Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/4GeQc9KQXXi6xI1vB_7_1xuddrA.roa
File:                     4GeQc9KQXXi6xI1vB_7_1xuddrA.roa (raw, json)
Hash identifier:          EUSBq2g9uve+neWandDVOfufL8m9jgeOZuElm8BWqRs=
Subject key identifier:   E0:67:90:73:D2:90:5D:78:BA:C4:8D:6F:07:FE:FF:D7:1B:9D:76:B0
Certificate issuer:       /CN=133deed883c2a690ce54829b48f9d78cd7b25fd7
Certificate serial:       0194206847BDE2798B3A035EC6267D1991A7
Authority key identifier: 13:3D:EE:D8:83:C2:A6:90:CE:54:82:9B:48:F9:D7:8C:D7:B2:5F:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ez3u2IPCppDOVIKbSPnXjNeyX9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/4GeQc9KQXXi6xI1vB_7_1xuddrA.roa
Signing time:             Wed 01 Jan 2025 05:48:12 +0000
ROA not before:           Wed 01 Jan 2025 05:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42487
IP address blocks:        89.28.144.0/21 maxlen: 21
                          2a01:58c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/Ez3u2IPCppDOVIKbSPnXjNeyX9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/Ez3u2IPCppDOVIKbSPnXjNeyX9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ez3u2IPCppDOVIKbSPnXjNeyX9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:47:bd:e2:79:8b:3a:03:5e:c6:26:7d:19:91:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=133deed883c2a690ce54829b48f9d78cd7b25fd7
        Validity
            Not Before: Jan  1 05:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0679073d2905d78bac48d6f07feffd71b9d76b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:5b:8c:53:bb:0c:3c:da:bc:65:74:a7:d2:e8:
                    e4:30:c7:11:cf:bf:0d:ce:5d:31:18:4b:7b:e9:4e:
                    e1:93:73:72:74:72:94:56:13:7e:63:5b:10:5c:59:
                    c6:f2:4c:8f:03:55:db:84:e5:56:e3:ef:f3:a0:7a:
                    08:d9:9b:0a:0a:84:2e:8a:a8:87:f7:aa:b9:60:0b:
                    ee:f5:c8:40:b5:bf:97:fe:43:cb:ae:f7:ef:9a:95:
                    72:ba:6b:93:60:f7:7b:51:7e:25:96:5f:82:09:d6:
                    ad:42:43:f5:2f:f5:8a:b4:88:20:30:6b:5f:9a:b7:
                    f6:fd:5f:ec:5f:3a:d8:8b:31:e3:7c:a7:fc:8c:ad:
                    34:dc:61:9b:00:1a:89:fb:33:02:c3:ec:d0:be:67:
                    dd:0f:fa:18:e8:e0:89:92:77:bc:cb:56:6b:b1:45:
                    41:2a:0c:cb:3b:7e:5c:f2:b8:3e:59:eb:ce:56:0f:
                    8c:6f:8a:02:97:1a:57:fb:50:94:5a:a5:1b:31:4d:
                    43:9f:0b:76:99:86:6f:95:f1:2a:8e:e5:fd:c0:f8:
                    8e:5a:f0:18:90:46:85:90:16:2a:95:52:d3:b3:fe:
                    09:4f:4c:b7:4b:8d:57:91:d3:c8:ec:56:2d:af:6d:
                    ab:92:8d:a6:8c:7e:4c:d3:bc:fc:bc:23:c3:cc:85:
                    46:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:67:90:73:D2:90:5D:78:BA:C4:8D:6F:07:FE:FF:D7:1B:9D:76:B0
            X509v3 Authority Key Identifier:
                keyid:13:3D:EE:D8:83:C2:A6:90:CE:54:82:9B:48:F9:D7:8C:D7:B2:5F:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ez3u2IPCppDOVIKbSPnXjNeyX9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/4GeQc9KQXXi6xI1vB_7_1xuddrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c44409-a65d-4b8a-bfea-4bedd3bd6ea1/1/Ez3u2IPCppDOVIKbSPnXjNeyX9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.144.0/21
                IPv6:
                  2a01:58c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:15:f4:a2:6f:01:cb:d8:d4:66:df:5e:7e:3c:c7:5f:32:e8:
         5b:b3:bd:50:8c:05:00:f4:76:0d:a1:da:03:71:71:6a:94:01:
         ec:23:aa:4a:82:e3:0b:b7:c7:35:33:bd:1b:aa:29:4e:a6:ae:
         d6:ab:b1:08:af:0c:cf:fd:8b:2e:ff:dc:ef:f3:f5:a4:b8:50:
         b2:72:79:2f:af:e9:8b:27:36:b2:4d:5f:b1:0f:62:a8:0e:94:
         7e:56:be:f1:e3:b4:8f:cf:b5:b6:ad:84:fe:9b:0a:5f:f3:6d:
         1c:72:31:2b:13:93:c4:88:ae:f6:9e:50:4b:99:de:19:1a:07:
         c1:89:e3:75:48:84:f3:7c:d6:cc:6f:2e:83:94:db:0d:c6:9d:
         dd:69:f1:6e:7b:2f:db:b8:61:8a:c1:15:96:cb:f4:76:8b:36:
         d1:8f:c7:a0:c1:4d:0e:f1:b0:10:8e:74:9b:81:83:d9:ce:36:
         00:f9:5e:be:bc:20:47:30:f8:b4:96:92:9a:92:1c:f5:0c:46:
         25:69:3b:22:79:ee:9d:3f:e9:76:07:1b:1b:cf:92:ac:b9:fb:
         91:32:27:64:f5:5e:d0:80:0b:52:48:f6:33:d2:9b:b4:74:d1:
         61:28:ee:17:ad:24:3e:b1:ca:ec:61:be:57:5f:18:44:2d:7f:
         e4:ad:b9:3b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaEe94nmLOgNexiZ9GZGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzM2RlZWQ4ODNjMmE2OTBjZTU0ODI5YjQ4ZjlkNzhjZDdi
MjVmZDcwHhcNMjUwMTAxMDU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDY3OTA3M2QyOTA1ZDc4YmFjNDhkNmYwN2ZlZmZkNzFiOWQ3NmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4luMU7sMPNq8ZXSn0ujkMMcRz78N
zl0xGEt76U7hk3NydHKUVhN+Y1sQXFnG8kyPA1XbhOVW4+/zoHoI2ZsKCoQuiqiH
96q5YAvu9chAtb+X/kPLrvfvmpVyumuTYPd7UX4lll+CCdatQkP1L/WKtIggMGtf
mrf2/V/sXzrYizHjfKf8jK003GGbABqJ+zMCw+zQvmfdD/oY6OCJkne8y1ZrsUVB
KgzLO35c8rg+WevOVg+Mb4oClxpX+1CUWqUbMU1Dnwt2mYZvlfEqjuX9wPiOWvAY
kEaFkBYqlVLTs/4JT0y3S41XkdPI7FYtr22rko2mjH5M07z8vCPDzIVGpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOBnkHPSkF14usSNbwf+/9cbnXawMB8GA1UdIwQY
MBaAFBM97tiDwqaQzlSCm0j514zXsl/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXozdTJJUENwcERPVklLYlNQblhqTmV5WDljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jNDQ0MDktYTY1ZC00YjhhLWJmZWEt
NGJlZGQzYmQ2ZWExLzEvNEdlUWM5S1FYWGk2eEkxdkJfN18xeHVkZHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jNDQ0MDktYTY1ZC00YjhhLWJmZWEtNGJlZGQzYmQ2ZWEx
LzEvRXozdTJJUENwcERPVklLYlNQblhqTmV5WDljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWRyQMA0E
AgACMAcDBQAqAVjAMA0GCSqGSIb3DQEBCwUAA4IBAQAyFfSibwHL2NRm315+PMdf
Muhbs71QjAUA9HYNodoDcXFqlAHsI6pKguMLt8c1M70bqilOpq7Wq7EIrwzP/Ysu
/9zv8/WkuFCycnkvr+mLJzayTV+xD2KoDpR+Vr7x47SPz7W2rYT+mwpf820ccjEr
E5PEiK72nlBLmd4ZGgfBieN1SITzfNbMby6DlNsNxp3dafFuey/buGGKwRWWy/R2
izbRj8egwU0O8bAQjnSbgYPZzjYA+V6+vCBHMPi0lpKakhz1DEYlaTsiee6dP+l2
Bxsbz5KsufuRMidk9V7QgAtSSPYz0pu0dNFhKO4XrSQ+scrsYb5XXxhELX/krbk7
-----END CERTIFICATE-----