Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/907409-5e61-4c66-94e6-d69ea93cbafb/1/EJO9ljE1s0Q84FuNpxDY98O5gUs.roa
File:                     EJO9ljE1s0Q84FuNpxDY98O5gUs.roa (raw, json)
Hash identifier:          MidhZCUKLP8FjCtsor/fdefcfGoS6d1va0RAyvBU+x4=
Subject key identifier:   10:93:BD:96:31:35:B3:44:3C:E0:5B:8D:A7:10:D8:F7:C3:B9:81:4B
Certificate issuer:       /CN=8916aaa5d252fd90145fedac683762d6e2074155
Certificate serial:       019422FAEA160C14DAF31F3D5192FEBF348B
Authority key identifier: 89:16:AA:A5:D2:52:FD:90:14:5F:ED:AC:68:37:62:D6:E2:07:41:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iRaqpdJS_ZAUX-2saDdi1uIHQVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/907409-5e61-4c66-94e6-d69ea93cbafb/1/EJO9ljE1s0Q84FuNpxDY98O5gUs.roa
Signing time:             Wed 01 Jan 2025 17:47:36 +0000
ROA not before:           Wed 01 Jan 2025 17:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13101
IP address blocks:        89.28.176.0/21 maxlen: 21
                          95.214.160.0/22 maxlen: 22
                          185.243.68.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/907409-5e61-4c66-94e6-d69ea93cbafb/1/iRaqpdJS_ZAUX-2saDdi1uIHQVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/907409-5e61-4c66-94e6-d69ea93cbafb/1/iRaqpdJS_ZAUX-2saDdi1uIHQVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iRaqpdJS_ZAUX-2saDdi1uIHQVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 14:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:ea:16:0c:14:da:f3:1f:3d:51:92:fe:bf:34:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8916aaa5d252fd90145fedac683762d6e2074155
        Validity
            Not Before: Jan  1 17:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1093bd963135b3443ce05b8da710d8f7c3b9814b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0b:98:fc:27:10:93:68:25:3c:dd:b3:1e:2b:
                    d1:c2:cf:c4:d9:1a:69:dc:c8:4f:9d:cd:a6:de:49:
                    d6:f0:b0:4b:20:80:2a:38:6d:f4:1c:b6:d2:90:65:
                    42:35:c1:4c:24:2a:e2:0d:75:ae:75:44:c4:e7:b7:
                    ce:bc:fc:ee:bb:ea:e0:22:4c:9e:20:5d:ce:ff:56:
                    b3:78:82:76:3e:cf:cd:af:9c:ac:a7:76:3d:43:24:
                    56:bd:7a:17:64:a8:67:3b:88:a2:19:55:71:63:b9:
                    a4:a8:16:f8:ec:df:f1:a6:a6:85:6f:3c:63:50:a2:
                    95:cc:77:63:c8:4e:18:f2:38:a6:12:e6:50:37:1d:
                    ff:b1:0e:f8:4a:99:cc:93:b9:49:3d:13:0e:a9:ca:
                    2d:74:1d:2d:ea:0e:bd:4b:3a:0b:0a:bc:1b:e7:06:
                    bb:b2:bb:26:a5:5b:a6:57:5c:5b:44:00:90:dc:5b:
                    b2:5f:37:f1:06:68:48:d5:41:c4:40:b3:f3:1f:16:
                    95:96:3b:8c:27:31:8e:72:4b:c2:ac:be:45:3b:1d:
                    c4:6b:ea:d1:d1:76:73:0f:fa:1e:b6:da:f0:c5:3e:
                    a0:75:f7:28:76:94:f0:93:fa:55:1c:f8:83:ec:99:
                    ba:d8:78:cd:45:aa:5d:d6:dd:4b:e3:48:ad:92:69:
                    b2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:93:BD:96:31:35:B3:44:3C:E0:5B:8D:A7:10:D8:F7:C3:B9:81:4B
            X509v3 Authority Key Identifier:
                keyid:89:16:AA:A5:D2:52:FD:90:14:5F:ED:AC:68:37:62:D6:E2:07:41:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iRaqpdJS_ZAUX-2saDdi1uIHQVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/907409-5e61-4c66-94e6-d69ea93cbafb/1/EJO9ljE1s0Q84FuNpxDY98O5gUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/907409-5e61-4c66-94e6-d69ea93cbafb/1/iRaqpdJS_ZAUX-2saDdi1uIHQVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.176.0/21
                  95.214.160.0/22
                  185.243.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:d1:17:94:1c:02:1b:d7:99:15:ab:4f:06:95:17:3e:66:54:
         47:73:5b:bc:8a:b8:b5:42:c2:45:26:e5:ca:ea:c9:af:27:a4:
         bb:e5:70:fa:bd:10:4b:6b:1e:6e:f9:3c:75:66:1b:1d:6c:c7:
         50:e7:82:1c:b3:f2:05:a3:f3:ea:17:c0:08:8d:fd:8c:cd:29:
         56:7c:c5:cb:6d:a2:1b:83:5e:19:33:8c:d1:f3:10:3b:f7:e3:
         ef:99:c2:84:37:df:c1:25:52:44:86:48:9c:93:c4:5f:99:8c:
         61:79:ad:e6:39:32:3e:ef:81:b0:a4:e3:7a:b1:0c:37:96:b6:
         42:57:e6:ba:4d:f2:3b:fe:05:db:86:a3:fc:22:22:bd:07:11:
         ea:96:2a:67:44:74:2a:8d:37:61:89:7a:68:88:28:86:7d:41:
         79:62:22:6f:a3:54:60:d6:0e:86:de:b3:46:4f:51:06:a0:ad:
         84:74:35:ce:47:ba:15:8b:75:94:13:89:10:7a:ff:42:b5:39:
         6e:cb:45:f5:93:07:7d:34:62:eb:33:d5:d6:05:20:35:9e:6c:
         64:9d:58:99:8e:27:5a:e3:c1:c8:bd:dc:c1:94:ab:88:94:7c:
         4d:ce:9d:11:78:d3:20:12:3f:01:71:f4:4d:24:07:b8:2a:9a:
         66:a0:e1:67
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQi+uoWDBTa8x89UZL+vzSLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MTZhYWE1ZDI1MmZkOTAxNDVmZWRhYzY4Mzc2MmQ2ZTIw
NzQxNTUwHhcNMjUwMTAxMTc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDkzYmQ5NjMxMzViMzQ0M2NlMDViOGRhNzEwZDhmN2MzYjk4MTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoguY/CcQk2glPN2zHivRws/E2Rpp
3MhPnc2m3knW8LBLIIAqOG30HLbSkGVCNcFMJCriDXWudUTE57fOvPzuu+rgIkye
IF3O/1azeIJ2Ps/Nr5ysp3Y9QyRWvXoXZKhnO4iiGVVxY7mkqBb47N/xpqaFbzxj
UKKVzHdjyE4Y8jimEuZQNx3/sQ74SpnMk7lJPRMOqcotdB0t6g69SzoLCrwb5wa7
srsmpVumV1xbRACQ3FuyXzfxBmhI1UHEQLPzHxaVljuMJzGOckvCrL5FOx3Ea+rR
0XZzD/oettrwxT6gdfcodpTwk/pVHPiD7Jm62HjNRapd1t1L40itkmmyEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBCTvZYxNbNEPOBbjacQ2PfDuYFLMB8GA1UdIwQY
MBaAFIkWqqXSUv2QFF/trGg3YtbiB0FVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVJhcXBkSlNfWkFVWC0yc2FEZGkxdUlIUVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS85MDc0MDktNWU2MS00YzY2LTk0ZTYt
ZDY5ZWE5M2NiYWZiLzEvRUpPOWxqRTFzMFE4NEZ1TnB4RFk5OE81Z1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS85MDc0MDktNWU2MS00YzY2LTk0ZTYtZDY5ZWE5M2NiYWZi
LzEvaVJhcXBkSlNfWkFVWC0yc2FEZGkxdUlIUVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWRywAwQC
X9agAwQCufNEMA0GCSqGSIb3DQEBCwUAA4IBAQCO0ReUHAIb15kVq08GlRc+ZlRH
c1u8iri1QsJFJuXK6smvJ6S75XD6vRBLax5u+Tx1ZhsdbMdQ54Ics/IFo/PqF8AI
jf2MzSlWfMXLbaIbg14ZM4zR8xA79+PvmcKEN9/BJVJEhkick8RfmYxhea3mOTI+
74GwpON6sQw3lrZCV+a6TfI7/gXbhqP8IiK9BxHqlipnRHQqjTdhiXpoiCiGfUF5
YiJvo1Rg1g6G3rNGT1EGoK2EdDXOR7oVi3WUE4kQev9CtTluy0X1kwd9NGLrM9XW
BSA1nmxknViZjida48HIvdzBlKuIlHxNzp0ReNMgEj8BcfRNJAe4KppmoOFn
-----END CERTIFICATE-----