Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Q-Y39dOB56LoXIQMW0-RUkOaI1c.roa
File:                     Q-Y39dOB56LoXIQMW0-RUkOaI1c.roa (raw, json)
Hash identifier:          P3Z66HYPNmbODrPpGG4+HP1HASU63EbX0WnxO/UQmCs=
Subject key identifier:   43:E6:37:F5:D3:81:E7:A2:E8:5C:84:0C:5B:4F:91:52:43:9A:23:57
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0195C8201E5C1480DEAABF8C9BD9B11B40C0
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Q-Y39dOB56LoXIQMW0-RUkOaI1c.roa
Signing time:             Mon 24 Mar 2025 12:28:22 +0000
ROA not before:           Mon 24 Mar 2025 12:28:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206005
IP address blocks:        89.40.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c8:20:1e:5c:14:80:de:aa:bf:8c:9b:d9:b1:1b:40:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Mar 24 12:28:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43e637f5d381e7a2e85c840c5b4f9152439a2357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3f:c7:d1:f7:fd:c4:d7:5e:20:1e:4c:34:27:
                    4d:18:bd:84:8a:69:dd:02:56:74:e6:0d:a3:6d:31:
                    67:2a:01:1f:af:ee:2e:11:61:7c:58:69:1c:da:af:
                    71:fa:89:ff:42:54:be:b1:e2:53:da:5a:89:a5:52:
                    75:4a:62:cf:c7:65:d4:ab:ca:6c:c8:fd:f3:31:e3:
                    55:74:8a:c8:02:0f:07:07:e5:c0:73:9a:e6:7c:b0:
                    04:76:62:be:bd:d5:ef:a6:7c:53:01:39:df:39:7d:
                    fb:d4:13:11:f4:6f:38:92:88:30:39:05:d2:9b:90:
                    30:1c:7e:fd:9a:0c:35:ff:7b:e8:02:bc:c0:2c:ca:
                    c6:50:ec:11:43:14:17:dd:34:06:0f:5d:3b:84:71:
                    c7:ca:f5:82:28:47:e5:d3:8e:26:27:04:38:03:a9:
                    60:5b:e8:c5:ff:52:0a:0d:f1:8e:29:fd:db:8d:84:
                    a3:4b:6b:bf:ad:66:1d:ff:4d:be:f1:b7:ab:31:fb:
                    bf:82:c2:07:86:53:28:66:14:cb:59:a5:5a:6f:68:
                    5c:96:a2:1a:3a:f5:60:35:6d:fa:d1:69:a1:50:2f:
                    9d:92:69:26:b0:6b:6d:d2:1e:49:7f:36:0f:10:e6:
                    35:0a:4b:67:9b:d6:f4:8b:ae:b7:39:1e:ae:19:a5:
                    16:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E6:37:F5:D3:81:E7:A2:E8:5C:84:0C:5B:4F:91:52:43:9A:23:57
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Q-Y39dOB56LoXIQMW0-RUkOaI1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:21:93:40:2a:3c:55:0a:83:4a:fe:dc:bf:ce:98:97:7f:ad:
         6e:50:49:60:71:05:ab:ac:68:7b:40:7a:dc:01:cc:b6:9f:c6:
         d0:7c:35:c9:20:0d:2a:43:4c:7d:e6:88:14:00:2a:3f:df:5a:
         62:96:12:b8:26:4d:ac:64:e8:58:aa:5e:e2:01:63:7f:7a:a5:
         cd:88:db:47:af:05:11:20:f8:c5:16:52:8c:c0:2f:d3:6e:a7:
         22:c2:54:0e:c5:9e:c7:75:6f:84:e8:bc:5b:ec:0c:be:cb:e2:
         0f:60:fb:de:66:fd:78:fd:57:83:f3:4d:8a:bc:b9:fb:b9:3f:
         37:85:83:7a:9d:07:4c:81:b8:b4:82:87:85:76:0f:22:e4:48:
         4d:cb:ed:ad:80:a4:08:18:cd:fc:d4:1d:39:6e:fa:fa:59:a3:
         71:61:8b:ee:71:b0:95:1a:c6:dc:d7:a7:ea:c4:be:83:3d:1d:
         a0:d7:fa:5b:20:da:42:51:1f:0b:70:bf:da:23:14:69:53:3a:
         0f:7e:66:66:19:3e:6d:a9:9f:ab:b1:41:52:c9:43:bd:ef:ea:
         09:93:39:cc:7f:bf:08:78:f2:8b:cd:fa:0b:84:fd:82:14:eb:
         95:56:7e:4f:08:cd:eb:38:d7:e6:14:e2:51:d5:80:a0:ea:da:
         ad:c8:76:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXIIB5cFIDeqr+Mm9mxG0DAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMzI0MTIyODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U2MzdmNWQzODFlN2EyZTg1Yzg0MGM1YjRmOTE1MjQzOWEyMzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvD/H0ff9xNdeIB5MNCdNGL2Eimnd
AlZ05g2jbTFnKgEfr+4uEWF8WGkc2q9x+on/QlS+seJT2lqJpVJ1SmLPx2XUq8ps
yP3zMeNVdIrIAg8HB+XAc5rmfLAEdmK+vdXvpnxTATnfOX371BMR9G84kogwOQXS
m5AwHH79mgw1/3voArzALMrGUOwRQxQX3TQGD107hHHHyvWCKEfl044mJwQ4A6lg
W+jF/1IKDfGOKf3bjYSjS2u/rWYd/02+8berMfu/gsIHhlMoZhTLWaVab2hclqIa
OvVgNW360WmhUC+dkmkmsGtt0h5JfzYPEOY1Cktnm9b0i663OR6uGaUWhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPmN/XTgeei6FyEDFtPkVJDmiNXMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUS1ZMzlkT0I1NkxvWElRTVcwLVJVa09hSTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSgjMA0G
CSqGSIb3DQEBCwUAA4IBAQA7IZNAKjxVCoNK/ty/zpiXf61uUElgcQWrrGh7QHrc
Acy2n8bQfDXJIA0qQ0x95ogUACo/31pilhK4Jk2sZOhYql7iAWN/eqXNiNtHrwUR
IPjFFlKMwC/TbqciwlQOxZ7HdW+E6Lxb7Ay+y+IPYPveZv14/VeD802KvLn7uT83
hYN6nQdMgbi0goeFdg8i5EhNy+2tgKQIGM381B05bvr6WaNxYYvucbCVGsbc16fq
xL6DPR2g1/pbINpCUR8LcL/aIxRpUzoPfmZmGT5tqZ+rsUFSyUO97+oJkznMf78I
ePKLzfoLhP2CFOuVVn5PCM3rONfmFOJR1YCg6tqtyHbU
-----END CERTIFICATE-----