Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/R-zlTRCJQKSl_ewTqXfOSc7Vtqg.roa
File:                     R-zlTRCJQKSl_ewTqXfOSc7Vtqg.roa (raw, json)
Hash identifier:          XFEzs0M4a9iEaS9JRy7Vq8jW1pcSigBA3pXsUq6EUXE=
Subject key identifier:   47:EC:E5:4D:10:89:40:A4:A5:FD:EC:13:A9:77:CE:49:CE:D5:B6:A8
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       019421B1B4873E9A5D9E04376BAB9AF728B9
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/R-zlTRCJQKSl_ewTqXfOSc7Vtqg.roa
Signing time:             Wed 01 Jan 2025 11:48:01 +0000
ROA not before:           Wed 01 Jan 2025 11:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64452
IP address blocks:        89.44.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b4:87:3e:9a:5d:9e:04:37:6b:ab:9a:f7:28:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: Jan  1 11:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47ece54d108940a4a5fdec13a977ce49ced5b6a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8e:14:f4:83:94:f1:fb:94:3d:d3:5c:f2:f2:
                    12:4c:2b:67:ab:82:29:6b:98:ff:01:cb:1a:08:e4:
                    43:3d:79:95:52:28:65:11:88:3c:d8:70:af:c4:99:
                    f7:17:17:50:a8:50:22:63:c0:70:9e:b3:4a:6a:d6:
                    95:7a:9a:82:ee:b2:90:0b:be:80:bc:86:8f:92:da:
                    ee:f0:02:ad:30:76:01:78:a0:95:61:5e:d7:bb:e9:
                    46:8f:f4:2c:ca:35:96:1f:d1:88:66:a8:a4:36:13:
                    03:7f:48:ed:7d:4c:d9:e8:80:7c:6e:72:f4:c9:b1:
                    bd:a5:68:e4:d1:d3:a7:3f:d5:51:d6:2d:36:50:1c:
                    e6:be:84:18:d3:bf:b4:45:e7:9e:d7:e4:e1:e0:4c:
                    bc:de:88:1b:41:be:62:94:fb:82:bc:fc:95:db:ca:
                    b6:c3:57:c6:7f:1d:01:50:7f:a8:7e:f3:2a:e3:ec:
                    c5:9d:2e:77:86:bf:de:99:24:57:8b:42:44:d6:b2:
                    6c:b4:f0:61:bb:d4:77:25:6f:a9:4b:3f:40:4b:1b:
                    06:6e:ba:42:a2:89:2e:24:69:70:b3:6c:57:7e:1e:
                    09:b5:4e:55:be:3a:6c:74:28:e4:28:19:20:53:ba:
                    30:da:5e:36:85:d3:a2:3f:99:c7:96:a3:65:66:08:
                    92:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EC:E5:4D:10:89:40:A4:A5:FD:EC:13:A9:77:CE:49:CE:D5:B6:A8
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/R-zlTRCJQKSl_ewTqXfOSc7Vtqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:38:3d:b9:57:89:07:9d:8a:03:bb:2f:05:71:91:de:31:14:
         e8:93:e0:58:b3:ce:4a:89:34:51:f6:13:a8:07:7b:e6:c2:f4:
         6f:95:86:fd:5e:69:bb:ba:02:8f:99:d2:99:0f:78:0a:88:2d:
         66:7b:71:58:e7:c5:8c:c8:45:ed:a7:89:8c:57:80:83:0f:34:
         f8:21:d1:ed:d4:02:38:4b:fe:ef:fb:35:2e:d7:0e:5c:50:26:
         91:5a:b6:44:e1:43:db:b4:3d:e0:8e:20:79:1c:7a:d5:ce:2f:
         24:c7:be:5c:ed:8f:32:cb:8c:7a:8f:dd:c1:88:13:9a:c3:cb:
         6f:35:0d:5c:9c:57:52:e9:04:70:f2:f1:52:92:7c:31:f8:78:
         4e:82:13:81:81:23:4a:05:21:e8:d1:28:68:6a:f6:dc:d9:2a:
         9d:3b:42:50:d6:f6:9e:b6:8a:ad:bf:b1:3d:76:0e:24:33:74:
         47:20:03:cd:bb:e0:c2:00:45:3a:a2:0a:76:1d:a7:d1:44:3f:
         09:3d:e0:72:01:e5:a2:25:55:4f:f4:a0:8a:54:34:53:0c:23:
         e1:cb:7c:cf:3d:8f:30:40:26:b7:05:b9:bc:89:aa:cd:6d:01:
         42:f6:01:6b:96:14:ed:33:d0:84:fb:a5:e4:d4:0d:ef:d8:bb:
         f3:97:b8:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbSHPppdngQ3a6ua9yi5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2VjZTU0ZDEwODk0MGE0YTVmZGVjMTNhOTc3Y2U0OWNlZDViNmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApY4U9IOU8fuUPdNc8vISTCtnq4Ip
a5j/AcsaCORDPXmVUihlEYg82HCvxJn3FxdQqFAiY8BwnrNKataVepqC7rKQC76A
vIaPktru8AKtMHYBeKCVYV7Xu+lGj/QsyjWWH9GIZqikNhMDf0jtfUzZ6IB8bnL0
ybG9pWjk0dOnP9VR1i02UBzmvoQY07+0Reee1+Th4Ey83ogbQb5ilPuCvPyV28q2
w1fGfx0BUH+ofvMq4+zFnS53hr/emSRXi0JE1rJstPBhu9R3JW+pSz9ASxsGbrpC
ookuJGlws2xXfh4JtU5VvjpsdCjkKBkgU7ow2l42hdOiP5nHlqNlZgiSbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfs5U0QiUCkpf3sE6l3zknO1baoMB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEvUi16bFRSQ0pRS1NsX2V3VHFYZk9TYzdWdHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2MtMTkwM2VkYWZhOGJm
LzEvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSxXMA0G
CSqGSIb3DQEBCwUAA4IBAQA8OD25V4kHnYoDuy8FcZHeMRTok+BYs85KiTRR9hOo
B3vmwvRvlYb9Xmm7ugKPmdKZD3gKiC1me3FY58WMyEXtp4mMV4CDDzT4IdHt1AI4
S/7v+zUu1w5cUCaRWrZE4UPbtD3gjiB5HHrVzi8kx75c7Y8yy4x6j93BiBOaw8tv
NQ1cnFdS6QRw8vFSknwx+HhOghOBgSNKBSHo0Shoavbc2SqdO0JQ1vaetoqtv7E9
dg4kM3RHIAPNu+DCAEU6ogp2HafRRD8JPeByAeWiJVVP9KCKVDRTDCPhy3zPPY8w
QCa3Bbm8iarNbQFC9gFrlhTtM9CE+6Xk1A3v2Lvzl7jj
-----END CERTIFICATE-----