Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/uHW8s4So2LMq5MxaMXPpI-lhJfA.roa
File:                     uHW8s4So2LMq5MxaMXPpI-lhJfA.roa (raw, json)
Hash identifier:          MnMGvcSAZicv0Yn3QAwx2n0+uUqytuFdlE7u+YN2W7s=
Subject key identifier:   B8:75:BC:B3:84:A8:D8:B3:2A:E4:CC:5A:31:73:E9:23:E9:61:25:F0
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       0194282676A365AF384EE2E3B4E170092B6B
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/uHW8s4So2LMq5MxaMXPpI-lhJfA.roa
Signing time:             Thu 02 Jan 2025 17:53:16 +0000
ROA not before:           Thu 02 Jan 2025 17:53:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215817
IP address blocks:        89.249.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:76:a3:65:af:38:4e:e2:e3:b4:e1:70:09:2b:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b875bcb384a8d8b32ae4cc5a3173e923e96125f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:28:31:1c:2a:9e:a1:ce:9c:82:ab:d5:a9:81:
                    0e:22:db:01:6a:e9:64:f1:22:00:6d:61:86:e4:b1:
                    81:d9:cd:d1:65:a3:77:17:0d:25:9f:cf:3f:06:6a:
                    a3:5d:b7:69:66:0c:85:e1:7e:75:83:77:a5:66:24:
                    cc:75:f1:9d:31:2b:e4:50:0c:6b:8e:39:47:94:75:
                    91:0d:2c:5a:10:83:40:5f:a2:dd:9e:b5:83:81:70:
                    5e:b2:df:9f:0a:bd:12:a5:76:98:0b:98:af:95:e9:
                    ef:1f:4f:92:35:2b:51:7c:0e:d5:b1:9c:f6:af:bd:
                    62:af:e9:c0:09:f6:8d:4f:07:b7:1e:a9:4c:fd:d1:
                    81:09:7f:47:52:7a:13:61:ea:aa:91:da:06:5c:ba:
                    50:20:4d:b6:ec:67:7d:4e:9d:e8:9b:9b:e9:19:11:
                    53:00:1c:34:59:51:cc:b1:dd:da:2f:36:8d:90:da:
                    fe:b3:b8:f0:e6:cd:df:fd:fe:f4:c5:3a:5d:58:36:
                    aa:27:fc:03:55:ca:79:6d:e4:2b:51:c6:b8:8f:6e:
                    65:f8:9a:23:3d:c9:bb:a9:1c:40:87:d2:31:44:4a:
                    a8:f4:95:67:96:03:20:e9:f5:a7:af:f3:3f:63:23:
                    76:b0:00:cd:6e:cf:1e:36:a8:87:27:4d:89:50:e8:
                    27:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:75:BC:B3:84:A8:D8:B3:2A:E4:CC:5A:31:73:E9:23:E9:61:25:F0
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/uHW8s4So2LMq5MxaMXPpI-lhJfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:36:a6:df:5b:65:80:6c:b9:66:3f:b2:17:aa:fb:fe:38:20:
         fc:45:a8:c7:3f:c2:2a:8a:96:5c:d8:9e:99:be:ff:7f:3e:aa:
         82:72:b2:65:08:4e:cb:d7:c1:c7:5b:a4:fb:a8:81:1b:d8:0b:
         1e:67:6b:77:32:e1:9a:88:fd:dd:7a:9b:88:da:00:4d:07:1d:
         46:70:4f:9a:99:be:52:d4:c3:04:d9:5d:ce:1e:e7:7e:c4:2e:
         10:e2:1b:d4:c5:fc:a7:f7:1e:66:1e:d9:e1:66:fd:cc:2f:f4:
         66:cd:50:6b:5c:19:74:b0:8a:1f:e1:a0:ab:ca:7c:3c:94:82:
         1a:45:e8:c2:59:76:de:43:c7:13:60:e9:2e:2a:62:f0:34:9c:
         cc:39:46:13:01:37:72:3d:65:ed:20:a1:6b:b3:e6:21:85:71:
         f5:18:5a:28:70:a5:58:a2:ff:53:d5:10:2e:db:d2:a8:47:5b:
         b2:6c:e4:e7:a8:13:d5:cd:8a:8d:18:75:8b:a6:3f:03:df:09:
         db:0b:8c:cd:e3:a2:be:6a:0a:34:74:f8:5f:e8:22:f4:10:1d:
         9e:c6:43:4e:c7:65:1e:98:d2:a1:72:91:9c:cc:d1:91:9a:37:
         1a:cd:eb:0b:21:71:9d:72:4e:a9:d9:79:ab:a6:8f:d4:a2:46:
         da:f5:12:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJnajZa84TuLjtOFwCStrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODc1YmNiMzg0YThkOGIzMmFlNGNjNWEzMTczZTkyM2U5NjEyNWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCgxHCqeoc6cgqvVqYEOItsBaulk
8SIAbWGG5LGB2c3RZaN3Fw0ln88/BmqjXbdpZgyF4X51g3elZiTMdfGdMSvkUAxr
jjlHlHWRDSxaEINAX6LdnrWDgXBest+fCr0SpXaYC5ivlenvH0+SNStRfA7VsZz2
r71ir+nACfaNTwe3HqlM/dGBCX9HUnoTYeqqkdoGXLpQIE227Gd9Tp3om5vpGRFT
ABw0WVHMsd3aLzaNkNr+s7jw5s3f/f70xTpdWDaqJ/wDVcp5beQrUca4j25l+Joj
Pcm7qRxAh9IxREqo9JVnlgMg6fWnr/M/YyN2sADNbs8eNqiHJ02JUOgnHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLh1vLOEqNizKuTMWjFz6SPpYSXwMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvdUhXOHM0U28yTE1xNU14YU1YUHBJLWxoSmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnOMA0G
CSqGSIb3DQEBCwUAA4IBAQBnNqbfW2WAbLlmP7IXqvv+OCD8RajHP8IqipZc2J6Z
vv9/PqqCcrJlCE7L18HHW6T7qIEb2AseZ2t3MuGaiP3depuI2gBNBx1GcE+amb5S
1MME2V3OHud+xC4Q4hvUxfyn9x5mHtnhZv3ML/RmzVBrXBl0sIof4aCrynw8lIIa
RejCWXbeQ8cTYOkuKmLwNJzMOUYTATdyPWXtIKFrs+YhhXH1GFoocKVYov9T1RAu
29KoR1uybOTnqBPVzYqNGHWLpj8D3wnbC4zN46K+ago0dPhf6CL0EB2exkNOx2Ue
mNKhcpGczNGRmjcazesLIXGdck6p2Xmrpo/Uokba9RJU
-----END CERTIFICATE-----