Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/9iqSmqOmwYolvlUQPEw-4yG9OL0.roa
File:                     9iqSmqOmwYolvlUQPEw-4yG9OL0.roa (raw, json)
Hash identifier:          jVGrDYNyV7dR3JA465skWvos0ET7GjG7Xa+KRRTUxe4=
Subject key identifier:   F6:2A:92:9A:A3:A6:C1:8A:25:BE:55:10:3C:4C:3E:E3:21:BD:38:BD
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F498E943CF4A017F8A3B8C6721522
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/9iqSmqOmwYolvlUQPEw-4yG9OL0.roa
Signing time:             Thu 02 Jan 2025 05:48:54 +0000
ROA not before:           Thu 02 Jan 2025 05:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39216
IP address blocks:        213.198.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:49:8e:94:3c:f4:a0:17:f8:a3:b8:c6:72:15:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f62a929aa3a6c18a25be55103c4c3ee321bd38bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a7:85:54:cb:ac:1c:72:d9:6e:af:60:f3:da:
                    53:53:0a:21:9e:9a:4b:42:3f:31:61:9f:26:5a:e0:
                    6f:e3:0c:9e:ec:79:3c:0b:04:b7:21:a0:90:4a:9f:
                    73:2e:f4:5f:92:55:fd:20:15:da:e6:ae:9f:5b:64:
                    9e:7d:5b:c5:f7:a9:06:14:4c:77:f4:13:ef:aa:be:
                    16:10:64:44:34:38:3c:73:20:15:36:f5:fd:f7:12:
                    28:25:4b:0c:b8:dd:66:c5:bd:25:5f:f7:73:b0:18:
                    df:c2:11:31:0d:07:5c:87:fc:f6:83:8f:bf:4b:90:
                    85:af:8b:c0:12:7c:10:47:e6:f4:f9:d5:e9:19:18:
                    f6:02:67:83:89:6f:f6:59:fd:c2:c2:bf:60:49:12:
                    48:23:5d:d2:1c:3f:fd:a4:00:56:6d:97:4c:62:34:
                    25:62:b9:10:18:0e:cc:50:fc:db:33:74:dd:41:ce:
                    53:07:c9:93:69:fe:9c:54:02:cc:d2:66:98:0d:77:
                    28:7d:07:5c:a3:05:49:1d:6f:5c:d0:c6:66:b3:9a:
                    38:3a:be:26:d6:5b:02:9d:d2:a8:af:9a:95:c8:82:
                    57:3a:d8:fa:55:4c:9a:7c:32:fd:41:73:f5:27:8c:
                    1d:7d:0e:2e:28:a9:3c:9d:21:78:8a:57:ce:50:36:
                    cf:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:2A:92:9A:A3:A6:C1:8A:25:BE:55:10:3C:4C:3E:E3:21:BD:38:BD
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/9iqSmqOmwYolvlUQPEw-4yG9OL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:76:70:92:e9:64:ab:ca:7a:b9:a4:d6:0e:96:43:04:09:2b:
         9a:ae:7b:ce:82:d7:be:65:cc:fd:75:f6:a7:5e:83:16:0d:8c:
         74:2f:86:ef:1a:a5:f1:06:15:3f:87:41:2e:de:db:9b:ad:f9:
         5a:f7:bc:80:f7:c1:bd:43:42:6b:b1:b9:84:be:01:27:2f:69:
         29:90:8b:ff:12:80:f1:3d:78:1d:ca:05:ee:af:90:5b:c3:41:
         ef:e1:9e:e9:f6:34:e1:90:78:58:9b:e4:d0:84:b2:e4:0c:18:
         83:20:15:19:10:64:3b:ae:1e:98:be:ea:c7:26:f4:a8:c8:08:
         bb:d9:93:28:88:7b:24:b3:b3:02:1f:c6:d8:0a:50:23:bd:47:
         f3:e5:c0:8e:de:e7:44:9a:90:76:15:b2:8e:5a:27:5b:0c:c0:
         f4:54:f4:37:1e:37:75:d3:c5:d2:d4:2c:e6:b3:6a:5d:a6:9a:
         87:da:3d:09:0f:3e:da:c9:6c:79:2a:02:e6:2b:f1:89:1e:47:
         53:3b:8c:79:d1:56:97:1f:fa:c4:08:21:15:06:8f:cd:c7:ec:
         0a:52:fe:96:06:2d:fd:eb:19:f5:2c:0a:05:aa:73:08:de:60:
         78:61:a5:8e:f6:be:3c:5f:08:42:b0:0b:8e:ce:cf:e2:71:a6:
         e8:f8:f4:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj0mOlDz0oBf4o7jGchUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjJhOTI5YWEzYTZjMThhMjViZTU1MTAzYzRjM2VlMzIxYmQzOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqeFVMusHHLZbq9g89pTUwohnppL
Qj8xYZ8mWuBv4wye7Hk8CwS3IaCQSp9zLvRfklX9IBXa5q6fW2SefVvF96kGFEx3
9BPvqr4WEGRENDg8cyAVNvX99xIoJUsMuN1mxb0lX/dzsBjfwhExDQdch/z2g4+/
S5CFr4vAEnwQR+b0+dXpGRj2AmeDiW/2Wf3Cwr9gSRJII13SHD/9pABWbZdMYjQl
YrkQGA7MUPzbM3TdQc5TB8mTaf6cVALM0maYDXcofQdcowVJHW9c0MZms5o4Or4m
1lsCndKor5qVyIJXOtj6VUyafDL9QXP1J4wdfQ4uKKk8nSF4ilfOUDbPjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYqkpqjpsGKJb5VEDxMPuMhvTi9MB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvOWlxU21xT213WW9sdmxVUVBFdy00eUc5T0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cZZMA0G
CSqGSIb3DQEBCwUAA4IBAQCndnCS6WSrynq5pNYOlkMECSuarnvOgte+Zcz9dfan
XoMWDYx0L4bvGqXxBhU/h0Eu3tubrfla97yA98G9Q0JrsbmEvgEnL2kpkIv/EoDx
PXgdygXur5Bbw0Hv4Z7p9jThkHhYm+TQhLLkDBiDIBUZEGQ7rh6YvurHJvSoyAi7
2ZMoiHsks7MCH8bYClAjvUfz5cCO3udEmpB2FbKOWidbDMD0VPQ3Hjd108XS1Czm
s2pdppqH2j0JDz7ayWx5KgLmK/GJHkdTO4x50VaXH/rECCEVBo/Nx+wKUv6WBi39
6xn1LAoFqnMI3mB4YaWO9r48XwhCsAuOzs/icabo+PTO
-----END CERTIFICATE-----