Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/4mzcp9MGPOcBj8vWEpghNUUZwrg.roa
File:                     4mzcp9MGPOcBj8vWEpghNUUZwrg.roa (raw, json)
Hash identifier:          FMPgZ78dma8cFYdFXzHOT5nVPlXdvUP/dSywWfkO/HA=
Subject key identifier:   E2:6C:DC:A7:D3:06:3C:E7:01:8F:CB:D6:12:98:21:35:45:19:C2:B8
Certificate issuer:       /CN=ef678469574acc03d782e63281ff44faaab3f847
Certificate serial:       0194258F6FE8831D45930875759BFBB951C4
Authority key identifier: EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/4mzcp9MGPOcBj8vWEpghNUUZwrg.roa
Signing time:             Thu 02 Jan 2025 05:49:04 +0000
ROA not before:           Thu 02 Jan 2025 05:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208037
IP address blocks:        89.232.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6f:e8:83:1d:45:93:08:75:75:9b:fb:b9:51:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef678469574acc03d782e63281ff44faaab3f847
        Validity
            Not Before: Jan  2 05:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e26cdca7d3063ce7018fcbd6129821354519c2b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:18:b5:d0:6f:70:fd:ca:5c:0d:a7:3a:cd:fe:
                    8d:d3:3b:2a:7b:42:c1:a6:ed:9e:c9:cf:85:cf:ae:
                    42:b4:d3:da:1f:f3:41:ae:26:e1:8f:d0:ca:3b:5d:
                    4e:8c:a2:94:a7:3b:57:a4:47:6f:d1:7f:8a:33:39:
                    c1:94:1f:08:a9:be:51:30:d0:51:8b:c2:c3:b2:14:
                    c7:0c:47:68:2f:0f:aa:ce:86:8c:13:dc:e9:17:c5:
                    76:11:8b:be:05:25:55:b9:b5:57:e5:e2:c4:4e:0e:
                    ba:de:07:c0:ac:a4:2c:f0:37:93:8f:2d:eb:46:24:
                    50:55:be:ae:24:60:fd:d1:04:3c:59:d9:8d:39:42:
                    d8:8f:78:46:ff:50:c1:26:6f:41:5f:8e:60:81:e5:
                    d4:00:63:17:fd:2e:35:2a:9e:fb:13:5a:07:5b:25:
                    72:5c:08:ac:1d:ed:bf:96:54:dd:37:95:eb:8a:62:
                    a7:71:0e:a9:b3:c8:99:8c:0a:9d:f5:40:38:bb:dc:
                    df:cf:2d:a1:21:c6:9b:ca:b0:47:61:d7:68:12:eb:
                    3c:ec:6d:d0:62:69:77:0a:52:1b:2d:53:3b:32:7f:
                    97:2b:b7:92:0d:71:1c:6b:73:22:b5:36:bd:f1:9c:
                    82:43:a7:25:46:8d:68:5e:49:9f:b7:e7:f2:eb:37:
                    87:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:6C:DC:A7:D3:06:3C:E7:01:8F:CB:D6:12:98:21:35:45:19:C2:B8
            X509v3 Authority Key Identifier:
                keyid:EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/4mzcp9MGPOcBj8vWEpghNUUZwrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.232.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:c2:88:2e:60:0d:64:9a:df:a0:bc:8d:48:67:b9:b9:bb:f7:
         5b:e1:40:de:96:1d:c3:89:8d:4f:9b:53:b9:88:be:3f:91:d7:
         7c:77:3e:55:37:d8:91:9f:26:2e:95:f3:0c:47:f5:a4:d0:de:
         6a:35:20:05:ef:76:99:f8:76:42:c8:64:43:e1:88:fc:f7:08:
         ad:f1:31:99:58:85:90:32:d2:9b:be:59:70:82:ba:01:1a:bf:
         21:da:c7:ac:d3:8b:ee:4a:ee:d3:94:c6:30:6a:a9:5d:28:88:
         bb:75:71:d1:c3:fa:a8:0b:b6:ef:b3:05:fa:79:8f:a0:b9:b8:
         60:b7:77:05:6e:ec:0f:16:15:da:1e:35:18:8e:14:54:dc:4b:
         a0:c1:77:cd:89:cd:b9:c7:79:2a:59:34:6c:19:55:b4:fa:4a:
         36:a5:0c:e9:ea:1b:14:37:9a:88:14:3f:f8:e8:75:58:1b:5f:
         17:3d:94:7d:cf:c5:e1:c0:48:2b:02:66:72:bd:63:2f:e1:dc:
         cc:29:e8:2a:fd:6e:35:b1:54:e9:44:23:99:60:da:34:86:ee:
         56:55:7d:e2:a2:1c:4e:db:81:37:e7:35:a2:ad:3c:e4:8d:a1:
         41:48:a3:16:91:1b:aa:3a:eb:67:51:cb:8c:28:f2:54:63:64:
         fc:12:1d:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj2/ogx1Fkwh1dZv7uVHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNjc4NDY5NTc0YWNjMDNkNzgyZTYzMjgxZmY0NGZhYWFi
M2Y4NDcwHhcNMjUwMTAyMDU0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjZjZGNhN2QzMDYzY2U3MDE4ZmNiZDYxMjk4MjEzNTQ1MTljMmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRi10G9w/cpcDac6zf6N0zsqe0LB
pu2eyc+Fz65CtNPaH/NBribhj9DKO11OjKKUpztXpEdv0X+KMznBlB8Iqb5RMNBR
i8LDshTHDEdoLw+qzoaME9zpF8V2EYu+BSVVubVX5eLETg663gfArKQs8DeTjy3r
RiRQVb6uJGD90QQ8WdmNOULYj3hG/1DBJm9BX45ggeXUAGMX/S41Kp77E1oHWyVy
XAisHe2/llTdN5XrimKncQ6ps8iZjAqd9UA4u9zfzy2hIcabyrBHYddoEus87G3Q
Yml3ClIbLVM7Mn+XK7eSDXEca3MitTa98ZyCQ6clRo1oXkmft+fy6zeH1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJs3KfTBjznAY/L1hKYITVFGcK4MB8GA1UdIwQY
MBaAFO9nhGlXSswD14LmMoH/RPqqs/hHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzJlRWFWZEt6QVBYZ3VZeWdmOUUtcXF6LUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iNDY3M2ItMjEwYi00ZTVhLTg3NmEt
ZGMwNTllNjliMWQwLzEvNG16Y3A5TUdQT2NCajh2V0VwZ2hOVVVad3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iNDY3M2ItMjEwYi00ZTVhLTg3NmEtZGMwNTllNjliMWQw
LzEvNzJlRWFWZEt6QVBYZ3VZeWdmOUUtcXF6LUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWeisMA0G
CSqGSIb3DQEBCwUAA4IBAQBVwoguYA1kmt+gvI1IZ7m5u/db4UDelh3DiY1Pm1O5
iL4/kdd8dz5VN9iRnyYulfMMR/Wk0N5qNSAF73aZ+HZCyGRD4Yj89wit8TGZWIWQ
MtKbvllwgroBGr8h2ses04vuSu7TlMYwaqldKIi7dXHRw/qoC7bvswX6eY+gubhg
t3cFbuwPFhXaHjUYjhRU3EugwXfNic25x3kqWTRsGVW0+ko2pQzp6hsUN5qIFD/4
6HVYG18XPZR9z8XhwEgrAmZyvWMv4dzMKegq/W41sVTpRCOZYNo0hu5WVX3iohxO
24E35zWirTzkjaFBSKMWkRuqOutnUcuMKPJUY2T8Eh2R
-----END CERTIFICATE-----