Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/IoD5gau8ca33bX7P3LRLuiKbRZM.roa
File:                     IoD5gau8ca33bX7P3LRLuiKbRZM.roa (raw, json)
Hash identifier:          j9p5Da+/+Yzr/MRz0NAUAXr0JoA15rp7WE5vGQVI32s=
Subject key identifier:   22:80:F9:81:AB:BC:71:AD:F7:6D:7E:CF:DC:B4:4B:BA:22:9B:45:93
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       01942067FDE5AF370C8803210AE92536E655
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/IoD5gau8ca33bX7P3LRLuiKbRZM.roa
Signing time:             Wed 01 Jan 2025 05:47:53 +0000
ROA not before:           Wed 01 Jan 2025 05:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        89.58.112.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:fd:e5:af:37:0c:88:03:21:0a:e9:25:36:e6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jan  1 05:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2280f981abbc71adf76d7ecfdcb44bba229b4593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3c:c7:6f:65:25:16:89:42:71:f4:d7:84:95:
                    7f:5f:c8:ae:ea:60:87:b3:07:6c:d4:ad:4a:cc:8f:
                    cb:01:7a:35:64:ba:43:67:c8:71:db:b1:38:a3:e2:
                    3c:98:90:2e:7d:53:fe:a8:62:8a:18:da:94:6e:3e:
                    ee:d1:6a:e5:ec:bc:f8:14:8d:57:f8:7c:ee:23:e5:
                    83:34:2a:55:54:9e:cd:a6:33:fd:df:1c:f2:1e:d2:
                    44:58:b9:10:17:8d:fa:b1:9a:70:db:3c:54:f8:07:
                    9a:3e:34:cf:98:32:03:26:b2:1c:a5:13:db:4f:1d:
                    96:1d:b6:0c:d7:41:d0:08:a6:26:b7:db:42:a1:ef:
                    3e:eb:6b:e8:69:03:e1:58:51:08:7c:43:10:c2:30:
                    52:ed:33:ca:44:96:3b:01:f1:c8:59:b3:f6:4a:31:
                    35:d4:13:37:07:97:a4:4e:dc:98:11:8a:a6:15:2a:
                    d3:e1:be:44:21:3a:92:8d:08:89:a2:aa:f7:aa:0d:
                    93:15:64:53:41:f5:cb:40:5a:dc:5d:3b:56:b8:29:
                    51:1e:5e:47:93:26:a5:51:aa:99:24:d9:23:f7:27:
                    09:7d:b9:35:79:db:e9:f5:2f:a9:e8:93:3d:93:9f:
                    0f:9b:3e:bf:76:9a:f9:eb:75:45:a3:12:05:29:d8:
                    d0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:80:F9:81:AB:BC:71:AD:F7:6D:7E:CF:DC:B4:4B:BA:22:9B:45:93
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/IoD5gau8ca33bX7P3LRLuiKbRZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         76:d8:7d:ba:27:74:22:a9:9f:1e:34:5c:c2:e8:a3:02:21:84:
         56:dd:3d:6f:88:11:b2:e8:b7:04:bf:1f:72:5c:c0:f1:36:51:
         19:38:8b:ff:85:53:9b:cc:2d:27:3c:fd:43:d0:99:e0:54:7b:
         a7:b6:35:d7:41:35:c2:17:b9:02:5d:20:03:b6:3e:7e:7e:1d:
         b5:e2:f0:57:d2:eb:d0:c7:f8:2a:99:40:c3:f5:bd:9a:ec:45:
         0e:e2:63:9c:64:a2:16:ff:ed:97:e8:67:df:a7:df:b6:76:53:
         cf:f1:40:32:0d:16:7b:4c:09:69:56:01:96:5b:55:81:1b:d9:
         d9:86:39:56:4f:04:bc:82:25:15:96:20:7f:d4:17:cd:ab:19:
         50:1f:23:91:2b:2e:50:47:98:44:8b:05:50:1a:12:e7:c7:c5:
         16:52:98:85:8d:e3:d5:c3:74:00:15:c6:35:19:d8:1f:e9:f6:
         60:83:b2:fe:9b:11:35:c5:21:72:53:99:55:2a:fa:5e:5a:07:
         98:a2:50:a7:64:bc:d6:6e:e8:dc:93:35:69:3d:4e:3e:09:95:
         87:17:40:57:04:b5:be:8a:7d:12:f2:7d:ea:5d:02:b2:c9:6e:
         20:43:5a:5d:11:05:7c:76:00:3f:c8:1d:8f:2c:a3:2c:d7:db:
         b2:a6:d1:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/3lrzcMiAMhCuklNuZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjUwMTAxMDU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjgwZjk4MWFiYmM3MWFkZjc2ZDdlY2ZkY2I0NGJiYTIyOWI0NTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjzHb2UlFolCcfTXhJV/X8iu6mCH
swds1K1KzI/LAXo1ZLpDZ8hx27E4o+I8mJAufVP+qGKKGNqUbj7u0Wrl7Lz4FI1X
+HzuI+WDNCpVVJ7NpjP93xzyHtJEWLkQF436sZpw2zxU+AeaPjTPmDIDJrIcpRPb
Tx2WHbYM10HQCKYmt9tCoe8+62voaQPhWFEIfEMQwjBS7TPKRJY7AfHIWbP2SjE1
1BM3B5ekTtyYEYqmFSrT4b5EITqSjQiJoqr3qg2TFWRTQfXLQFrcXTtWuClRHl5H
kyalUaqZJNkj9ycJfbk1edvp9S+p6JM9k58Pmz6/dpr563VFoxIFKdjQbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKA+YGrvHGt921+z9y0S7oim0WTMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvSW9ENWdhdThjYTMzYlg3UDNMUkx1aUtiUlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWTpwMA0G
CSqGSIb3DQEBCwUAA4IBAQB22H26J3QiqZ8eNFzC6KMCIYRW3T1viBGy6LcEvx9y
XMDxNlEZOIv/hVObzC0nPP1D0JngVHuntjXXQTXCF7kCXSADtj5+fh214vBX0uvQ
x/gqmUDD9b2a7EUO4mOcZKIW/+2X6Gffp9+2dlPP8UAyDRZ7TAlpVgGWW1WBG9nZ
hjlWTwS8giUVliB/1BfNqxlQHyORKy5QR5hEiwVQGhLnx8UWUpiFjePVw3QAFcY1
Gdgf6fZgg7L+mxE1xSFyU5lVKvpeWgeYolCnZLzWbujckzVpPU4+CZWHF0BXBLW+
in0S8n3qXQKyyW4gQ1pdEQV8dgA/yB2PLKMs19uyptHq
-----END CERTIFICATE-----