Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/KSZzqYecmpv6aO1HSwza7iOQ1os.roa
File:                     KSZzqYecmpv6aO1HSwza7iOQ1os.roa (raw, json)
Hash identifier:          nccjz+3gHID+efv98vuj6/lOlFRUhMMGymeEmx7TRc4=
Subject key identifier:   29:26:73:A9:87:9C:9A:9B:FA:68:ED:47:4B:0C:DA:EE:23:90:D6:8B
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0194266BC429EF100D0BAF0E902E73D3C366
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/KSZzqYecmpv6aO1HSwza7iOQ1os.roa
Signing time:             Thu 02 Jan 2025 09:49:44 +0000
ROA not before:           Thu 02 Jan 2025 09:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205733
IP address blocks:        89.21.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c4:29:ef:10:0d:0b:af:0e:90:2e:73:d3:c3:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 09:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=292673a9879c9a9bfa68ed474b0cdaee2390d68b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cd:75:ae:43:41:cc:96:35:8e:0f:03:81:57:
                    09:8c:51:b4:f5:80:70:63:9d:f0:5f:af:13:41:3a:
                    f0:72:43:e4:3f:83:d0:54:52:7e:43:be:46:ca:c7:
                    88:4a:9b:a2:a7:02:0c:c4:a5:93:ef:18:c9:13:de:
                    51:1a:c1:cb:a0:7b:7d:b5:74:87:75:cc:87:48:8d:
                    da:93:89:d8:35:86:57:e6:54:2c:02:c9:49:f6:bc:
                    4f:1f:cb:75:9a:a6:f2:c2:77:cf:fc:26:21:77:76:
                    50:07:67:f6:13:75:19:21:d5:54:6b:5b:22:ae:7a:
                    79:cb:63:7b:e3:3b:bd:f2:b6:5e:0c:d8:cd:19:95:
                    0c:e0:2b:50:6d:30:7b:ec:35:e2:ae:ba:7f:19:47:
                    38:4c:e7:b3:f0:2e:71:42:92:93:0f:99:fb:5c:25:
                    bd:3c:73:90:43:0c:f4:97:bf:85:2e:a3:e5:53:f8:
                    21:41:3c:da:4f:de:c4:50:6b:4d:a2:ce:48:42:fd:
                    39:9d:91:27:42:36:a0:bf:a8:dc:ce:76:39:b2:64:
                    f9:48:c1:03:fb:81:47:1d:2c:bf:f0:b2:d7:35:dd:
                    c4:23:d6:c4:58:22:7c:30:a4:b4:b2:9a:ab:29:17:
                    85:64:ff:53:ce:59:94:14:fc:e6:8f:01:d6:54:49:
                    ed:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:26:73:A9:87:9C:9A:9B:FA:68:ED:47:4B:0C:DA:EE:23:90:D6:8B
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/KSZzqYecmpv6aO1HSwza7iOQ1os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:71:9c:f8:9e:0c:79:af:6c:23:62:8e:10:32:14:cd:4c:69:
         d0:8b:73:e7:66:50:4b:17:09:f1:3e:ca:2f:4f:57:bb:2b:09:
         7f:f1:38:95:ca:91:d2:9c:91:bb:62:c1:29:57:c0:11:21:38:
         f6:28:1e:66:38:b1:36:8e:f9:9e:d7:b2:25:c7:c1:80:ed:f2:
         8a:ff:b4:7a:0b:6a:e6:6b:21:37:da:3c:e0:79:09:06:f1:19:
         63:d9:65:be:e3:e9:02:cc:47:5d:b0:5f:d7:bb:73:10:56:f3:
         37:d7:f7:48:73:3d:18:6c:de:eb:de:91:b8:92:d6:42:c1:33:
         5e:22:64:50:a2:d5:2d:01:2e:92:b0:a4:31:0f:24:a9:b5:f0:
         67:ae:38:14:63:38:af:66:ec:fd:b0:7c:da:52:5c:d6:d6:ca:
         a1:51:ae:51:74:c9:fe:c2:6a:76:a8:20:bf:3f:eb:e4:7b:e8:
         89:81:f8:49:20:2d:66:88:2f:2d:6e:e9:90:9d:c8:13:95:8d:
         fa:40:c3:ed:af:7d:f8:ac:e5:ff:44:64:ba:76:7c:33:6f:07:
         e8:55:43:e9:11:f6:cf:08:bb:18:d7:1d:4d:58:8b:58:96:a5:
         e1:5e:14:c0:71:21:6e:a3:4a:6f:3d:76:0c:5c:45:ee:0c:42:
         6d:a9:89:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8Qp7xANC68OkC5z08NmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTAyMDk0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTI2NzNhOTg3OWM5YTliZmE2OGVkNDc0YjBjZGFlZTIzOTBkNjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM11rkNBzJY1jg8DgVcJjFG09YBw
Y53wX68TQTrwckPkP4PQVFJ+Q75GyseISpuipwIMxKWT7xjJE95RGsHLoHt9tXSH
dcyHSI3ak4nYNYZX5lQsAslJ9rxPH8t1mqbywnfP/CYhd3ZQB2f2E3UZIdVUa1si
rnp5y2N74zu98rZeDNjNGZUM4CtQbTB77DXirrp/GUc4TOez8C5xQpKTD5n7XCW9
PHOQQwz0l7+FLqPlU/ghQTzaT97EUGtNos5IQv05nZEnQjagv6jcznY5smT5SMED
+4FHHSy/8LLXNd3EI9bEWCJ8MKS0spqrKReFZP9TzlmUFPzmjwHWVEntKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkmc6mHnJqb+mjtR0sM2u4jkNaLMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvS1NaenFZZWNtcHY2YU8xSFN3emE3aU9RMW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRVXMA0G
CSqGSIb3DQEBCwUAA4IBAQBgcZz4ngx5r2wjYo4QMhTNTGnQi3PnZlBLFwnxPsov
T1e7Kwl/8TiVypHSnJG7YsEpV8ARITj2KB5mOLE2jvme17Ilx8GA7fKK/7R6C2rm
ayE32jzgeQkG8Rlj2WW+4+kCzEddsF/Xu3MQVvM31/dIcz0YbN7r3pG4ktZCwTNe
ImRQotUtAS6SsKQxDySptfBnrjgUYzivZuz9sHzaUlzW1sqhUa5RdMn+wmp2qCC/
P+vke+iJgfhJIC1miC8tbumQncgTlY36QMPtr334rOX/RGS6dnwzbwfoVUPpEfbP
CLsY1x1NWItYlqXhXhTAcSFuo0pvPXYMXEXuDEJtqYl6
-----END CERTIFICATE-----