Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/HeuY-063QK_nNTZBJsl2N9nPT0Y.roa
File:                     HeuY-063QK_nNTZBJsl2N9nPT0Y.roa (raw, json)
Hash identifier:          cNW0QUKkOECAhom7mEwINa2XXTLvyYriHy+M/7EUYUc=
Subject key identifier:   1D:EB:98:FB:4E:B7:40:AF:E7:35:36:41:26:C9:76:37:D9:CF:4F:46
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       01942444E287CE5DFFD561AB48E4822729A8
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/HeuY-063QK_nNTZBJsl2N9nPT0Y.roa
Signing time:             Wed 01 Jan 2025 23:48:01 +0000
ROA not before:           Wed 01 Jan 2025 23:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35725
IP address blocks:        89.123.192.0/20 maxlen: 20
                          109.101.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:e2:87:ce:5d:ff:d5:61:ab:48:e4:82:27:29:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jan  1 23:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1deb98fb4eb740afe735364126c97637d9cf4f46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:72:11:8d:57:77:d5:8c:88:12:51:a8:ea:64:
                    62:5b:05:17:ec:7c:95:eb:cb:ec:24:44:cf:ec:a6:
                    ef:af:19:d3:80:34:45:b7:51:d5:53:fc:15:4f:0a:
                    f0:d6:44:0e:12:29:29:80:14:9f:3b:99:f9:bf:96:
                    e9:cf:3b:77:7b:b3:c9:b6:c7:d7:7c:3d:b7:7e:fc:
                    d9:cd:5b:68:b4:37:d2:22:f9:6f:e9:0d:eb:61:e7:
                    6b:5d:66:ad:31:4f:6e:78:03:7a:a3:41:c6:06:18:
                    20:1c:e4:a0:e0:c4:59:8d:7d:df:36:6e:cc:21:76:
                    52:47:0c:ab:ae:2b:a4:d3:72:6a:8d:2b:af:25:9d:
                    a3:76:8f:a8:35:3c:5e:f0:0d:49:80:32:43:ce:f2:
                    e2:40:35:c1:91:ff:4f:0f:b2:43:e5:1c:15:a6:1c:
                    5b:75:28:bf:a4:53:63:ed:2c:58:67:c7:35:76:7f:
                    5d:a3:11:c2:10:b3:c8:3c:19:68:2b:08:8c:d7:ea:
                    ca:e6:03:ce:19:59:2c:c8:26:5a:7b:6f:e6:11:32:
                    88:43:2c:a0:60:d5:71:72:9a:5b:29:48:04:82:02:
                    c3:af:f2:84:ee:74:92:bf:49:94:03:0b:7e:44:b3:
                    27:44:93:d4:f9:31:41:bd:6e:9b:6a:c0:52:1f:96:
                    ab:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:EB:98:FB:4E:B7:40:AF:E7:35:36:41:26:C9:76:37:D9:CF:4F:46
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/HeuY-063QK_nNTZBJsl2N9nPT0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.123.192.0/20
                  109.101.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         91:00:24:de:22:92:79:20:5a:96:5a:4c:90:dd:c2:5e:65:4f:
         0d:37:eb:f8:3e:ee:64:2b:e3:64:0f:8f:7d:80:fd:5b:fe:7b:
         f1:bc:fc:65:0e:77:43:6b:8a:6c:57:2a:0e:20:d7:90:b2:38:
         7b:2e:95:44:21:a0:58:6a:b7:7e:02:5f:d0:c5:ce:98:d5:8f:
         e6:60:11:3a:96:6d:ce:57:f6:21:47:8c:91:5d:92:42:6f:18:
         f0:2b:78:4d:51:e4:42:a5:59:f6:b5:d9:c4:68:bf:3f:20:90:
         de:38:5e:c3:19:4d:ae:3b:8e:f6:2b:23:4d:3b:9a:54:87:3c:
         0b:2e:b7:67:28:72:1a:0b:36:e1:1d:a9:ff:65:ed:bf:bf:3e:
         71:25:e1:21:8a:a5:ad:75:2a:e8:ad:94:0d:3b:8f:47:21:3d:
         62:00:c2:11:1b:39:35:67:73:ec:e5:4b:3d:18:53:e9:18:96:
         0b:1f:cf:e8:54:c4:53:83:d2:ad:cf:ed:f8:56:8a:e7:7c:ec:
         18:fb:9c:76:8d:b3:19:72:b9:30:80:a2:c8:5a:74:2a:35:f8:
         6a:61:6f:a3:3c:3e:19:be:ed:e3:e4:4a:6d:9c:87:15:30:90:
         49:f5:42:f9:43:21:af:35:c6:a1:46:7a:cd:e1:5a:d1:c9:e8:
         68:4a:8b:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkROKHzl3/1WGrSOSCJymoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjUwMTAxMjM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGViOThmYjRlYjc0MGFmZTczNTM2NDEyNmM5NzYzN2Q5Y2Y0ZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nIRjVd31YyIElGo6mRiWwUX7HyV
68vsJETP7KbvrxnTgDRFt1HVU/wVTwrw1kQOEikpgBSfO5n5v5bpzzt3e7PJtsfX
fD23fvzZzVtotDfSIvlv6Q3rYedrXWatMU9ueAN6o0HGBhggHOSg4MRZjX3fNm7M
IXZSRwyrriuk03JqjSuvJZ2jdo+oNTxe8A1JgDJDzvLiQDXBkf9PD7JD5RwVphxb
dSi/pFNj7SxYZ8c1dn9doxHCELPIPBloKwiM1+rK5gPOGVksyCZae2/mETKIQyyg
YNVxcppbKUgEggLDr/KE7nSSv0mUAwt+RLMnRJPU+TFBvW6basBSH5arjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB3rmPtOt0Cv5zU2QSbJdjfZz09GMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvSGV1WS0wNjNRS19uTlRaQkpzbDJOOW5QVDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWXvAAwQF
bWWgMA0GCSqGSIb3DQEBCwUAA4IBAQCRACTeIpJ5IFqWWkyQ3cJeZU8NN+v4Pu5k
K+NkD499gP1b/nvxvPxlDndDa4psVyoOINeQsjh7LpVEIaBYard+Al/Qxc6Y1Y/m
YBE6lm3OV/YhR4yRXZJCbxjwK3hNUeRCpVn2tdnEaL8/IJDeOF7DGU2uO472KyNN
O5pUhzwLLrdnKHIaCzbhHan/Ze2/vz5xJeEhiqWtdSrorZQNO49HIT1iAMIRGzk1
Z3Ps5Us9GFPpGJYLH8/oVMRTg9Ktz+34VornfOwY+5x2jbMZcrkwgKLIWnQqNfhq
YW+jPD4Zvu3j5EptnIcVMJBJ9UL5QyGvNcahRnrN4VrRyehoSosY
-----END CERTIFICATE-----