Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/8yyknMa8Qa7eji2_-25NgjHMwAs.roa
File:                     8yyknMa8Qa7eji2_-25NgjHMwAs.roa (raw, json)
Hash identifier:          6EA1L4yNjiFkAAM6t2iZAA7ze8SV3lMCUhKNPg3vBUQ=
Subject key identifier:   F3:2C:A4:9C:C6:BC:41:AE:DE:8E:2D:BF:FB:6E:4D:82:31:CC:C0:0B
Certificate issuer:       /CN=f82554a856a422b061ae64c577630f91d408cd4a
Certificate serial:       01942067E59060D18337DF30FB982AFBA2FD
Authority key identifier: F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/8yyknMa8Qa7eji2_-25NgjHMwAs.roa
Signing time:             Wed 01 Jan 2025 05:47:47 +0000
ROA not before:           Wed 01 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207849
IP address blocks:        89.234.168.0/22 maxlen: 22
                          2a00:5881:b100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e5:90:60:d1:83:37:df:30:fb:98:2a:fb:a2:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f82554a856a422b061ae64c577630f91d408cd4a
        Validity
            Not Before: Jan  1 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f32ca49cc6bc41aede8e2dbffb6e4d8231ccc00b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cb:5b:3b:85:ea:31:d7:bf:d1:56:6e:8d:91:
                    eb:89:ef:33:50:80:5c:31:ca:f8:96:88:ad:cb:97:
                    cb:2c:13:bf:17:7f:3c:ed:69:73:f2:4b:e2:c5:2b:
                    51:3d:66:6e:82:d9:2c:7a:4c:be:9c:30:2a:c2:fd:
                    a5:bb:1b:e3:2f:e3:c0:30:3a:71:a0:e7:a8:cd:42:
                    91:8d:3b:d0:a7:ff:d7:43:53:64:09:c9:9c:73:42:
                    ad:eb:a0:9d:ae:41:1d:44:91:71:d1:63:d2:c2:08:
                    55:3b:83:f8:2f:91:4d:a0:67:de:0a:11:9a:6b:81:
                    33:31:38:10:05:04:8b:0f:25:c2:bd:65:bc:1e:4d:
                    62:b9:8e:81:b3:bf:4a:1d:86:06:f3:5a:02:a5:69:
                    1f:1f:5b:2e:b6:03:32:5f:11:84:9c:ad:e2:8b:08:
                    39:66:2f:c3:25:70:92:1e:89:e9:f5:5f:a1:fc:db:
                    5a:d3:09:70:5c:2d:65:d2:2f:5a:b1:22:7f:4c:c7:
                    5c:f1:4f:1b:9d:c7:b0:69:94:15:1c:d6:47:2f:c9:
                    ff:71:e7:1f:0f:91:c5:88:05:90:83:41:87:13:fb:
                    ba:cb:22:ad:db:2d:80:df:4e:a5:29:17:44:fb:a2:
                    84:ee:2e:b9:55:b4:e3:ee:1f:fa:28:d8:2c:02:b6:
                    e9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2C:A4:9C:C6:BC:41:AE:DE:8E:2D:BF:FB:6E:4D:82:31:CC:C0:0B
            X509v3 Authority Key Identifier:
                keyid:F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/8yyknMa8Qa7eji2_-25NgjHMwAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.234.168.0/22
                IPv6:
                  2a00:5881:b100::/40

    Signature Algorithm: sha256WithRSAEncryption
         1a:8a:a1:54:be:a5:f5:a8:8d:42:b6:ac:9c:3c:0c:a2:7c:11:
         68:f6:c1:e5:c6:f0:2d:c8:85:72:11:9a:37:bd:ab:24:69:3f:
         5c:f9:8a:80:ad:db:64:b1:16:b5:63:ac:0c:32:52:60:1b:40:
         a9:f8:29:63:08:3e:fa:db:27:ba:50:c6:19:a6:f3:06:38:5a:
         3b:83:98:09:d9:34:fe:e2:2e:55:58:2a:b6:8b:e6:a3:73:ba:
         73:06:79:10:4d:9d:b6:b5:f1:43:6c:c2:7b:1a:5e:af:49:a0:
         9d:12:02:72:4c:47:1f:e8:e7:e2:14:36:9c:35:96:c8:30:09:
         d8:21:9e:68:41:66:c4:86:71:3d:28:0f:a0:bc:25:0a:1a:e0:
         05:96:6e:a0:76:e6:8e:62:1e:d9:66:dc:24:4b:04:9e:99:e4:
         43:65:1f:d9:0b:fc:bc:98:8a:99:16:1f:19:25:6e:c6:63:01:
         bf:49:64:af:4f:0b:dd:2d:2a:93:a8:b2:df:30:a0:ef:63:83:
         b3:30:6f:c8:89:db:b0:23:51:14:15:f9:1d:39:cb:e3:75:b4:
         4f:a5:b4:c6:00:53:27:67:cb:37:3b:ce:80:88:d6:2d:df:18:
         18:31:b2:69:ce:f0:9e:cb:8c:8a:4d:7a:e0:5d:85:a6:5f:d8:
         65:bc:8a:95
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQgZ+WQYNGDN98w+5gq+6L9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjU1NGE4NTZhNDIyYjA2MWFlNjRjNTc3NjMwZjkxZDQw
OGNkNGEwHhcNMjUwMTAxMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzJjYTQ5Y2M2YmM0MWFlZGU4ZTJkYmZmYjZlNGQ4MjMxY2NjMDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAostbO4XqMde/0VZujZHrie8zUIBc
Mcr4loity5fLLBO/F3887Wlz8kvixStRPWZugtkseky+nDAqwv2luxvjL+PAMDpx
oOeozUKRjTvQp//XQ1NkCcmcc0Kt66CdrkEdRJFx0WPSwghVO4P4L5FNoGfeChGa
a4EzMTgQBQSLDyXCvWW8Hk1iuY6Bs79KHYYG81oCpWkfH1sutgMyXxGEnK3iiwg5
Zi/DJXCSHonp9V+h/Nta0wlwXC1l0i9asSJ/TMdc8U8bncewaZQVHNZHL8n/cecf
D5HFiAWQg0GHE/u6yyKt2y2A306lKRdE+6KE7i65VbTj7h/6KNgsArbphwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPMspJzGvEGu3o4tv/tuTYIxzMALMB8GA1UdIwQY
MBaAFPglVKhWpCKwYa5kxXdjD5HUCM1KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DVlVxRmFrSXJCaHJtVEZkMk1Qa2RRSXpVby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNm
LTk2NWQ2ZDYwM2JmYS8xLzh5eWtuTWE4UWE3ZWppMl8tMjVOZ2pITXdBcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNmLTk2NWQ2ZDYwM2Jm
YS8xLzEtQ1ZVcUZha0lyQmhybVRGZDJNUGtkUUl6VW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLwYIKwYBBQUHAQcBAf8EIDAeMAwEAgABMAYDBAJZ6qgw
DgQCAAIwCAMGACoAWIGxMA0GCSqGSIb3DQEBCwUAA4IBAQAaiqFUvqX1qI1Ctqyc
PAyifBFo9sHlxvAtyIVyEZo3vaskaT9c+YqArdtksRa1Y6wMMlJgG0Cp+CljCD76
2ye6UMYZpvMGOFo7g5gJ2TT+4i5VWCq2i+ajc7pzBnkQTZ22tfFDbMJ7Gl6vSaCd
EgJyTEcf6OfiFDacNZbIMAnYIZ5oQWbEhnE9KA+gvCUKGuAFlm6gduaOYh7ZZtwk
SwSemeRDZR/ZC/y8mIqZFh8ZJW7GYwG/SWSvTwvdLSqTqLLfMKDvY4OzMG/Iiduw
I1EUFfkdOcvjdbRPpbTGAFMnZ8s3O86AiNYt3xgYMbJpzvCey4yKTXrgXYWmX9hl
vIqV
-----END CERTIFICATE-----