Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/htWv83j5mtpGTlM4Lw1xIRvmIbk.roa
File:                     htWv83j5mtpGTlM4Lw1xIRvmIbk.roa (raw, json)
Hash identifier:          cnK1fN2lnd7WvHE3Ad4lixpuor2/4VBvsHu1sSW/tYg=
Subject key identifier:   86:D5:AF:F3:78:F9:9A:DA:46:4E:53:38:2F:0D:71:21:1B:E6:21:B9
Certificate issuer:       /CN=a8d52cc870606a3f3f32c0fff97cf6931fa65ca3
Certificate serial:       0194266B4E5721F94F442C5384ACDE8BA586
Authority key identifier: A8:D5:2C:C8:70:60:6A:3F:3F:32:C0:FF:F9:7C:F6:93:1F:A6:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/htWv83j5mtpGTlM4Lw1xIRvmIbk.roa
Signing time:             Thu 02 Jan 2025 09:49:14 +0000
ROA not before:           Thu 02 Jan 2025 09:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210644
IP address blocks:        89.22.224.0/21 maxlen: 21
                          89.22.232.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:4e:57:21:f9:4f:44:2c:53:84:ac:de:8b:a5:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8d52cc870606a3f3f32c0fff97cf6931fa65ca3
        Validity
            Not Before: Jan  2 09:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86d5aff378f99ada464e53382f0d71211be621b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e0:32:60:e9:c2:e6:3c:81:2f:1a:b0:da:75:
                    30:f2:2d:59:2f:34:45:14:62:6b:fd:ac:65:86:ae:
                    9c:ea:e9:72:90:86:37:c4:25:4b:f6:05:da:8f:26:
                    4c:e4:94:b2:49:87:fa:ea:83:ec:8f:69:eb:36:ff:
                    35:2e:3d:e5:6b:72:98:a4:9d:39:d1:ee:4a:c2:b8:
                    d9:01:65:a6:ab:97:f4:e7:15:05:dd:e7:35:7e:81:
                    10:a7:e4:c1:67:b9:b8:a3:82:94:4c:03:9c:f9:f7:
                    24:58:c6:a3:03:91:8c:2b:95:68:1a:17:6f:7b:7a:
                    f0:c4:a5:63:a9:1c:0b:fa:b8:bc:a2:ee:29:39:1a:
                    da:1c:55:d3:93:65:7a:ab:6b:da:a2:43:96:33:ba:
                    9a:4c:31:69:47:eb:23:6a:e7:dc:8c:41:ab:ce:ca:
                    e7:e1:fd:36:9f:bb:44:c4:68:87:cd:fc:80:89:43:
                    e1:67:5f:68:f2:cb:f5:25:74:f1:91:39:1e:18:bd:
                    f6:a1:b8:77:16:6f:98:9c:e3:3c:cd:3d:34:26:b4:
                    40:ba:be:d9:49:32:e4:cb:2d:c8:7b:39:d4:05:26:
                    4e:a4:87:0b:81:b2:eb:3a:a3:43:a2:c2:db:02:aa:
                    01:43:cc:86:58:f5:20:f1:ea:b2:60:9a:86:33:1f:
                    a5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D5:AF:F3:78:F9:9A:DA:46:4E:53:38:2F:0D:71:21:1B:E6:21:B9
            X509v3 Authority Key Identifier:
                keyid:A8:D5:2C:C8:70:60:6A:3F:3F:32:C0:FF:F9:7C:F6:93:1F:A6:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/htWv83j5mtpGTlM4Lw1xIRvmIbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.22.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ab:04:36:bd:76:44:05:5c:45:27:83:0d:ec:9e:9f:45:1c:1c:
         16:35:ad:b5:90:e3:19:ce:11:98:47:d4:b5:05:63:a7:cf:6a:
         0e:21:40:56:3f:32:02:89:b1:56:a9:20:02:41:6d:19:39:6b:
         40:68:26:21:7f:18:91:e0:a1:6a:96:44:8d:aa:33:e9:32:e1:
         ab:4e:d3:99:86:44:7a:7a:b6:f1:81:fb:8b:d7:47:6f:83:c9:
         65:3a:b1:3f:8d:1b:00:5d:c9:f1:58:ed:51:98:08:dd:9d:ec:
         65:ed:c5:98:9b:48:8c:0f:e0:64:58:7f:0d:97:c6:60:ab:10:
         54:a8:82:86:57:5c:fc:79:e7:c6:a7:36:d0:77:4a:b4:bd:a5:
         30:ad:73:af:80:20:12:2f:c4:a3:5b:97:25:a1:bf:4f:a9:e8:
         97:36:b2:f4:39:b4:d4:59:3e:24:d5:13:7e:49:0f:1c:1d:8c:
         c3:1b:5e:70:df:0c:64:97:d4:0f:8f:37:90:bb:0f:03:fe:e7:
         dd:35:27:8c:69:0f:d8:9c:fc:d7:b3:2b:31:1e:ce:75:2a:db:
         7b:15:4d:50:b0:33:f1:70:58:f8:51:a3:2b:a0:90:38:4a:83:
         75:d5:fd:be:f2:14:d7:12:20:51:1f:f1:4a:d4:ec:2e:e3:e0:
         61:68:db:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma05XIflPRCxThKzei6WGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZDUyY2M4NzA2MDZhM2YzZjMyYzBmZmY5N2NmNjkzMWZh
NjVjYTMwHhcNMjUwMTAyMDk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQ1YWZmMzc4Zjk5YWRhNDY0ZTUzMzgyZjBkNzEyMTFiZTYyMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOAyYOnC5jyBLxqw2nUw8i1ZLzRF
FGJr/axlhq6c6ulykIY3xCVL9gXajyZM5JSySYf66oPsj2nrNv81Lj3la3KYpJ05
0e5KwrjZAWWmq5f05xUF3ec1foEQp+TBZ7m4o4KUTAOc+fckWMajA5GMK5VoGhdv
e3rwxKVjqRwL+ri8ou4pORraHFXTk2V6q2vaokOWM7qaTDFpR+sjaufcjEGrzsrn
4f02n7tExGiHzfyAiUPhZ19o8sv1JXTxkTkeGL32obh3Fm+YnOM8zT00JrRAur7Z
STLkyy3IeznUBSZOpIcLgbLrOqNDosLbAqoBQ8yGWPUg8eqyYJqGMx+lYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbVr/N4+ZraRk5TOC8NcSEb5iG5MB8GA1UdIwQY
MBaAFKjVLMhwYGo/PzLA//l89pMfplyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU5Vc3lIQmdhajhfTXNEXy1YejJreC1tWEtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mZTEzMWQtYWExMC00YzZiLTgxMjgt
ZjU1YmM4YWYxNTA2LzEvaHRXdjgzajVtdHBHVGxNNEx3MXhJUnZtSWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mZTEzMWQtYWExMC00YzZiLTgxMjgtZjU1YmM4YWYxNTA2
LzEvcU5Vc3lIQmdhajhfTXNEXy1YejJreC1tWEtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWRbgMA0G
CSqGSIb3DQEBCwUAA4IBAQCrBDa9dkQFXEUngw3snp9FHBwWNa21kOMZzhGYR9S1
BWOnz2oOIUBWPzICibFWqSACQW0ZOWtAaCYhfxiR4KFqlkSNqjPpMuGrTtOZhkR6
erbxgfuL10dvg8llOrE/jRsAXcnxWO1RmAjdnexl7cWYm0iMD+BkWH8Nl8ZgqxBU
qIKGV1z8eefGpzbQd0q0vaUwrXOvgCASL8SjW5clob9PqeiXNrL0ObTUWT4k1RN+
SQ8cHYzDG15w3wxkl9QPjzeQuw8D/ufdNSeMaQ/YnPzXsysxHs51Ktt7FU1QsDPx
cFj4UaMroJA4SoN11f2+8hTXEiBRH/FK1Owu4+BhaNuh
-----END CERTIFICATE-----