Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/YRU1Ojg5qyXEoXOhvO7oLvQPC8c.roa
File:                     YRU1Ojg5qyXEoXOhvO7oLvQPC8c.roa (raw, json)
Hash identifier:          TDJgwlET1jOQj6C/tybMD3s4rcsYrcr30h1aS7JqjFc=
Subject key identifier:   61:15:35:3A:38:39:AB:25:C4:A1:73:A1:BC:EE:E8:2E:F4:0F:0B:C7
Certificate issuer:       /CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
Certificate serial:       019485C326D11769FC50CC29E1EF109A1DD8
Authority key identifier: B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/YRU1Ojg5qyXEoXOhvO7oLvQPC8c.roa
Signing time:             Mon 20 Jan 2025 22:09:06 +0000
ROA not before:           Mon 20 Jan 2025 22:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40964
IP address blocks:        89.107.129.0/24 maxlen: 24
                          89.107.134.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:85:c3:26:d1:17:69:fc:50:cc:29:e1:ef:10:9a:1d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
        Validity
            Not Before: Jan 20 22:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6115353a3839ab25c4a173a1bceee82ef40f0bc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b4:80:6f:c5:e9:a2:ab:6d:61:44:ad:a2:00:
                    b7:cd:21:a7:52:67:41:bc:5d:36:16:0d:86:3e:fa:
                    65:d0:8d:5c:9c:e4:f1:89:d4:11:47:83:90:68:92:
                    c4:1e:8d:10:e1:71:60:70:d9:f3:66:db:1d:c9:5d:
                    53:60:54:0c:0b:63:e3:f1:4b:b0:f5:5e:89:43:59:
                    e7:4b:72:e8:36:af:52:f0:81:39:c5:24:52:e7:09:
                    8e:58:48:30:0b:b7:30:5d:c5:6b:3c:50:67:ef:d2:
                    6b:c4:33:83:bd:f7:5c:5a:f0:2e:61:3c:e0:47:4e:
                    96:8f:87:96:1d:da:07:d6:f0:ec:55:4f:19:56:ba:
                    15:17:29:86:5c:ca:43:fe:0a:e1:f3:0c:b2:fe:fa:
                    04:ec:39:3b:52:70:24:c3:e4:53:1f:d2:3e:1c:b9:
                    b2:bf:87:cb:d4:96:9f:be:b2:3c:01:55:7b:c0:76:
                    66:e4:c8:95:fb:6d:ec:ba:05:34:22:3b:12:46:10:
                    4e:35:13:47:b7:90:0a:cf:9b:ba:aa:9a:b8:02:0a:
                    9e:e7:cc:be:ed:7e:54:94:f0:dd:ce:a4:db:d4:18:
                    87:26:44:a6:7b:aa:72:02:18:b4:91:a9:14:23:4c:
                    b6:b9:d6:6f:6d:2d:83:cc:6f:36:1e:cc:a6:23:a3:
                    a4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:15:35:3A:38:39:AB:25:C4:A1:73:A1:BC:EE:E8:2E:F4:0F:0B:C7
            X509v3 Authority Key Identifier:
                keyid:B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/YRU1Ojg5qyXEoXOhvO7oLvQPC8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.129.0/24
                  89.107.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:fe:3e:6f:4a:64:ff:7f:94:ea:a0:95:2a:f8:5f:87:88:18:
         d5:a0:4e:65:03:a2:09:92:b2:ab:86:6d:89:bf:26:f4:27:60:
         50:73:a6:46:9d:7d:33:e4:23:1f:4d:8e:de:bf:62:46:62:5c:
         6a:95:3b:c4:2a:e5:58:2a:db:b5:d8:eb:39:ea:10:7f:d2:85:
         03:f4:9a:d6:63:b6:0f:11:d1:f8:36:aa:4f:c7:bf:16:f3:6a:
         3a:86:4c:d5:22:8a:df:15:6b:52:ce:e8:c1:d9:bd:fd:82:14:
         03:e2:2c:e5:cd:dc:25:4e:79:21:4c:c3:fa:1f:c1:14:e7:27:
         d2:1b:ae:3d:55:b9:0c:84:af:33:31:e0:16:db:06:e7:e5:f4:
         ea:11:d6:c6:fe:b3:a7:40:20:eb:32:bd:f3:74:a9:1c:bf:1e:
         58:9c:0c:22:f4:31:c8:e3:25:dc:b4:f3:dd:bf:8f:4f:99:8c:
         d5:c6:c6:e2:a9:d6:4f:96:f1:b5:fc:10:ec:b3:76:49:8b:09:
         c1:c7:a1:cf:74:0a:df:c5:40:ec:b4:dc:08:e0:89:08:e2:f6:
         9c:6e:52:4d:f8:ce:08:21:84:c4:0a:72:40:ff:fe:65:3c:12:
         ad:98:bb:47:b1:4c:a6:95:ad:9f:e3:3d:76:e8:cf:29:87:e5:
         e7:51:92:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSFwybRF2n8UMwp4e8Qmh3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZGQzNWNjZmY2YzJiODZhMWZhZDhmMTAzYmMyMDA3MGQw
OWU1MGQwHhcNMjUwMTIwMjIwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTE1MzUzYTM4MzlhYjI1YzRhMTczYTFiY2VlZTgyZWY0MGYwYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbSAb8XpoqttYUStogC3zSGnUmdB
vF02Fg2GPvpl0I1cnOTxidQRR4OQaJLEHo0Q4XFgcNnzZtsdyV1TYFQMC2Pj8Uuw
9V6JQ1nnS3LoNq9S8IE5xSRS5wmOWEgwC7cwXcVrPFBn79JrxDODvfdcWvAuYTzg
R06Wj4eWHdoH1vDsVU8ZVroVFymGXMpD/grh8wyy/voE7Dk7UnAkw+RTH9I+HLmy
v4fL1JafvrI8AVV7wHZm5MiV+23sugU0IjsSRhBONRNHt5AKz5u6qpq4Agqe58y+
7X5UlPDdzqTb1BiHJkSme6pyAhi0kakUI0y2udZvbS2DzG82HsymI6OkcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGEVNTo4OaslxKFzobzu6C70DwvHMB8GA1UdIwQY
MBaAFLPdNcz/bCuGofrY8QO8IAcNCeUNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEt
MmIxMDUwNTFiYTU5LzEvWVJVMU9qZzVxeVhFb1hPaHZPN29MdlFQQzhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEtMmIxMDUwNTFiYTU5
LzEvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWuBAwQB
WWuGMA0GCSqGSIb3DQEBCwUAA4IBAQAW/j5vSmT/f5TqoJUq+F+HiBjVoE5lA6IJ
krKrhm2Jvyb0J2BQc6ZGnX0z5CMfTY7ev2JGYlxqlTvEKuVYKtu12Os56hB/0oUD
9JrWY7YPEdH4NqpPx78W82o6hkzVIorfFWtSzujB2b39ghQD4izlzdwlTnkhTMP6
H8EU5yfSG649VbkMhK8zMeAW2wbn5fTqEdbG/rOnQCDrMr3zdKkcvx5YnAwi9DHI
4yXctPPdv49PmYzVxsbiqdZPlvG1/BDss3ZJiwnBx6HPdArfxUDstNwI4IkI4vac
blJN+M4IIYTECnJA//5lPBKtmLtHsUymla2f4z126M8ph+XnUZLN
-----END CERTIFICATE-----