Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DqIwBz09GVkZK_gZ5I10qjJf_ys.roa
File:                     DqIwBz09GVkZK_gZ5I10qjJf_ys.roa (raw, json)
Hash identifier:          c0iRzQrUBzV64ZvugD7r5Tge4OFGYDIQjIm+fC8puK4=
Subject key identifier:   0E:A2:30:07:3D:3D:19:59:19:2B:F8:19:E4:8D:74:AA:32:5F:FF:2B
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019428266EDE94C6A51935625DFE5FD6F832
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DqIwBz09GVkZK_gZ5I10qjJf_ys.roa
Signing time:             Thu 02 Jan 2025 17:53:14 +0000
ROA not before:           Thu 02 Jan 2025 17:53:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        89.249.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:6e:de:94:c6:a5:19:35:62:5d:fe:5f:d6:f8:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ea230073d3d1959192bf819e48d74aa325fff2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ff:7d:c3:43:d5:58:cd:50:5d:c3:33:65:2b:
                    dc:58:88:75:f0:ba:bf:1d:cd:2b:f4:ff:3b:a4:d3:
                    cb:c6:32:54:27:57:08:6a:04:cd:31:e3:0f:5c:c3:
                    0c:84:66:66:82:c5:64:05:32:d1:38:2a:5a:c8:44:
                    d2:a3:b1:da:0d:57:7e:30:9f:dc:d8:57:58:da:7c:
                    d8:56:54:e9:ea:32:2c:e6:5f:22:33:03:34:ab:cf:
                    bd:15:80:29:e5:cc:d9:17:ef:99:c2:61:7e:ad:6c:
                    7c:24:79:c4:0c:3c:de:7e:aa:d1:ce:51:20:4f:3e:
                    11:79:f9:ab:bd:94:d2:ef:3b:5d:51:e7:6d:ce:65:
                    d2:e2:d6:d9:e0:2a:ae:61:3a:99:2f:9c:e5:0b:2b:
                    bd:0a:b5:72:98:85:60:16:62:01:d5:88:75:9c:59:
                    ed:6b:1d:4b:82:92:a2:eb:90:a0:21:6a:9f:bd:e0:
                    dd:32:58:c4:65:86:73:f1:78:19:15:de:97:72:c0:
                    19:95:43:d2:bb:64:a3:dd:7c:13:3f:7b:ce:7f:19:
                    07:15:52:26:f4:f9:fd:66:30:2f:2e:56:99:c2:ab:
                    e2:c3:d2:95:65:82:40:f0:9b:bd:fd:ed:1c:c2:fa:
                    1f:a2:86:94:69:9a:d9:ac:74:7d:32:a0:5e:47:9a:
                    61:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A2:30:07:3D:3D:19:59:19:2B:F8:19:E4:8D:74:AA:32:5F:FF:2B
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DqIwBz09GVkZK_gZ5I10qjJf_ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:92:73:c5:d1:c2:cc:d7:fa:c5:86:5b:38:bd:ba:88:2d:f5:
         8a:14:82:0f:12:88:25:7e:b2:fc:ab:6b:48:70:db:1e:ce:67:
         b4:0f:4e:1c:0e:2b:01:1b:33:3a:ed:d2:f2:0e:37:39:dd:27:
         1d:2f:b8:27:5c:bd:f5:bf:23:42:c8:51:46:5b:fb:9d:78:fe:
         ad:b9:99:51:e4:31:ff:1d:e6:e6:a1:98:51:49:65:83:da:38:
         e2:fd:51:08:6c:ec:ae:18:5f:4c:50:76:ca:dd:b1:88:17:20:
         24:73:f5:48:27:03:ff:50:8d:3c:d0:3c:f5:fc:77:c0:0f:33:
         89:1e:27:e0:07:73:73:13:42:d6:03:7e:3c:9f:de:73:0b:41:
         5f:62:ce:24:b3:e8:5b:ac:34:06:9b:7a:3c:12:40:2d:47:e8:
         5c:36:b6:38:2c:89:31:f7:21:7f:48:16:e6:84:64:2e:71:aa:
         f1:ec:e9:f5:5c:d3:0e:60:51:39:62:46:4e:7d:d3:16:36:0b:
         82:bc:89:e4:56:55:88:74:94:3a:0e:55:62:5c:03:7a:26:1d:
         8f:8d:d6:ad:64:a2:b3:43:81:12:e4:c3:ef:89:10:da:b9:96:
         47:e4:10:bb:c8:92:2d:2e:37:49:b4:9f:ef:60:f9:25:b3:79:
         1a:99:06:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJm7elMalGTViXf5f1vgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWEyMzAwNzNkM2QxOTU5MTkyYmY4MTllNDhkNzRhYTMyNWZmZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv99w0PVWM1QXcMzZSvcWIh18Lq/
Hc0r9P87pNPLxjJUJ1cIagTNMeMPXMMMhGZmgsVkBTLROCpayETSo7HaDVd+MJ/c
2FdY2nzYVlTp6jIs5l8iMwM0q8+9FYAp5czZF++ZwmF+rWx8JHnEDDzefqrRzlEg
Tz4RefmrvZTS7ztdUedtzmXS4tbZ4CquYTqZL5zlCyu9CrVymIVgFmIB1Yh1nFnt
ax1LgpKi65CgIWqfveDdMljEZYZz8XgZFd6XcsAZlUPSu2Sj3XwTP3vOfxkHFVIm
9Pn9ZjAvLlaZwqviw9KVZYJA8Ju9/e0cwvofooaUaZrZrHR9MqBeR5phmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6iMAc9PRlZGSv4GeSNdKoyX/8rMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvRHFJd0J6MDlHVmtaS19nWjVJMTBxakpmX3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnNMA0G
CSqGSIb3DQEBCwUAA4IBAQC/knPF0cLM1/rFhls4vbqILfWKFIIPEoglfrL8q2tI
cNsezme0D04cDisBGzM67dLyDjc53ScdL7gnXL31vyNCyFFGW/udeP6tuZlR5DH/
HebmoZhRSWWD2jji/VEIbOyuGF9MUHbK3bGIFyAkc/VIJwP/UI080Dz1/HfADzOJ
HifgB3NzE0LWA348n95zC0FfYs4ks+hbrDQGm3o8EkAtR+hcNrY4LIkx9yF/SBbm
hGQucarx7On1XNMOYFE5YkZOfdMWNguCvInkVlWIdJQ6DlViXAN6Jh2PjdatZKKz
Q4ES5MPviRDauZZH5BC7yJItLjdJtJ/vYPkls3kamQZe
-----END CERTIFICATE-----