Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/bunFK9av8RfknnXIgouVNVSj7lg.roa
File:                     bunFK9av8RfknnXIgouVNVSj7lg.roa (raw, json)
Hash identifier:          oaHs1Qr4+X8d39BaWoE1d0HAMovpW6wQdYQeMQErL34=
Subject key identifier:   6E:E9:C5:2B:D6:AF:F1:17:E4:9E:75:C8:82:8B:95:35:54:A3:EE:58
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       0194282675588C8C3DA2C207E0BD38D074F2
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/bunFK9av8RfknnXIgouVNVSj7lg.roa
Signing time:             Thu 02 Jan 2025 17:53:16 +0000
ROA not before:           Thu 02 Jan 2025 17:53:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215224
IP address blocks:        89.249.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:75:58:8c:8c:3d:a2:c2:07:e0:bd:38:d0:74:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ee9c52bd6aff117e49e75c8828b953554a3ee58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:90:a7:88:26:d2:8b:66:e3:6b:b5:8f:62:b4:
                    5a:8d:c7:64:ab:47:f2:e1:42:5d:d6:3b:00:da:1e:
                    a0:28:b3:62:22:0d:8d:3c:51:bb:9f:5f:8f:74:e7:
                    88:34:a3:11:0f:4b:65:e0:5c:d5:f5:d9:27:80:bc:
                    e8:56:46:35:07:34:e6:40:58:0d:84:5b:29:be:ae:
                    79:8e:a3:8d:77:a2:90:fd:6e:42:fc:a8:88:41:53:
                    10:51:06:3c:29:6c:53:aa:f3:79:a3:9f:60:08:21:
                    15:8c:11:cc:ea:62:03:73:e5:55:2b:87:36:af:ce:
                    bc:79:8c:30:43:17:17:3e:20:90:33:2c:15:50:e9:
                    55:eb:c1:9e:31:a2:14:bc:66:e1:a9:bf:51:a5:a4:
                    20:50:37:99:68:d0:71:33:a0:bd:bd:da:5c:f3:68:
                    de:f0:a7:35:e2:cf:60:6f:01:83:6e:b6:3f:ac:c0:
                    eb:79:95:aa:87:cb:96:3f:40:fc:a2:9e:5d:ba:a2:
                    26:aa:e1:25:fa:bc:a4:1b:2a:c1:6e:28:f8:28:bb:
                    4f:a9:53:72:2c:69:58:d9:29:44:b2:33:33:99:d6:
                    62:22:fc:42:9b:3b:d3:2b:14:96:64:7b:9f:04:79:
                    c9:9a:dd:14:bf:ae:61:e0:0f:cf:05:c5:7d:fb:f5:
                    49:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:E9:C5:2B:D6:AF:F1:17:E4:9E:75:C8:82:8B:95:35:54:A3:EE:58
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/bunFK9av8RfknnXIgouVNVSj7lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f7:2e:0d:2f:0d:20:22:43:ae:a4:da:04:30:4e:62:77:6e:
         fc:83:e6:6b:fa:b8:b9:6e:e7:75:f2:17:f6:3f:48:fc:9d:31:
         02:3e:30:4e:6a:62:ea:bd:f2:0d:a3:b4:81:3c:b4:ec:78:ea:
         cb:ad:7e:84:b1:a7:51:e4:03:e2:26:3c:7a:03:ff:3f:3b:1b:
         fb:87:d7:05:c7:2d:d3:6f:30:0e:a0:d4:23:b7:7a:68:3c:dc:
         5d:2a:69:52:03:58:d8:cb:91:ba:b1:38:08:49:fd:69:b5:68:
         9c:c7:15:86:a9:13:21:0c:df:62:0f:92:06:c2:2e:70:1d:f7:
         d9:4e:82:0a:0b:b2:7a:4a:05:9b:f0:49:6f:8d:8f:8f:e3:7d:
         62:7b:d2:9a:99:2e:29:2c:85:2b:95:56:ac:85:dd:a2:61:50:
         0e:e2:7a:fd:67:53:65:3f:29:0e:c1:27:40:4c:59:73:82:de:
         ea:8f:cf:4e:2f:12:81:48:70:88:08:65:03:ce:f0:e5:dc:98:
         b5:5a:24:d8:0a:91:08:3c:3f:7b:41:97:1e:89:00:9c:6f:fb:
         86:69:f0:d4:37:80:d8:3b:73:d7:b4:5c:31:e5:7e:82:33:f8:
         f0:2b:34:04:91:d6:29:b1:74:aa:63:26:a8:6b:c3:87:08:c5:
         db:85:14:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJnVYjIw9osIH4L040HTyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWU5YzUyYmQ2YWZmMTE3ZTQ5ZTc1Yzg4MjhiOTUzNTU0YTNlZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZCniCbSi2bja7WPYrRajcdkq0fy
4UJd1jsA2h6gKLNiIg2NPFG7n1+PdOeINKMRD0tl4FzV9dkngLzoVkY1BzTmQFgN
hFspvq55jqONd6KQ/W5C/KiIQVMQUQY8KWxTqvN5o59gCCEVjBHM6mIDc+VVK4c2
r868eYwwQxcXPiCQMywVUOlV68GeMaIUvGbhqb9RpaQgUDeZaNBxM6C9vdpc82je
8Kc14s9gbwGDbrY/rMDreZWqh8uWP0D8op5duqImquEl+rykGyrBbij4KLtPqVNy
LGlY2SlEsjMzmdZiIvxCmzvTKxSWZHufBHnJmt0Uv65h4A/PBcV9+/VJGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7pxSvWr/EX5J51yIKLlTVUo+5YMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvYnVuRks5YXY4UmZrbm5YSWdvdVZOVlNqN2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnIMA0G
CSqGSIb3DQEBCwUAA4IBAQBv9y4NLw0gIkOupNoEME5id278g+Zr+ri5bud18hf2
P0j8nTECPjBOamLqvfINo7SBPLTseOrLrX6EsadR5APiJjx6A/8/Oxv7h9cFxy3T
bzAOoNQjt3poPNxdKmlSA1jYy5G6sTgISf1ptWicxxWGqRMhDN9iD5IGwi5wHffZ
ToIKC7J6SgWb8ElvjY+P431ie9KamS4pLIUrlVashd2iYVAO4nr9Z1NlPykOwSdA
TFlzgt7qj89OLxKBSHCICGUDzvDl3Ji1WiTYCpEIPD97QZceiQCcb/uGafDUN4DY
O3PXtFwx5X6CM/jwKzQEkdYpsXSqYyaoa8OHCMXbhRQ2
-----END CERTIFICATE-----