Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/JUl2XJ7ITteVa0YZiH_2fdnHLHE.roa
File:                     JUl2XJ7ITteVa0YZiH_2fdnHLHE.roa (raw, json)
Hash identifier:          MYOIjvxFWT6ugCgMn3KkkM/0xAtUD56C4vyfiv1viSw=
Subject key identifier:   25:49:76:5C:9E:C8:4E:D7:95:6B:46:19:88:7F:F6:7D:D9:C7:2C:71
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       018E868EBC0589430BA4299CB996D49328AE
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/JUl2XJ7ITteVa0YZiH_2fdnHLHE.roa
Signing time:             Thu 28 Mar 2024 19:34:44 +0000
ROA not before:           Thu 28 Mar 2024 19:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        89.249.200.0/24 maxlen: 24
                          185.21.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:86:8e:bc:05:89:43:0b:a4:29:9c:b9:96:d4:93:28:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Mar 28 19:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2549765c9ec84ed7956b4619887ff67dd9c72c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:98:72:32:46:43:91:d4:5d:f9:8c:bd:dc:4c:
                    2d:2b:71:75:2a:45:87:de:42:67:8c:d2:cf:e2:50:
                    bf:82:06:d3:74:19:74:0f:a0:a3:37:84:fc:00:86:
                    b9:c0:71:ac:5c:74:3e:18:af:2b:4a:08:ac:6c:ff:
                    a7:c6:4c:47:7b:c3:ce:68:6a:40:0f:c5:f7:01:f5:
                    b6:5a:32:5a:ec:fb:6b:02:89:0b:c5:50:cc:47:91:
                    58:00:b2:54:c6:d8:1c:a6:0b:c2:98:00:f1:c5:d9:
                    aa:9c:17:36:f3:33:2d:6a:2e:3f:eb:66:e8:2b:45:
                    3b:4c:b6:47:67:32:91:b5:7c:00:3a:bd:99:14:10:
                    7a:7b:f3:69:92:15:02:cb:1c:f6:f1:06:d5:3b:ad:
                    9f:ae:8b:9b:0c:3f:5c:cc:2b:06:bc:cf:7f:99:1e:
                    0c:7b:85:5f:d0:78:90:29:6d:2c:1a:36:4e:53:20:
                    50:dd:a3:c6:d4:09:21:49:a8:f1:7c:42:28:3d:1e:
                    79:64:5f:52:af:b7:b4:c5:c1:ce:af:85:21:1c:5b:
                    c7:cb:f3:25:af:c2:8d:88:4e:6e:25:4c:0c:c2:8c:
                    9b:59:d6:18:43:5c:1f:be:d8:f9:ba:02:9b:03:90:
                    77:67:ee:07:27:5d:73:76:3b:83:f5:9b:00:fa:4c:
                    be:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:49:76:5C:9E:C8:4E:D7:95:6B:46:19:88:7F:F6:7D:D9:C7:2C:71
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/JUl2XJ7ITteVa0YZiH_2fdnHLHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.200.0/24
                  185.21.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:e6:12:ec:13:4f:af:52:a7:59:29:eb:15:6e:02:82:be:d3:
         f9:06:f1:3b:82:4b:3a:d2:08:ed:e7:1c:2d:16:e2:1f:1e:08:
         86:75:37:85:15:97:31:ac:cb:02:80:9a:19:03:0e:e3:62:bb:
         e9:24:ea:ba:ee:2b:7a:21:12:12:f0:1e:b7:bb:2f:94:a5:8d:
         ec:94:56:80:8d:bd:e7:2d:f2:ea:fa:11:54:93:ab:4c:d1:38:
         09:6f:a1:9b:94:8f:2e:cf:ba:08:a9:1b:fb:ff:36:ea:ef:ef:
         d4:23:fc:06:38:46:ee:ca:f9:08:3a:18:c6:87:71:e7:f1:f8:
         cc:3f:08:4b:94:db:91:a1:82:c5:ff:9a:3a:1c:f9:8b:c4:33:
         5a:32:da:a9:94:e4:87:a9:75:32:50:82:f0:23:a8:08:84:b6:
         99:13:8c:b4:c5:60:8d:a5:8b:c1:00:1c:6e:99:88:03:d9:d6:
         d8:20:b0:9f:92:12:f4:76:24:8d:ae:58:21:6d:93:9c:41:f8:
         7a:54:e4:b4:f8:15:76:77:a1:5a:09:5a:cc:73:d3:c8:63:85:
         c2:8c:87:eb:6f:bb:31:8c:1a:b7:fc:18:91:6c:7a:c9:a8:fd:
         ca:34:da:50:99:f7:a8:08:86:d4:56:79:83:44:3d:17:67:0c:
         53:11:46:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6GjrwFiUMLpCmcuZbUkyiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwMzI4MTkzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTQ5NzY1YzllYzg0ZWQ3OTU2YjQ2MTk4ODdmZjY3ZGQ5YzcyYzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJhyMkZDkdRd+Yy93EwtK3F1KkWH
3kJnjNLP4lC/ggbTdBl0D6CjN4T8AIa5wHGsXHQ+GK8rSgisbP+nxkxHe8POaGpA
D8X3AfW2WjJa7PtrAokLxVDMR5FYALJUxtgcpgvCmADxxdmqnBc28zMtai4/62bo
K0U7TLZHZzKRtXwAOr2ZFBB6e/NpkhUCyxz28QbVO62froubDD9czCsGvM9/mR4M
e4Vf0HiQKW0sGjZOUyBQ3aPG1AkhSajxfEIoPR55ZF9Sr7e0xcHOr4UhHFvHy/Ml
r8KNiE5uJUwMwoybWdYYQ1wfvtj5ugKbA5B3Z+4HJ11zdjuD9ZsA+ky+CQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCVJdlyeyE7XlWtGGYh/9n3ZxyxxMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvSlVsMlhKN0lUdGVWYTBZWmlIXzJmZG5ITEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfnIAwQA
uRX/MA0GCSqGSIb3DQEBCwUAA4IBAQBu5hLsE0+vUqdZKesVbgKCvtP5BvE7gks6
0gjt5xwtFuIfHgiGdTeFFZcxrMsCgJoZAw7jYrvpJOq67it6IRIS8B63uy+UpY3s
lFaAjb3nLfLq+hFUk6tM0TgJb6GblI8uz7oIqRv7/zbq7+/UI/wGOEbuyvkIOhjG
h3Hn8fjMPwhLlNuRoYLF/5o6HPmLxDNaMtqplOSHqXUyUILwI6gIhLaZE4y0xWCN
pYvBABxumYgD2dbYILCfkhL0diSNrlghbZOcQfh6VOS0+BV2d6FaCVrMc9PIY4XC
jIfrb7sxjBq3/BiRbHrJqP3KNNpQmfeoCIbUVnmDRD0XZwxTEUbV
-----END CERTIFICATE-----