Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/ySRDlwFvtMEyAEchCR7IpwI1hOE.roa
File:                     ySRDlwFvtMEyAEchCR7IpwI1hOE.roa (raw, json)
Hash identifier:          Se2FW8a2atFU/DlmDTltY5HULLymwYj0jaibNxe54YE=
Subject key identifier:   C9:24:43:97:01:6F:B4:C1:32:00:47:21:09:1E:C8:A7:02:35:84:E1
Certificate issuer:       /CN=d7d0674bd6f0cc9175219a328c8b396829f6c0af
Certificate serial:       01941FFA25AE84310ADA49682EA1B917D0B0
Authority key identifier: D7:D0:67:4B:D6:F0:CC:91:75:21:9A:32:8C:8B:39:68:29:F6:C0:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/ySRDlwFvtMEyAEchCR7IpwI1hOE.roa
Signing time:             Wed 01 Jan 2025 03:47:54 +0000
ROA not before:           Wed 01 Jan 2025 03:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32787
IP address blocks:        89.147.32.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:25:ae:84:31:0a:da:49:68:2e:a1:b9:17:d0:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7d0674bd6f0cc9175219a328c8b396829f6c0af
        Validity
            Not Before: Jan  1 03:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9244397016fb4c132004721091ec8a7023584e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c9:cc:30:87:fe:21:6b:26:d1:12:e5:42:c6:
                    c7:33:de:bf:de:fd:f2:8e:44:d2:99:3e:65:06:10:
                    da:d8:a5:9e:6e:5a:15:2d:8c:4a:1a:3e:0b:86:59:
                    90:03:1d:b7:eb:dc:a6:96:8e:22:87:e7:ed:06:7e:
                    4b:37:c2:e9:11:65:dc:d7:b4:48:0c:38:87:40:84:
                    39:73:55:bc:51:94:1a:39:35:7a:fa:42:bc:b2:7a:
                    ce:1b:13:7d:a2:46:f2:40:6a:52:be:64:b2:ba:a5:
                    d3:7c:0a:d9:28:4f:cb:18:30:c9:e3:8e:cf:03:ee:
                    83:d1:e7:ba:4e:9b:fc:b4:4e:93:d2:a8:e4:29:17:
                    20:9c:ea:b6:94:1e:c9:ec:19:1d:ac:2a:08:33:3b:
                    a3:84:e6:87:ee:48:4e:05:c8:6d:89:2a:0e:22:a0:
                    5b:44:73:08:18:db:2d:4a:04:c2:aa:ca:94:d4:21:
                    f3:ea:4c:be:33:0d:c6:e0:e8:29:1b:46:0a:be:45:
                    db:a2:5a:66:a7:c4:24:22:06:1a:f5:0c:64:47:ce:
                    3d:e6:b7:3d:89:9f:b1:2e:a8:96:c6:11:82:30:20:
                    b7:37:df:17:f4:16:72:e9:46:d0:f1:5c:55:9d:ad:
                    e1:51:8a:72:3a:1f:cd:11:99:76:ef:a9:b4:9c:bb:
                    ca:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:24:43:97:01:6F:B4:C1:32:00:47:21:09:1E:C8:A7:02:35:84:E1
            X509v3 Authority Key Identifier:
                keyid:D7:D0:67:4B:D6:F0:CC:91:75:21:9A:32:8C:8B:39:68:29:F6:C0:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/19BnS9bwzJF1IZoyjIs5aCn2wK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/ySRDlwFvtMEyAEchCR7IpwI1hOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b30e5d-8b3b-4287-9b3b-8232fa3e629d/1/19BnS9bwzJF1IZoyjIs5aCn2wK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.147.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:ee:0b:6c:76:cb:9b:be:7f:bd:de:00:ff:a0:69:77:6c:e0:
         ea:15:37:c0:aa:2e:1f:cd:93:ff:c1:70:d9:1b:94:23:03:5d:
         7b:18:23:bb:97:00:19:77:ab:3e:c9:3b:6b:05:fd:bf:10:71:
         e6:84:54:aa:c0:0f:59:8f:41:26:4f:e5:1b:db:14:4a:2e:23:
         82:e5:24:2d:69:f3:c9:83:a5:33:f6:cd:4a:78:7c:7a:e0:5d:
         85:23:92:e6:11:75:88:61:0a:62:43:a2:87:13:99:f3:13:c8:
         bb:f1:02:42:52:c2:a3:6b:65:3d:3c:48:7a:a6:fc:8c:60:07:
         ca:67:ed:b9:62:14:36:8d:5a:16:89:2c:d5:ab:c3:09:cb:b4:
         ef:e7:d2:36:21:4b:c1:f6:46:da:bb:b2:e1:97:2a:25:db:5a:
         bb:fd:16:c4:93:70:27:81:41:56:d2:68:86:92:e4:8f:a6:f8:
         da:72:6a:56:7e:81:b2:91:aa:40:ac:22:c4:72:28:0a:fd:ba:
         82:9d:96:0c:61:62:e7:32:8c:cf:d9:55:3d:5e:06:c5:15:69:
         6d:01:1f:c3:f2:d1:12:8d:bc:c8:0c:3f:d1:70:6f:4c:d0:f8:
         27:09:66:36:da:aa:3e:cb:e1:cc:aa:a7:cc:d3:c7:7e:c0:f7:
         75:1d:39:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+iWuhDEK2kloLqG5F9CwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZDA2NzRiZDZmMGNjOTE3NTIxOWEzMjhjOGIzOTY4Mjlm
NmMwYWYwHhcNMjUwMTAxMDM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTI0NDM5NzAxNmZiNGMxMzIwMDQ3MjEwOTFlYzhhNzAyMzU4NGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsnMMIf+IWsm0RLlQsbHM96/3v3y
jkTSmT5lBhDa2KWebloVLYxKGj4LhlmQAx2369ymlo4ih+ftBn5LN8LpEWXc17RI
DDiHQIQ5c1W8UZQaOTV6+kK8snrOGxN9okbyQGpSvmSyuqXTfArZKE/LGDDJ447P
A+6D0ee6Tpv8tE6T0qjkKRcgnOq2lB7J7BkdrCoIMzujhOaH7khOBchtiSoOIqBb
RHMIGNstSgTCqsqU1CHz6ky+Mw3G4OgpG0YKvkXbolpmp8QkIgYa9QxkR8495rc9
iZ+xLqiWxhGCMCC3N98X9BZy6UbQ8VxVna3hUYpyOh/NEZl276m0nLvK8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkkQ5cBb7TBMgBHIQkeyKcCNYThMB8GA1UdIwQY
MBaAFNfQZ0vW8MyRdSGaMoyLOWgp9sCvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTlCblM5Ynd6SkYxSVpveWpJczVhQ24yd0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iMzBlNWQtOGIzYi00Mjg3LTliM2It
ODIzMmZhM2U2MjlkLzEveVNSRGx3RnZ0TUV5QUVjaENSN0lwd0kxaE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iMzBlNWQtOGIzYi00Mjg3LTliM2ItODIzMmZhM2U2Mjlk
LzEvMTlCblM5Ynd6SkYxSVpveWpJczVhQ24yd0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWZMgMA0G
CSqGSIb3DQEBCwUAA4IBAQCf7gtsdsubvn+93gD/oGl3bODqFTfAqi4fzZP/wXDZ
G5QjA117GCO7lwAZd6s+yTtrBf2/EHHmhFSqwA9Zj0EmT+Ub2xRKLiOC5SQtafPJ
g6Uz9s1KeHx64F2FI5LmEXWIYQpiQ6KHE5nzE8i78QJCUsKja2U9PEh6pvyMYAfK
Z+25YhQ2jVoWiSzVq8MJy7Tv59I2IUvB9kbau7Lhlyol21q7/RbEk3AngUFW0miG
kuSPpvjacmpWfoGykapArCLEcigK/bqCnZYMYWLnMozP2VU9XgbFFWltAR/D8tES
jbzIDD/RcG9M0PgnCWY22qo+y+HMqqfM08d+wPd1HTng
-----END CERTIFICATE-----