Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/ygg1jPU11rM4AgPA_fHJm1HIbDA.roa
File:                     ygg1jPU11rM4AgPA_fHJm1HIbDA.roa (raw, json)
Hash identifier:          bQEdp6E9utyQGzeJGQwHEXnTvCFMaSrhkRZ3o6gqExk=
Subject key identifier:   CA:08:35:8C:F5:35:D6:B3:38:02:03:C0:FD:F1:C9:9B:51:C8:6C:30
Certificate issuer:       /CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
Certificate serial:       019427B60C112CD25AA172414E54AD44F707
Authority key identifier: B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/ygg1jPU11rM4AgPA_fHJm1HIbDA.roa
Signing time:             Thu 02 Jan 2025 15:50:29 +0000
ROA not before:           Thu 02 Jan 2025 15:50:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215984
IP address blocks:        89.150.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:0c:11:2c:d2:5a:a1:72:41:4e:54:ad:44:f7:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
        Validity
            Not Before: Jan  2 15:50:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca08358cf535d6b3380203c0fdf1c99b51c86c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:69:e3:4d:32:3a:53:10:57:6e:6c:39:f6:85:
                    22:59:9e:50:73:e4:4e:13:1c:c4:65:4f:88:74:89:
                    f3:97:b2:9e:cd:87:61:2d:dc:76:22:16:c3:41:71:
                    c1:5e:dc:5a:7a:7e:9d:d0:30:d6:e4:f9:c8:49:18:
                    6d:33:f0:f8:10:84:c3:3d:9e:20:fb:d4:e3:57:cf:
                    d9:0d:8c:df:38:8d:e6:48:01:8a:c9:db:95:e0:53:
                    17:53:e8:9b:ff:76:29:00:a5:74:37:20:ec:2a:c1:
                    48:a5:2c:a1:34:e5:37:df:b9:d6:56:e5:3c:f3:a8:
                    71:32:ed:35:ef:04:77:7c:36:e0:63:b8:23:6c:71:
                    17:2a:e2:d5:46:78:a2:c2:ea:fa:1a:23:75:df:bb:
                    81:71:62:56:ae:24:60:48:0c:fe:8b:20:3f:4e:b9:
                    0d:c0:73:94:fb:f6:c1:cb:66:8c:98:5e:35:8f:2d:
                    56:8b:97:85:07:cf:02:e1:b6:52:c2:d2:09:95:32:
                    e5:54:91:8e:5b:18:75:18:89:c4:fa:94:39:85:49:
                    85:d1:aa:65:51:61:5d:8d:c6:04:38:1a:3f:d2:91:
                    88:59:41:cd:a2:06:1c:3c:85:f6:a3:c6:28:cb:4c:
                    73:ac:c5:01:4c:b9:c6:1d:ef:df:f4:0b:8f:8d:39:
                    3d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:08:35:8C:F5:35:D6:B3:38:02:03:C0:FD:F1:C9:9B:51:C8:6C:30
            X509v3 Authority Key Identifier:
                keyid:B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/ygg1jPU11rM4AgPA_fHJm1HIbDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:ad:5e:3d:7a:6f:7c:7d:63:5e:d7:65:88:96:ce:53:45:53:
         4e:22:6f:3b:28:3c:20:16:6d:08:99:58:3b:7c:fb:3c:88:08:
         e9:7e:12:62:98:57:f5:2a:c7:ec:cc:3c:f6:0a:49:58:ce:c4:
         ce:2d:34:8b:a3:46:a1:f0:e5:bb:b0:2d:84:22:cf:ae:ab:7b:
         9e:e1:7d:36:70:67:20:07:46:8e:2c:f7:b8:9d:77:95:0b:3c:
         3d:a1:d3:7c:59:f1:91:9e:16:25:22:b7:e8:ad:4d:4c:ff:e5:
         a7:dc:e0:46:5b:be:9a:87:9d:86:42:b9:32:7d:ea:ae:f4:36:
         03:da:92:a0:10:a6:cc:62:1d:9c:dd:f8:20:3e:cf:31:48:1c:
         bd:e8:4a:ea:23:65:3d:fb:1b:1c:8c:c8:80:e7:6e:52:7e:e6:
         69:74:28:67:ad:2d:eb:65:54:fd:72:48:6b:d5:86:a3:fa:2d:
         48:59:46:7e:d2:43:0e:ff:b1:b7:d6:74:3b:8b:f2:8c:96:1e:
         e9:75:c8:93:ff:de:f3:2c:c4:ed:68:4f:db:ad:0f:36:fd:5d:
         74:52:8e:91:56:91:73:a4:0d:1e:e7:56:35:72:f1:a5:33:08:
         4f:c5:48:8f:ef:c1:a8:3d:bb:c3:b1:7a:de:95:33:f9:eb:cb:
         e4:af:c6:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntgwRLNJaoXJBTlStRPcHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMWEzZjRhZjk0YTU4MGViOWU3YjU4NTQyYTAwODRiMjFj
MmIwOWIwHhcNMjUwMTAyMTU1MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA4MzU4Y2Y1MzVkNmIzMzgwMjAzYzBmZGYxYzk5YjUxYzg2YzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmnjTTI6UxBXbmw59oUiWZ5Qc+RO
ExzEZU+IdInzl7KezYdhLdx2IhbDQXHBXtxaen6d0DDW5PnISRhtM/D4EITDPZ4g
+9TjV8/ZDYzfOI3mSAGKyduV4FMXU+ib/3YpAKV0NyDsKsFIpSyhNOU337nWVuU8
86hxMu017wR3fDbgY7gjbHEXKuLVRniiwur6GiN137uBcWJWriRgSAz+iyA/TrkN
wHOU+/bBy2aMmF41jy1Wi5eFB88C4bZSwtIJlTLlVJGOWxh1GInE+pQ5hUmF0apl
UWFdjcYEOBo/0pGIWUHNogYcPIX2o8Yoy0xzrMUBTLnGHe/f9AuPjTk9eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoINYz1NdazOAIDwP3xyZtRyGwwMB8GA1UdIwQY
MBaAFLIaP0r5SlgOuee1hUKgCEshwrCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYt
NTEyOTE3MmI2OTY2LzEveWdnMWpQVTExck00QWdQQV9mSEptMUhJYkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYtNTEyOTE3MmI2OTY2
LzEvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZYpMA0G
CSqGSIb3DQEBCwUAA4IBAQAQrV49em98fWNe12WIls5TRVNOIm87KDwgFm0ImVg7
fPs8iAjpfhJimFf1KsfszDz2CklYzsTOLTSLo0ah8OW7sC2EIs+uq3ue4X02cGcg
B0aOLPe4nXeVCzw9odN8WfGRnhYlIrforU1M/+Wn3OBGW76ah52GQrkyfequ9DYD
2pKgEKbMYh2c3fggPs8xSBy96ErqI2U9+xscjMiA525SfuZpdChnrS3rZVT9ckhr
1Yaj+i1IWUZ+0kMO/7G31nQ7i/KMlh7pdciT/97zLMTtaE/brQ82/V10Uo6RVpFz
pA0e51Y1cvGlMwhPxUiP78GoPbvDsXrelTP568vkr8Zs
-----END CERTIFICATE-----