Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/CMn2soeES3hR-sK_8HvrSujpCpQ.roa
File:                     CMn2soeES3hR-sK_8HvrSujpCpQ.roa (raw, json)
Hash identifier:          VTuRr4KfXEripqS9AelciewMmdMPiSyij0Vs8ogbZ90=
Subject key identifier:   08:C9:F6:B2:87:84:4B:78:51:FA:C2:BF:F0:7B:EB:4A:E8:E9:0A:94
Certificate issuer:       /CN=21698c1cdc66dc285d0f807629c46261a88b2de7
Certificate serial:       019422FBCDB9D32D8D8C51391A9E120D3486
Authority key identifier: 21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/CMn2soeES3hR-sK_8HvrSujpCpQ.roa
Signing time:             Wed 01 Jan 2025 17:48:34 +0000
ROA not before:           Wed 01 Jan 2025 17:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        193.164.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 23:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:cd:b9:d3:2d:8d:8c:51:39:1a:9e:12:0d:34:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21698c1cdc66dc285d0f807629c46261a88b2de7
        Validity
            Not Before: Jan  1 17:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08c9f6b287844b7851fac2bff07beb4ae8e90a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:18:5d:d7:ea:9b:d9:b1:be:f3:ac:62:5f:4c:
                    7d:15:ba:8c:89:d5:e9:f9:98:17:25:ed:98:78:14:
                    6d:aa:2e:7f:80:71:a9:3e:d7:e3:c3:85:58:d5:35:
                    6e:db:03:2f:ac:5b:ef:14:87:c8:04:30:c0:51:12:
                    6f:f3:41:96:7c:73:42:f5:40:0b:d3:52:eb:1b:f8:
                    ed:fd:2c:55:71:e9:af:d7:a7:4f:bf:dd:3b:1c:7c:
                    56:6d:e5:ff:fb:e5:df:82:43:73:cb:56:f2:3a:3b:
                    4a:1f:a2:75:6e:93:fe:49:38:01:d1:36:94:24:c7:
                    94:d4:51:59:21:6e:12:c0:fe:38:7a:b5:c0:10:4e:
                    07:f1:73:5a:61:ec:e1:7a:27:37:59:26:d9:a5:6a:
                    76:1f:bd:6c:28:bb:46:4e:05:57:a9:08:44:9a:e5:
                    92:59:4d:60:b9:4d:b0:9f:61:ec:23:d6:7a:7c:b4:
                    ad:14:9a:6a:f7:db:39:36:e2:8e:47:eb:6a:99:44:
                    4e:2b:c8:23:7a:7f:09:29:b4:a9:b7:cf:58:2c:1f:
                    1c:b2:8d:75:9a:1c:78:20:91:59:c0:8b:40:bc:cc:
                    e0:bf:80:5f:8b:49:80:53:e7:e7:ab:e5:b8:09:26:
                    6f:2e:9f:13:cc:1b:67:54:ac:f6:62:4a:98:af:53:
                    b6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C9:F6:B2:87:84:4B:78:51:FA:C2:BF:F0:7B:EB:4A:E8:E9:0A:94
            X509v3 Authority Key Identifier:
                keyid:21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/CMn2soeES3hR-sK_8HvrSujpCpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:e2:fc:cf:f5:46:80:57:87:96:20:88:e3:39:0f:c7:5f:2c:
         32:05:d0:f0:e0:d5:ed:78:a7:25:04:db:1b:6f:f7:95:9f:17:
         87:1e:04:bb:e5:02:e6:34:0a:1f:0c:af:98:f4:15:9b:5c:46:
         72:f6:7e:88:cb:d3:0c:0e:62:a8:78:e2:6a:bb:14:36:36:71:
         98:4b:2b:f6:54:ef:00:40:34:29:84:a3:5e:8f:f5:fc:19:ba:
         4e:13:bb:4b:51:18:eb:7a:83:ab:09:1e:dd:e4:09:ee:80:cc:
         7b:c4:cb:f5:eb:7a:4a:9f:21:cc:81:89:55:e7:e3:4d:3c:88:
         20:f3:1f:9a:6c:d1:25:4f:44:27:15:db:c0:a7:fb:1a:16:4f:
         7c:fd:e3:55:85:06:52:50:dc:da:6e:76:04:a7:4a:c9:1c:e1:
         50:f8:22:48:bf:8d:8d:41:36:12:31:d6:95:f5:8b:84:03:a9:
         0b:f2:05:db:3e:3a:ee:84:1b:61:39:24:a6:b3:c7:1d:0c:3f:
         97:c3:3a:76:3a:47:f1:c4:ef:3e:e4:85:51:21:fa:fd:b7:69:
         77:92:67:08:ed:a6:2a:e0:7f:dd:a5:4c:6e:70:0a:a3:cb:9f:
         98:bd:74:6e:36:5b:ab:27:eb:5d:f4:e2:5c:6b:c1:3a:c2:ad:
         e1:95:86:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+8250y2NjFE5Gp4SDTSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjk4YzFjZGM2NmRjMjg1ZDBmODA3NjI5YzQ2MjYxYTg4
YjJkZTcwHhcNMjUwMTAxMTc0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGM5ZjZiMjg3ODQ0Yjc4NTFmYWMyYmZmMDdiZWI0YWU4ZTkwYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xhd1+qb2bG+86xiX0x9FbqMidXp
+ZgXJe2YeBRtqi5/gHGpPtfjw4VY1TVu2wMvrFvvFIfIBDDAURJv80GWfHNC9UAL
01LrG/jt/SxVcemv16dPv907HHxWbeX/++XfgkNzy1byOjtKH6J1bpP+STgB0TaU
JMeU1FFZIW4SwP44erXAEE4H8XNaYezheic3WSbZpWp2H71sKLtGTgVXqQhEmuWS
WU1guU2wn2HsI9Z6fLStFJpq99s5NuKOR+tqmUROK8gjen8JKbSpt89YLB8cso11
mhx4IJFZwItAvMzgv4Bfi0mAU+fnq+W4CSZvLp8TzBtnVKz2YkqYr1O2vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjJ9rKHhEt4UfrCv/B760ro6QqUMB8GA1UdIwQY
MBaAFCFpjBzcZtwoXQ+AdinEYmGoiy3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWIt
NGQ3MzczMGY3ZDMyLzEvQ01uMnNvZUVTM2hSLXNLXzhIdnJTdWpwQ3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWItNGQ3MzczMGY3ZDMy
LzEvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaRZMA0G
CSqGSIb3DQEBCwUAA4IBAQBV4vzP9UaAV4eWIIjjOQ/HXywyBdDw4NXteKclBNsb
b/eVnxeHHgS75QLmNAofDK+Y9BWbXEZy9n6Iy9MMDmKoeOJquxQ2NnGYSyv2VO8A
QDQphKNej/X8GbpOE7tLURjreoOrCR7d5AnugMx7xMv163pKnyHMgYlV5+NNPIgg
8x+abNElT0QnFdvAp/saFk98/eNVhQZSUNzabnYEp0rJHOFQ+CJIv42NQTYSMdaV
9YuEA6kL8gXbPjruhBthOSSms8cdDD+Xwzp2OkfxxO8+5IVRIfr9t2l3kmcI7aYq
4H/dpUxucAqjy5+YvXRuNlurJ+td9OJca8E6wq3hlYYM
-----END CERTIFICATE-----