Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/qJhhzL7F6tP0IOdCRYaEcJ1LExI.roa
File:                     qJhhzL7F6tP0IOdCRYaEcJ1LExI.roa (raw, json)
Hash identifier:          wvYdnMIQDAmEuP1WYNTxnZKcDuwIfdrLjddHDBcOisA=
Subject key identifier:   A8:98:61:CC:BE:C5:EA:D3:F4:20:E7:42:45:86:84:70:9D:4B:13:12
Certificate issuer:       /CN=87be093097097c4457ff5aa3e5893c8c15432612
Certificate serial:       01934B2EAC16EFB86A93AF48E47BBDF49FF7
Authority key identifier: 87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/qJhhzL7F6tP0IOdCRYaEcJ1LExI.roa
Signing time:             Wed 20 Nov 2024 20:06:10 +0000
ROA not before:           Wed 20 Nov 2024 20:06:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     931
IP address blocks:        89.35.48.0/24 maxlen: 24
                          89.37.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4b:2e:ac:16:ef:b8:6a:93:af:48:e4:7b:bd:f4:9f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87be093097097c4457ff5aa3e5893c8c15432612
        Validity
            Not Before: Nov 20 20:06:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a89861ccbec5ead3f420e742458684709d4b1312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f3:6c:5a:bc:88:68:8d:1d:14:7d:73:37:41:
                    aa:21:cd:be:3b:fb:d8:9d:43:57:d4:f8:3e:65:60:
                    f4:16:55:f2:e3:ed:9f:6b:7b:e0:1c:92:ae:08:45:
                    2b:38:c8:82:df:f6:9f:99:74:71:0e:9a:04:74:97:
                    97:c2:7c:cc:50:27:94:a0:c5:9a:16:c4:33:d1:71:
                    7b:db:22:a5:6c:6b:32:b6:2a:77:d6:b0:60:ba:85:
                    ee:e2:92:4b:20:11:05:b3:9f:fc:25:ea:e5:88:b4:
                    18:c4:24:78:9c:4e:bb:11:49:4e:fa:37:65:44:30:
                    ac:53:7f:38:50:90:e9:16:2a:c4:cd:63:63:0e:41:
                    69:e7:2b:a5:6b:a1:e3:29:9a:f3:c4:cd:7e:e7:0c:
                    48:99:e4:e1:de:0f:88:5b:15:bf:57:12:a8:bb:0b:
                    00:e5:f8:5b:bb:c2:50:64:03:f3:5c:4c:b3:dc:db:
                    7f:7d:c9:09:83:32:1e:29:8e:d0:c4:68:d0:87:60:
                    70:f2:7c:74:8e:df:68:2e:14:a5:25:f6:c3:39:6d:
                    61:d1:20:6e:18:b0:5d:70:ba:4e:6b:e9:7a:09:c9:
                    18:9d:7a:1e:24:0d:9e:4f:5d:73:31:44:14:b0:e4:
                    49:a4:0a:bc:46:1b:91:cd:95:26:4d:47:a1:70:9a:
                    aa:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:98:61:CC:BE:C5:EA:D3:F4:20:E7:42:45:86:84:70:9D:4B:13:12
            X509v3 Authority Key Identifier:
                keyid:87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/qJhhzL7F6tP0IOdCRYaEcJ1LExI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.48.0/24
                  89.37.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:1a:3c:17:bd:81:45:70:f0:5a:53:c7:54:b1:6c:c0:2e:01:
         1f:ec:15:be:9c:3e:2c:99:a5:03:53:62:7e:35:94:b8:19:c9:
         bd:37:97:5e:d1:2b:a3:8c:90:94:4f:d3:55:b3:d0:cd:a0:e8:
         68:8b:89:09:95:57:ee:94:a3:82:b2:34:91:f5:af:9c:98:d7:
         54:fd:21:52:c6:a9:de:2f:b3:9f:3e:ea:ce:c6:e5:b4:f7:b9:
         5f:6c:e7:9c:83:c7:b5:29:8a:c7:1a:e3:f0:c7:d3:06:bd:26:
         4b:e0:4b:7e:4c:6c:11:fa:94:cb:2f:0e:a1:9e:b5:14:89:3c:
         08:43:1f:3a:08:0e:50:38:a5:f4:81:07:4d:62:05:b4:75:ce:
         9a:50:1f:f4:8f:6c:1f:dd:35:5f:c7:3c:51:8b:99:c1:3b:27:
         17:d8:1e:3d:ff:7b:d4:75:74:a5:22:60:ce:c3:f6:c0:e5:75:
         08:75:b9:3f:67:4e:a9:a1:f5:36:cd:ac:e5:5f:8b:f6:5c:ca:
         9d:46:5f:27:81:61:cc:3b:6a:34:07:f1:43:bb:bd:ad:ba:ed:
         66:a4:37:f9:a5:1d:ac:a8:69:55:ec:fc:49:99:d3:a6:92:c7:
         cb:50:d7:9a:4e:46:d1:fd:c9:09:69:71:14:6d:a6:f5:27:ff:
         b0:4a:d7:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNLLqwW77hqk69I5Hu99J/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YmUwOTMwOTcwOTdjNDQ1N2ZmNWFhM2U1ODkzYzhjMTU0
MzI2MTIwHhcNMjQxMTIwMjAwNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODk4NjFjY2JlYzVlYWQzZjQyMGU3NDI0NTg2ODQ3MDlkNGIxMzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvNsWryIaI0dFH1zN0GqIc2+O/vY
nUNX1Pg+ZWD0FlXy4+2fa3vgHJKuCEUrOMiC3/afmXRxDpoEdJeXwnzMUCeUoMWa
FsQz0XF72yKlbGsytip31rBguoXu4pJLIBEFs5/8JerliLQYxCR4nE67EUlO+jdl
RDCsU384UJDpFirEzWNjDkFp5yula6HjKZrzxM1+5wxImeTh3g+IWxW/VxKouwsA
5fhbu8JQZAPzXEyz3Nt/fckJgzIeKY7QxGjQh2Bw8nx0jt9oLhSlJfbDOW1h0SBu
GLBdcLpOa+l6CckYnXoeJA2eT11zMUQUsORJpAq8RhuRzZUmTUehcJqq3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKiYYcy+xerT9CDnQkWGhHCdSxMSMB8GA1UdIwQY
MBaAFIe+CTCXCXxEV/9ao+WJPIwVQyYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMt
MmNkZTY1ZjMxMTJhLzEvcUpoaHpMN0Y2dFAwSU9kQ1JZYUVjSjFMRXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMtMmNkZTY1ZjMxMTJh
LzEvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSMwAwQA
WSVjMA0GCSqGSIb3DQEBCwUAA4IBAQBkGjwXvYFFcPBaU8dUsWzALgEf7BW+nD4s
maUDU2J+NZS4Gcm9N5de0SujjJCUT9NVs9DNoOhoi4kJlVfulKOCsjSR9a+cmNdU
/SFSxqneL7OfPurOxuW097lfbOecg8e1KYrHGuPwx9MGvSZL4Et+TGwR+pTLLw6h
nrUUiTwIQx86CA5QOKX0gQdNYgW0dc6aUB/0j2wf3TVfxzxRi5nBOycX2B49/3vU
dXSlImDOw/bA5XUIdbk/Z06pofU2zazlX4v2XMqdRl8ngWHMO2o0B/FDu72tuu1m
pDf5pR2sqGlV7PxJmdOmksfLUNeaTkbR/ckJaXEUbab1J/+wStdh
-----END CERTIFICATE-----