Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/87B1R1Ly07iN_VRjdrgxFYLtl5w.roa
File:                     87B1R1Ly07iN_VRjdrgxFYLtl5w.roa (raw, json)
Hash identifier:          3ih93qEnHHLCi18p/5kWwbmQNsTRHDDhN4fxQjWgGu8=
Subject key identifier:   F3:B0:75:47:52:F2:D3:B8:8D:FD:54:63:76:B8:31:15:82:ED:97:9C
Certificate issuer:       /CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
Certificate serial:       01954B862ED9629089046C12F3A60580B9BD
Authority key identifier: 2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/87B1R1Ly07iN_VRjdrgxFYLtl5w.roa
Signing time:             Fri 28 Feb 2025 07:47:19 +0000
ROA not before:           Fri 28 Feb 2025 07:47:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212128
IP address blocks:        89.19.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4b:86:2e:d9:62:90:89:04:6c:12:f3:a6:05:80:b9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
        Validity
            Not Before: Feb 28 07:47:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3b0754752f2d3b88dfd546376b8311582ed979c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:29:db:78:68:fe:21:9e:07:aa:95:14:4d:46:
                    6c:d2:ea:d4:e6:dc:74:42:c6:31:5c:43:39:f8:6d:
                    f5:9e:14:1c:a0:2f:fc:b6:89:7d:d1:a4:83:dc:0a:
                    f9:79:d9:ee:b3:64:44:d7:4a:a4:97:7c:92:ea:c2:
                    5d:18:66:e0:d6:05:9b:8b:75:fb:bb:83:54:50:2c:
                    55:ab:3c:09:ff:bb:15:b9:55:a9:da:33:4b:35:9e:
                    91:04:da:b7:8a:31:fc:d6:f8:ef:06:e1:0c:86:0f:
                    64:60:73:25:d0:6e:3b:f3:42:10:9c:a6:56:92:58:
                    36:88:f5:b0:47:3e:7c:27:a5:b6:28:5a:7b:18:d0:
                    1a:9f:a0:e3:73:15:33:bb:c6:e8:71:f9:02:5a:fa:
                    89:38:91:1d:61:c3:a7:b1:d5:6a:87:82:d2:4e:c5:
                    f4:3a:90:ac:37:b7:53:33:91:03:ef:e5:de:23:f8:
                    22:e1:2b:eb:b0:4f:66:4b:ac:ec:1f:e0:5e:4a:83:
                    b4:6d:fd:e6:83:1a:e2:ed:1c:83:03:41:81:df:f1:
                    58:eb:d4:7a:66:45:c6:ca:31:3c:86:45:7b:98:7a:
                    1e:cd:3b:b9:3e:1b:e3:c9:a8:73:9d:d0:59:6a:48:
                    3c:4f:6e:db:43:a1:0a:94:a4:69:fd:27:1a:13:e3:
                    6f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:B0:75:47:52:F2:D3:B8:8D:FD:54:63:76:B8:31:15:82:ED:97:9C
            X509v3 Authority Key Identifier:
                keyid:2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/87B1R1Ly07iN_VRjdrgxFYLtl5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:fb:af:cf:77:f5:7d:e3:8f:62:a8:05:70:a5:17:9c:25:91:
         a6:d6:84:14:a5:30:8b:90:17:ec:db:6b:8c:de:c0:88:0b:2d:
         1e:0b:41:84:e9:3f:92:d3:cd:bb:cc:21:75:0c:d5:64:ca:39:
         85:36:15:bf:72:ae:8d:ba:99:53:8d:8f:15:4b:70:5f:fe:df:
         85:69:ce:0a:0e:43:bb:9b:fa:c2:56:72:bd:77:89:ae:91:b2:
         cd:4e:73:6c:db:51:cb:b0:a9:d8:70:ea:2c:e8:b9:c6:b8:3f:
         c5:49:38:42:f0:1b:df:07:d0:4b:43:a3:b8:75:fb:d8:15:90:
         fa:9c:53:16:ce:73:7c:2c:8c:af:8d:88:dd:15:7d:8a:5f:ae:
         2b:be:44:b4:5e:8f:b9:f8:07:85:e9:2c:20:d9:f5:8e:a4:dd:
         49:b5:96:9f:a7:db:7e:48:ec:ad:9d:d4:cd:81:6e:95:e4:d6:
         5b:a4:f9:a9:59:a4:35:36:d4:d2:d9:f6:bc:9e:9c:a5:24:36:
         b9:37:6a:cb:f9:9d:62:1a:60:f8:df:f8:54:d3:10:75:fc:d4:
         18:97:5b:cf:56:7c:7c:42:23:cc:a7:69:22:21:30:ed:a0:59:
         25:63:61:af:21:41:bf:9e:8a:c2:01:ff:45:ab:69:06:02:2e:
         8b:63:c0:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVLhi7ZYpCJBGwS86YFgLm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWJiNjkxYjI0ZjI4NzkyNTNlM2E2YTQ1ZTBiNWM1MjY3
M2IwOWQwHhcNMjUwMjI4MDc0NzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2IwNzU0NzUyZjJkM2I4OGRmZDU0NjM3NmI4MzExNTgyZWQ5NzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxynbeGj+IZ4HqpUUTUZs0urU5tx0
QsYxXEM5+G31nhQcoC/8tol90aSD3Ar5ednus2RE10qkl3yS6sJdGGbg1gWbi3X7
u4NUUCxVqzwJ/7sVuVWp2jNLNZ6RBNq3ijH81vjvBuEMhg9kYHMl0G4780IQnKZW
klg2iPWwRz58J6W2KFp7GNAan6DjcxUzu8bocfkCWvqJOJEdYcOnsdVqh4LSTsX0
OpCsN7dTM5ED7+XeI/gi4SvrsE9mS6zsH+BeSoO0bf3mgxri7RyDA0GB3/FY69R6
ZkXGyjE8hkV7mHoezTu5PhvjyahzndBZakg8T27bQ6EKlKRp/ScaE+NvFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOwdUdS8tO4jf1UY3a4MRWC7ZecMB8GA1UdIwQY
MBaAFC7rtpGyTyh5JT46akXgtcUmc7CdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAt
ZGEzZTExOTJjZGY2LzEvODdCMVIxTHkwN2lOX1ZSamRyZ3hGWUx0bDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAtZGEzZTExOTJjZGY2
LzEvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRPbMA0G
CSqGSIb3DQEBCwUAA4IBAQB3+6/Pd/V9449iqAVwpRecJZGm1oQUpTCLkBfs22uM
3sCICy0eC0GE6T+S0827zCF1DNVkyjmFNhW/cq6NuplTjY8VS3Bf/t+Fac4KDkO7
m/rCVnK9d4mukbLNTnNs21HLsKnYcOos6LnGuD/FSThC8BvfB9BLQ6O4dfvYFZD6
nFMWznN8LIyvjYjdFX2KX64rvkS0Xo+5+AeF6Swg2fWOpN1JtZafp9t+SOytndTN
gW6V5NZbpPmpWaQ1NtTS2fa8npylJDa5N2rL+Z1iGmD43/hU0xB1/NQYl1vPVnx8
QiPMp2kiITDtoFklY2GvIUG/norCAf9Fq2kGAi6LY8D9
-----END CERTIFICATE-----