Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/kK9iFD86F2TbKF1-MK7LXjXrS2w.roa
File:                     kK9iFD86F2TbKF1-MK7LXjXrS2w.roa (raw, json)
Hash identifier:          qP4mb8DT5u0ulqTppD9Fz+HOfaj4p6ZrC8wxXFNUrXI=
Subject key identifier:   90:AF:62:14:3F:3A:17:64:DB:28:5D:7E:30:AE:CB:5E:35:EB:4B:6C
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       01942826729E8E7DEE07B3A54E1C08E166E2
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/kK9iFD86F2TbKF1-MK7LXjXrS2w.roa
Signing time:             Thu 02 Jan 2025 17:53:15 +0000
ROA not before:           Thu 02 Jan 2025 17:53:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        89.249.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:72:9e:8e:7d:ee:07:b3:a5:4e:1c:08:e1:66:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90af62143f3a1764db285d7e30aecb5e35eb4b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:76:e0:32:b3:66:b0:2b:5e:d1:87:dc:0a:c7:
                    d4:06:b7:1d:0c:d3:0b:0a:f4:d0:41:4d:eb:f5:db:
                    17:8c:3e:2f:d6:d5:17:73:78:c6:52:42:56:a8:0b:
                    9d:30:74:37:fc:3c:71:43:a3:de:d1:2e:65:f3:c8:
                    37:52:2f:a0:64:8f:6c:94:85:2a:cb:08:2c:e1:da:
                    f6:8c:6a:40:de:10:0b:e7:93:70:60:ba:4e:a2:6c:
                    e4:fa:8b:13:1c:c7:8e:63:6e:3e:f3:b5:99:31:8a:
                    be:b0:e8:30:a3:3f:0e:5d:f4:b9:41:25:9f:33:d4:
                    28:55:31:d8:8a:1c:d5:b9:94:06:74:de:87:21:f3:
                    bc:fc:93:34:bf:30:1b:41:57:3f:7c:ae:d1:e5:67:
                    d8:db:9b:29:92:d5:3f:a9:58:19:00:76:c7:d5:5c:
                    d1:01:f0:0a:87:83:cd:3a:25:e4:89:0a:2c:8c:ff:
                    04:93:06:12:29:b4:1d:57:88:9a:4d:68:f6:ba:84:
                    2d:45:52:20:e0:b1:63:b5:7d:28:3e:11:67:0c:26:
                    15:95:08:38:ed:d7:d9:4d:4d:ac:ef:8b:28:ba:66:
                    85:e5:ef:ce:76:c6:80:ce:75:bb:e6:e1:30:72:7b:
                    f2:3a:37:58:e2:bb:78:44:aa:7d:53:60:14:3b:e7:
                    ab:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:AF:62:14:3F:3A:17:64:DB:28:5D:7E:30:AE:CB:5E:35:EB:4B:6C
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/kK9iFD86F2TbKF1-MK7LXjXrS2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:03:fc:2e:29:af:9c:26:4f:96:15:ba:87:a5:4c:3d:14:aa:
         44:c6:9c:de:ca:f9:fb:2c:ea:06:e6:f9:d6:70:93:b5:cf:13:
         0c:67:77:29:94:6c:ea:d9:99:4b:cf:31:9a:2c:ed:a8:0c:3c:
         cd:ec:2d:cf:23:ad:21:08:1b:a3:b3:48:0b:56:90:50:9d:20:
         52:0e:cd:ac:a6:01:d3:d2:7c:55:cf:ad:0a:3c:a2:92:df:86:
         86:df:e2:87:eb:00:f1:63:1f:2b:6a:9e:92:ba:19:04:c4:ea:
         ee:c2:88:4e:ee:d7:ba:71:75:e0:4c:e9:ec:ad:d0:00:30:9e:
         d4:d3:21:0c:ee:da:1a:01:0a:d7:84:4b:ff:b0:76:9e:61:89:
         35:32:8b:33:18:fe:3b:47:3b:2c:c6:31:66:92:ed:a2:f5:99:
         af:79:fd:98:38:7e:b3:3a:5f:8b:63:ea:0c:2e:ac:9d:3d:ef:
         82:85:5d:2f:49:6f:19:f8:36:b7:04:24:9a:27:53:80:20:f7:
         46:f4:cf:72:e3:cb:a2:21:a2:a3:fc:96:26:a8:f8:65:ad:ed:
         a2:7c:d4:ec:fe:a0:23:69:3a:7e:e9:ae:d0:fa:dc:d4:28:01:
         f9:0e:b0:6a:70:13:34:bb:cc:fc:7f:67:e0:3e:4e:c5:08:60:
         8c:0c:88:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJnKejn3uB7OlThwI4WbiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGFmNjIxNDNmM2ExNzY0ZGIyODVkN2UzMGFlY2I1ZTM1ZWI0YjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnbgMrNmsCte0YfcCsfUBrcdDNML
CvTQQU3r9dsXjD4v1tUXc3jGUkJWqAudMHQ3/DxxQ6Pe0S5l88g3Ui+gZI9slIUq
ywgs4dr2jGpA3hAL55NwYLpOomzk+osTHMeOY24+87WZMYq+sOgwoz8OXfS5QSWf
M9QoVTHYihzVuZQGdN6HIfO8/JM0vzAbQVc/fK7R5WfY25spktU/qVgZAHbH1VzR
AfAKh4PNOiXkiQosjP8EkwYSKbQdV4iaTWj2uoQtRVIg4LFjtX0oPhFnDCYVlQg4
7dfZTU2s74soumaF5e/OdsaAznW75uEwcnvyOjdY4rt4RKp9U2AUO+eruwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCvYhQ/Ohdk2yhdfjCuy14160tsMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEva0s5aUZEODZGMlRiS0YxLU1LN0xYalhyUzJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnHMA0G
CSqGSIb3DQEBCwUAA4IBAQCXA/wuKa+cJk+WFbqHpUw9FKpExpzeyvn7LOoG5vnW
cJO1zxMMZ3cplGzq2ZlLzzGaLO2oDDzN7C3PI60hCBujs0gLVpBQnSBSDs2spgHT
0nxVz60KPKKS34aG3+KH6wDxYx8rap6SuhkExOruwohO7te6cXXgTOnsrdAAMJ7U
0yEM7toaAQrXhEv/sHaeYYk1MoszGP47RzssxjFmku2i9Zmvef2YOH6zOl+LY+oM
LqydPe+ChV0vSW8Z+Da3BCSaJ1OAIPdG9M9y48uiIaKj/JYmqPhlre2ifNTs/qAj
aTp+6a7Q+tzUKAH5DrBqcBM0u8z8f2fgPk7FCGCMDIhK
-----END CERTIFICATE-----