1cafa4
        Validity
            Not Before: Jan  2 05:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69d3eff349ec02f0e831d6d616199b42b4d8c7f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f6:bf:cd:11:e7:72:4b:e1:21:f7:13:bb:11:
                    de:97:3c:30:5e:a4:aa:76:28:64:ac:a2:e8:b7:b2:
                    38:99:01:2b:01:db:b0:ed:e9:1c:2d:d4:ff:6e:c0:
                    51:04:26:15:11:0a:bb:72:4d:b1:1d:fd:c5:01:85:
                    21:15:db:57:40:b2:f7:3e:c2:c9:77:b3:06:d8:22:
                    54:91:40:f6:17:3d:91:52:f2:00:43:a0:6a:b6:16:
                    35:32:90:a0:4b:0c:33:ea:f6:aa:47:96:57:be:a3:
                    8a:0f:4b:61:8e:97:80:96:9d:c4:05:10:34:ce:0d:
                    bb:28:d1:02:bb:3c:8e:ae:b4:18:40:c0:6b:4c:0e:
                    ea:fc:81:23:5f:ed:cd:6f:f9:37:ce:53:1a:69:c6:
                    b7:ed:9d:a7:75:d2:fe:c0:e6:47:71:c9:cb:50:9b:
                    61:c5:04:ff:da:f6:15:29:d3:aa:41:88:a5:bb:af:
                    d7:e2:d3:da:6a:6f:4f:a9:52:3c:e3:ee:ec:3b:0e:
                    4e:37:04:21:cd:1d:13:30:db:1a:a3:08:24:42:c1:
                    1e:d8:d7:2a:a3:a3:64:38:24:8d:41:be:47:15:a9:
                    02:44:a4:0a:58:c6:5a:0f:d7:36:17:15:9d:5f:31:
                    e9:ef:93:81:0b:ad:04:4f:9a:18:b9:ae:7b:37:51:
                    26:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D3:EF:F3:49:EC:02:F0:E8:31:D6:D6:16:19:9B:42:B4:D8:C7:F7
            X509v3 Authority Key Identifier:
                keyid:A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/adPv80nsAvDoMdbWFhmbQrTYx_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:18:42:26:27:77:58:8b:dc:1c:5f:e1:39:33:1f:6c:9b:f9:
         31:d2:22:40:de:8a:d2:91:d9:87:8e:5a:e2:d4:98:15:bc:ed:
         59:e7:07:ee:7c:54:b2:59:e6:8a:9c:6c:6f:ef:1f:62:5f:81:
         7c:73:c2:bf:98:90:3b:a0:a9:74:85:60:79:d4:11:de:68:a2:
         34:09:44:79:40:fc:2d:5c:96:55:2b:e1:3a:24:f2:97:22:cd:
         d9:ff:c9:90:05:de:65:42:c5:3e:c5:43:6f:3e:d2:15:b7:16:
         1a:70:90:1e:48:10:64:c8:06:be:8b:27:ea:ee:67:b3:2a:d3:
         12:8b:2a:19:40:af:49:65:a5:64:c4:0e:9f:3d:43:f1:ef:7e:
         02:49:f2:48:29:c8:bc:c9:57:25:35:db:47:63:8a:35:30:6f:
         6e:fa:50:f4:7f:f0:f4:b7:e3:a3:3a:1b:ca:4a:a2:80:15:42:
         ee:e1:1a:e5:20:40:35:30:39:4c:43:f2:b2:4e:d8:5e:32:08:
         12:a3:01:82:ec:46:90:d9:53:c8:c8:0c:50:b9:d5:1d:c2:38:
         bb:14:4d:46:98:84:a6:bd:61:02:d1:43:05:02:dd:f5:c8:74:
         9c:8d:02:9d:c3:f2:1e:b1:48:90:2c:8a:b9:0f:f9:51:ca:f9:
         c0:15:e9:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwSQBT1wlhTKJobHxqUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODllNzAzNWIwOGUxODFhMzQxZjM3ZWRhNzM0M2QyM2Yx
Y2FmYTQwHhcNMjUwMTAyMDU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWQzZWZmMzQ5ZWMwMmYwZTgzMWQ2ZDYxNjE5OWI0MmI0ZDhjN2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/a/zRHnckvhIfcTuxHelzwwXqSq
dihkrKLot7I4mQErAduw7ekcLdT/bsBRBCYVEQq7ck2xHf3FAYUhFdtXQLL3PsLJ
d7MG2CJUkUD2Fz2RUvIAQ6BqthY1MpCgSwwz6vaqR5ZXvqOKD0thjpeAlp3EBRA0
zg27KNECuzyOrrQYQMBrTA7q/IEjX+3Nb/k3zlMaaca37Z2nddL+wOZHccnLUJth
xQT/2vYVKdOqQYilu6/X4tPaam9PqVI84+7sOw5ONwQhzR0TMNsaowgkQsEe2Ncq
o6NkOCSNQb5HFakCRKQKWMZaD9c2FxWdXzHp75OBC60ET5oYua57N1Em2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnT7/NJ7ALw6DHW1hYZm0K02Mf3MB8GA1UdIwQY
MBaAFKOJ5wNbCOGBo0HzftpzQ9I/HK+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWIt
MGU3MjQxNmI0ZGM3LzEvYWRQdjgwbnNBdkRvTWRiV0ZobWJRclRZeF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWItMGU3MjQxNmI0ZGM3
LzEvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHlZMA0G
CSqGSIb3DQEBCwUAA4IBAQBPGEImJ3dYi9wcX+E5Mx9sm/kx0iJA3orSkdmHjlri
1JgVvO1Z5wfufFSyWeaKnGxv7x9iX4F8c8K/mJA7oKl0hWB51BHeaKI0CUR5QPwt
XJZVK+E6JPKXIs3Z/8mQBd5lQsU+xUNvPtIVtxYacJAeSBBkyAa+iyfq7mezKtMS
iyoZQK9JZaVkxA6fPUPx734CSfJIKci8yVclNdtHY4o1MG9u+lD0f/D0t+OjOhvK
SqKAFULu4RrlIEA1MDlMQ/KyTtheMggSowGC7EaQ2VPIyAxQudUdwji7FE1GmISm
vWEC0UMFAt31yHScjQKdw/IesUiQLIq5D/lRyvnAFem4
-----END CERTIFICATE-----