Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Gv5HrL2f33_QVcVgXo5CsM0Vaho.roa
File:                     Gv5HrL2f33_QVcVgXo5CsM0Vaho.roa (raw, json)
Hash identifier:          LEWORZbggYg+nZNcCLA8VUA/7SebS6hs8+TL4nNmjcg=
Subject key identifier:   1A:FE:47:AC:BD:9F:DF:7F:D0:55:C5:60:5E:8E:42:B0:CD:15:6A:1A
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019428266F88D1056BA40B16910226BA80EB
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Gv5HrL2f33_QVcVgXo5CsM0Vaho.roa
Signing time:             Thu 02 Jan 2025 17:53:15 +0000
ROA not before:           Thu 02 Jan 2025 17:53:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        89.249.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:6f:88:d1:05:6b:a4:0b:16:91:02:26:ba:80:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1afe47acbd9fdf7fd055c5605e8e42b0cd156a1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5b:1f:38:1d:04:45:90:c9:c4:d9:fd:50:83:
                    ed:a0:14:eb:fc:53:cb:b7:3f:1c:da:77:a0:91:da:
                    37:e9:b7:69:96:a8:c2:92:85:eb:6e:72:77:1e:6d:
                    18:96:c5:4e:58:53:38:bb:37:46:9a:4d:b4:dd:ec:
                    41:3a:63:89:f0:da:03:eb:99:ff:37:7d:f6:31:69:
                    53:50:77:9e:8a:28:4e:97:df:92:94:16:15:f9:4a:
                    96:dc:27:a0:99:1f:a8:b2:c8:7b:bd:bd:d2:59:9b:
                    8c:5a:29:1e:2f:1b:46:b2:4f:05:ce:c6:59:94:4d:
                    21:33:09:04:c7:8a:de:2c:a1:f1:12:10:52:f0:a4:
                    25:4e:96:71:67:f6:6c:bb:94:0d:e8:4e:d7:90:17:
                    74:3c:9b:2e:ed:64:6a:76:c6:eb:5a:8b:b8:4b:43:
                    be:ec:3b:08:03:62:78:dc:65:f0:94:ce:56:bb:87:
                    a7:2d:09:40:4d:83:ee:4d:e8:56:e5:db:c1:90:01:
                    36:71:20:c0:14:2e:41:c3:19:bc:e3:47:c4:0d:02:
                    3c:bc:3f:22:24:3a:ad:06:1b:e5:9d:76:41:79:97:
                    9b:9c:ae:55:95:46:2c:f6:76:a5:c7:c4:55:76:1f:
                    9a:c2:31:a2:e4:cd:d1:2e:9b:c7:12:cd:ff:a4:d7:
                    ca:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:FE:47:AC:BD:9F:DF:7F:D0:55:C5:60:5E:8E:42:B0:CD:15:6A:1A
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Gv5HrL2f33_QVcVgXo5CsM0Vaho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:33:a8:2f:c5:49:3c:94:90:be:99:b8:8e:9c:b6:41:85:ab:
         2e:90:23:2e:1a:fe:d2:30:4b:86:59:ed:9d:41:55:f9:b7:45:
         59:2a:38:17:94:f2:da:7f:70:07:2f:95:8d:c1:09:d6:d5:f6:
         68:ad:62:5a:7f:85:4d:ce:2b:1c:29:b4:57:9a:03:30:55:ee:
         48:cd:be:ff:bd:13:47:31:16:51:c8:b2:1b:ba:70:46:eb:4d:
         13:58:96:e4:ec:5a:75:b9:d8:b7:8a:bc:bb:ec:6f:5d:26:8f:
         48:0e:7b:75:5a:13:ac:10:d2:75:12:95:76:28:4d:b3:bd:22:
         b2:e6:6d:f8:9c:93:92:39:12:67:ef:21:ff:3a:30:0b:63:bf:
         a0:cb:cf:3d:d3:9e:01:bc:e6:2c:79:68:97:c7:a2:af:77:57:
         31:05:96:81:48:24:cc:6d:93:ce:69:43:f7:3b:d2:8e:85:1f:
         6c:50:f1:b0:d7:e0:dd:33:65:a7:d6:71:5a:f5:64:7d:6b:3a:
         fe:58:a3:56:fb:ec:8b:d2:77:af:b6:36:42:8e:e2:29:b9:a8:
         34:6a:c5:92:f6:f1:a7:41:ab:73:a7:cc:2d:2e:fa:3f:78:69:
         f4:20:8e:82:8c:d0:eb:3a:a3:b7:3d:2f:1d:9b:5b:9e:3e:34:
         08:8b:18:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJm+I0QVrpAsWkQImuoDrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWZlNDdhY2JkOWZkZjdmZDA1NWM1NjA1ZThlNDJiMGNkMTU2YTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlsfOB0ERZDJxNn9UIPtoBTr/FPL
tz8c2negkdo36bdplqjCkoXrbnJ3Hm0YlsVOWFM4uzdGmk203exBOmOJ8NoD65n/
N332MWlTUHeeiihOl9+SlBYV+UqW3CegmR+ossh7vb3SWZuMWikeLxtGsk8FzsZZ
lE0hMwkEx4reLKHxEhBS8KQlTpZxZ/Zsu5QN6E7XkBd0PJsu7WRqdsbrWou4S0O+
7DsIA2J43GXwlM5Wu4enLQlATYPuTehW5dvBkAE2cSDAFC5Bwxm840fEDQI8vD8i
JDqtBhvlnXZBeZebnK5VlUYs9nalx8RVdh+awjGi5M3RLpvHEs3/pNfKgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBr+R6y9n99/0FXFYF6OQrDNFWoaMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvR3Y1SHJMMmYzM19RVmNWZ1hvNUNzTTBWYWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnLMA0G
CSqGSIb3DQEBCwUAA4IBAQBsM6gvxUk8lJC+mbiOnLZBhasukCMuGv7SMEuGWe2d
QVX5t0VZKjgXlPLaf3AHL5WNwQnW1fZorWJaf4VNziscKbRXmgMwVe5Izb7/vRNH
MRZRyLIbunBG600TWJbk7Fp1udi3iry77G9dJo9IDnt1WhOsENJ1EpV2KE2zvSKy
5m34nJOSORJn7yH/OjALY7+gy889054BvOYseWiXx6Kvd1cxBZaBSCTMbZPOaUP3
O9KOhR9sUPGw1+DdM2Wn1nFa9WR9azr+WKNW++yL0nevtjZCjuIpuag0asWS9vGn
Qatzp8wtLvo/eGn0II6CjNDrOqO3PS8dm1uePjQIixh6
-----END CERTIFICATE-----