Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tLlGubJJap72E2l8gRh9Uuu4S8A.roa
File:                     tLlGubJJap72E2l8gRh9Uuu4S8A.roa (raw, json)
Hash identifier:          jBh5pu7FnbvAeJHH3DMpIfaMMsMyb9LyPf0qd9sE/90=
Subject key identifier:   B4:B9:46:B9:B2:49:6A:9E:F6:13:69:7C:81:18:7D:52:EB:B8:4B:C0
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       01942827A00701B6A7BA155CF69EF33AB384
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tLlGubJJap72E2l8gRh9Uuu4S8A.roa
Signing time:             Thu 02 Jan 2025 17:54:33 +0000
ROA not before:           Thu 02 Jan 2025 17:54:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204489
IP address blocks:        152.89.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:a0:07:01:b6:a7:ba:15:5c:f6:9e:f3:3a:b3:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  2 17:54:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4b946b9b2496a9ef613697c81187d52ebb84bc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a2:6e:df:2b:67:ad:4d:7b:7b:eb:7a:26:5b:
                    17:18:45:1e:d5:31:c7:b2:64:44:f8:c2:4c:b0:f7:
                    fb:fa:cb:ca:13:4b:04:16:7f:f3:60:ed:88:d2:73:
                    52:99:f7:52:a9:13:e0:7b:b7:4c:99:b2:61:a3:83:
                    5a:91:78:40:b8:16:55:34:fe:41:2c:af:a8:7d:93:
                    d2:e7:46:69:41:c0:4c:da:9e:73:a3:5a:8a:19:68:
                    bb:c2:9f:d2:6a:aa:3f:45:bc:35:88:68:ef:ca:25:
                    6a:6d:96:05:9d:34:29:5b:ba:ae:2f:b8:bc:49:6e:
                    f2:a5:07:d9:ce:19:80:7b:b1:d4:a1:4b:a5:63:43:
                    42:17:5c:d9:c2:ac:9c:92:06:40:cd:22:61:5a:fc:
                    78:f2:b9:a9:e9:c3:77:0b:c7:8d:61:61:68:31:8c:
                    10:fd:8d:c2:83:cb:af:69:11:4e:6d:68:32:e7:6d:
                    23:ea:44:25:5f:e5:e9:69:4a:35:81:99:d1:9a:a1:
                    eb:d8:d1:ad:dc:96:a7:f6:15:e0:e9:cc:e4:f4:af:
                    26:43:88:24:b9:46:1a:f3:c0:93:9e:cd:82:02:c8:
                    38:fd:8c:57:f1:97:83:af:c4:cd:2e:7a:39:f8:07:
                    e5:e5:37:05:65:2c:a8:dc:dc:b4:2b:67:ea:9f:cf:
                    67:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B9:46:B9:B2:49:6A:9E:F6:13:69:7C:81:18:7D:52:EB:B8:4B:C0
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tLlGubJJap72E2l8gRh9Uuu4S8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:01:d8:d4:d5:73:47:37:00:f0:6f:57:89:c9:ed:b8:e2:75:
         40:a8:28:ad:bb:ac:00:e5:7b:1c:a8:db:ba:1b:c0:00:ad:31:
         11:5c:4f:8d:be:87:11:ba:07:4b:b0:ad:2f:f7:72:30:e4:9d:
         4c:8f:7c:7a:04:5f:96:45:15:31:c9:f7:14:a4:63:e0:e6:8a:
         1b:f3:f6:d5:ee:6a:39:1d:54:f1:34:c8:82:e6:4f:54:e1:43:
         b8:3c:f2:09:8a:bf:ab:97:51:cc:13:de:b7:c0:18:93:3c:c5:
         ee:72:22:9d:86:47:a2:f5:c2:98:c5:be:2f:aa:d8:17:c9:80:
         11:e6:6b:4c:b2:fe:74:88:46:8f:cf:38:ce:19:9e:a6:78:90:
         db:3d:d3:f9:90:2e:71:c2:50:06:c5:f4:21:0d:4c:a3:ea:e5:
         02:dc:f7:65:33:8b:ca:f9:64:50:03:63:22:b4:93:71:97:a4:
         cc:56:73:14:42:0a:f2:65:38:19:07:55:6e:c7:c8:68:a1:62:
         d4:03:9d:2b:12:4f:2d:73:ba:5c:9a:96:26:85:39:f1:cb:a3:
         1a:7f:fd:fb:29:a0:92:70:b0:49:8b:5d:ca:89:c5:5f:a1:a6:
         ea:02:40:e9:55:ea:37:4c:31:d9:7a:4f:cd:e0:1a:5d:3a:2c:
         d2:79:87:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ6AHAbanuhVc9p7zOrOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjUwMTAyMTc1NDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGI5NDZiOWIyNDk2YTllZjYxMzY5N2M4MTE4N2Q1MmViYjg0YmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6Ju3ytnrU17e+t6JlsXGEUe1THH
smRE+MJMsPf7+svKE0sEFn/zYO2I0nNSmfdSqRPge7dMmbJho4NakXhAuBZVNP5B
LK+ofZPS50ZpQcBM2p5zo1qKGWi7wp/Saqo/Rbw1iGjvyiVqbZYFnTQpW7quL7i8
SW7ypQfZzhmAe7HUoUulY0NCF1zZwqyckgZAzSJhWvx48rmp6cN3C8eNYWFoMYwQ
/Y3Cg8uvaRFObWgy520j6kQlX+XpaUo1gZnRmqHr2NGt3Jan9hXg6czk9K8mQ4gk
uUYa88CTns2CAsg4/YxX8ZeDr8TNLno5+Afl5TcFZSyo3Ny0K2fqn89nFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLS5RrmySWqe9hNpfIEYfVLruEvAMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvdExsR3ViSkphcDcyRTJsOGdSaDlVdXU0UzhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFmEMA0G
CSqGSIb3DQEBCwUAA4IBAQB/AdjU1XNHNwDwb1eJye244nVAqCitu6wA5XscqNu6
G8AArTERXE+NvocRugdLsK0v93Iw5J1Mj3x6BF+WRRUxyfcUpGPg5oob8/bV7mo5
HVTxNMiC5k9U4UO4PPIJir+rl1HME963wBiTPMXuciKdhkei9cKYxb4vqtgXyYAR
5mtMsv50iEaPzzjOGZ6meJDbPdP5kC5xwlAGxfQhDUyj6uUC3PdlM4vK+WRQA2Mi
tJNxl6TMVnMUQgryZTgZB1Vux8hooWLUA50rEk8tc7pcmpYmhTnxy6Maf/37KaCS
cLBJi13KicVfoabqAkDpVeo3TDHZek/N4BpdOizSeYd3
-----END CERTIFICATE-----