Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/n0aetbv1kdrTGLwx_MOdeRwsltg.roa
File:                     n0aetbv1kdrTGLwx_MOdeRwsltg.roa (raw, json)
Hash identifier:          83SMmnuOZ/9x2wOey39f5QXGhDuZJTHXwPmcJrqnbp4=
Subject key identifier:   9F:46:9E:B5:BB:F5:91:DA:D3:18:BC:31:FC:C3:9D:79:1C:2C:96:D8
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       019426D9C1E72F67305A6781EAB4702BE111
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/n0aetbv1kdrTGLwx_MOdeRwsltg.roa
Signing time:             Thu 02 Jan 2025 11:49:52 +0000
ROA not before:           Thu 02 Jan 2025 11:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        94.137.76.0/24 maxlen: 24
                          94.137.92.0/24 maxlen: 24
                          94.137.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c1:e7:2f:67:30:5a:67:81:ea:b4:70:2b:e1:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  2 11:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f469eb5bbf591dad318bc31fcc39d791c2c96d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ef:c9:fd:c0:71:aa:87:aa:37:90:8a:a7:c2:
                    9a:d0:d2:5b:7c:60:bc:2e:60:80:83:3a:4d:15:91:
                    86:92:65:fd:28:0e:74:af:1a:1d:86:ec:0c:4f:5b:
                    00:15:54:2e:8b:69:62:05:f6:99:31:7b:91:93:9e:
                    f9:7d:7a:89:04:61:26:5c:9d:de:4b:8b:68:ed:51:
                    d0:e1:4c:d2:ff:70:e4:38:55:20:82:d4:06:72:5e:
                    9d:44:b5:3b:7c:dc:0d:ea:91:88:f5:87:61:af:b0:
                    d7:54:dd:82:af:d8:ef:eb:6d:9e:cf:06:76:b6:cd:
                    83:73:30:59:b5:f7:67:0e:73:4f:d2:da:e5:b0:80:
                    f9:9e:76:b2:e4:cb:e3:38:03:17:cc:31:82:fe:89:
                    9f:d0:c9:14:c4:0e:e9:ec:12:b0:fb:78:f1:5b:50:
                    83:c1:6c:8a:60:ab:9c:7d:d9:52:cc:f3:c0:a2:44:
                    24:4f:e8:02:1f:66:9d:59:ad:70:f2:2f:8e:e7:1f:
                    80:2c:f6:86:4f:87:e0:a9:b5:35:a6:b8:48:74:36:
                    87:d8:7d:c9:19:63:5e:7a:0d:ee:15:6d:61:5e:b4:
                    73:18:ba:04:30:c5:a6:79:dd:0b:e0:69:ee:4b:2c:
                    0b:6c:4b:e0:88:62:1c:9c:5a:e5:02:50:9f:5d:22:
                    bd:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:46:9E:B5:BB:F5:91:DA:D3:18:BC:31:FC:C3:9D:79:1C:2C:96:D8
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/n0aetbv1kdrTGLwx_MOdeRwsltg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.76.0/24
                  94.137.92.0/24
                  94.137.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:61:ee:06:c7:a7:1d:bd:c9:c9:67:04:f3:5e:a7:16:26:3f:
         28:e2:66:72:94:a8:93:88:e8:e6:6b:27:86:29:ea:47:72:21:
         8d:1e:de:37:2d:5d:5f:cf:b0:58:86:47:f6:d6:11:6c:b0:bd:
         79:0a:1b:92:b4:b7:12:6f:6a:13:8a:fa:d6:c3:a7:48:d8:05:
         47:94:69:c9:78:1f:8c:25:c8:c2:76:77:1b:36:07:b8:c1:14:
         3d:bc:48:dc:5a:d1:65:c2:6a:95:0a:c3:66:ee:af:ea:fc:bc:
         8f:c8:c5:15:0a:73:ac:27:b1:26:f8:c6:70:46:be:53:2a:c6:
         84:c9:f1:6b:3a:3f:a0:d4:5b:29:99:1a:78:b5:e8:8e:24:68:
         cb:8a:67:a1:e0:e1:f8:88:7e:ac:5b:7e:e5:5c:6e:75:d9:61:
         28:40:b0:1d:ff:6f:98:13:20:82:1f:00:a6:ea:6b:77:e0:51:
         88:33:65:41:eb:89:aa:83:63:f4:6c:bf:11:8a:6d:6c:10:21:
         76:a5:55:61:45:f3:49:ff:5a:56:94:ad:67:70:d7:39:9b:49:
         e2:66:fb:e8:2c:a4:6e:90:70:dc:f7:c2:f5:c8:46:4d:66:a6:
         20:8f:41:77:8c:e5:0b:da:c9:d1:5e:73:00:8d:58:a3:f0:5d:
         c1:20:b6:48
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2cHnL2cwWmeB6rRwK+ERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjUwMTAyMTE0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQ2OWViNWJiZjU5MWRhZDMxOGJjMzFmY2MzOWQ3OTFjMmM5NmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO/J/cBxqoeqN5CKp8Ka0NJbfGC8
LmCAgzpNFZGGkmX9KA50rxodhuwMT1sAFVQui2liBfaZMXuRk575fXqJBGEmXJ3e
S4to7VHQ4UzS/3DkOFUggtQGcl6dRLU7fNwN6pGI9Ydhr7DXVN2Cr9jv622ezwZ2
ts2DczBZtfdnDnNP0trlsID5nnay5MvjOAMXzDGC/omf0MkUxA7p7BKw+3jxW1CD
wWyKYKucfdlSzPPAokQkT+gCH2adWa1w8i+O5x+ALPaGT4fgqbU1prhIdDaH2H3J
GWNeeg3uFW1hXrRzGLoEMMWmed0L4GnuSywLbEvgiGIcnFrlAlCfXSK95wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ9GnrW79ZHa0xi8MfzDnXkcLJbYMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvbjBhZXRidjFrZHJUR0x3eF9NT2RlUndzbHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXolMAwQA
XolcAwQAXoleMA0GCSqGSIb3DQEBCwUAA4IBAQBvYe4Gx6cdvcnJZwTzXqcWJj8o
4mZylKiTiOjmayeGKepHciGNHt43LV1fz7BYhkf21hFssL15ChuStLcSb2oTivrW
w6dI2AVHlGnJeB+MJcjCdncbNge4wRQ9vEjcWtFlwmqVCsNm7q/q/LyPyMUVCnOs
J7Em+MZwRr5TKsaEyfFrOj+g1FspmRp4teiOJGjLimeh4OH4iH6sW37lXG512WEo
QLAd/2+YEyCCHwCm6mt34FGIM2VB64mqg2P0bL8Rim1sECF2pVVhRfNJ/1pWlK1n
cNc5m0niZvvoLKRukHDc98L1yEZNZqYgj0F3jOUL2snRXnMAjVij8F3BILZI
-----END CERTIFICATE-----