Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/fPjaiW_RQVaw1K0jco_QmLpGo5s.roa
File:                     fPjaiW_RQVaw1K0jco_QmLpGo5s.roa (raw, json)
Hash identifier:          agQGyFSnSoUI1Vx0MTRN/i+hHcE0hyBre8ShGUX7keA=
Subject key identifier:   7C:F8:DA:89:6F:D1:41:56:B0:D4:AD:23:72:8F:D0:98:BA:46:A3:9B
Certificate issuer:       /CN=f82554a856a422b061ae64c577630f91d408cd4a
Certificate serial:       01942067E1A40153495960A2947C273EC9D6
Authority key identifier: F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/fPjaiW_RQVaw1K0jco_QmLpGo5s.roa
Signing time:             Wed 01 Jan 2025 05:47:46 +0000
ROA not before:           Wed 01 Jan 2025 05:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39421
IP address blocks:        89.234.190.0/24 maxlen: 24
                          2a00:5880:1800::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e1:a4:01:53:49:59:60:a2:94:7c:27:3e:c9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f82554a856a422b061ae64c577630f91d408cd4a
        Validity
            Not Before: Jan  1 05:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cf8da896fd14156b0d4ad23728fd098ba46a39b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b4:6c:8f:89:d8:95:cc:ec:40:52:d8:3e:4d:
                    79:f7:98:8f:f8:77:30:d9:3c:88:fa:b1:d0:22:81:
                    88:2a:42:bc:64:41:73:1b:83:65:99:3b:4a:55:ac:
                    58:0f:ce:36:0a:f4:0e:1e:d3:ac:83:97:9a:13:c6:
                    26:69:60:f7:72:c5:4e:b4:9c:4c:20:52:e1:4e:3a:
                    01:9a:20:60:54:3c:93:d0:83:52:49:a1:61:1f:a6:
                    ce:47:7a:1c:44:7f:64:11:af:e0:ec:07:19:17:20:
                    b5:32:92:ed:c8:80:0c:30:ea:74:89:1b:b9:8d:d0:
                    81:9e:24:75:bb:7d:5d:01:38:70:0f:a9:f0:25:78:
                    51:1b:ff:e8:ac:8a:ed:78:9e:bd:51:72:0e:19:4d:
                    fd:d2:d3:5d:b2:de:e2:00:e7:7c:50:22:dd:b1:f5:
                    25:fd:fb:73:c2:e8:56:bd:a2:53:35:ff:f9:82:55:
                    38:5a:91:92:c5:dc:f1:0d:8a:0b:92:70:b4:f3:25:
                    3b:11:72:52:aa:d9:e6:92:40:18:a8:82:87:5d:63:
                    86:43:4a:69:45:4c:80:c5:e3:35:af:4f:8b:ef:03:
                    64:ab:dc:72:74:a0:5b:1a:65:86:fd:cc:57:5a:be:
                    4f:94:7f:47:dc:b7:c9:c7:70:7d:ea:69:eb:75:f4:
                    ba:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F8:DA:89:6F:D1:41:56:B0:D4:AD:23:72:8F:D0:98:BA:46:A3:9B
            X509v3 Authority Key Identifier:
                keyid:F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/fPjaiW_RQVaw1K0jco_QmLpGo5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.234.190.0/24
                IPv6:
                  2a00:5880:1800::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:eb:58:fe:3e:81:db:70:fe:a0:81:b7:34:fe:1a:0e:7a:ab:
         65:53:18:3a:fa:ee:26:1f:28:e7:b2:be:ce:c0:39:cc:19:0a:
         d1:3b:f8:f4:25:85:74:35:66:06:09:21:c8:a5:84:ae:6c:c8:
         93:f4:2a:0a:b3:88:1d:0f:d3:0d:54:38:a1:e6:0f:5d:61:4a:
         54:e6:85:40:ed:96:06:2d:f1:3c:99:f7:9d:ee:98:b6:c6:69:
         f3:94:dd:3e:e8:4d:53:6d:b4:d9:fc:eb:16:7b:52:07:c6:7f:
         df:fe:9d:00:38:a8:19:8a:5d:fe:5c:cc:36:21:a4:99:41:1a:
         84:05:b4:40:e4:0f:c6:9b:8a:ce:f6:5d:06:4c:18:06:93:43:
         4f:08:d5:8b:de:15:d2:c8:2d:e4:39:1b:00:8c:4e:fe:71:a9:
         4e:70:e8:38:f5:f2:55:f8:14:ff:27:cb:17:4f:76:25:94:ee:
         43:ad:9e:b8:fb:54:64:2d:12:95:b0:32:46:e4:e6:36:19:9f:
         ef:d8:ee:fa:ec:cd:fc:46:e0:4a:f1:5e:5b:54:57:14:d3:a1:
         5b:f3:b8:d5:4d:a6:2c:7a:f3:d0:84:f5:75:13:ca:02:cb:80:
         8c:c2:ed:66:ca:a5:99:5c:6d:ed:87:eb:df:b5:a6:53:ce:c7:
         7f:8a:d3:df
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQgZ+GkAVNJWWCilHwnPsnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjU1NGE4NTZhNDIyYjA2MWFlNjRjNTc3NjMwZjkxZDQw
OGNkNGEwHhcNMjUwMTAxMDU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y4ZGE4OTZmZDE0MTU2YjBkNGFkMjM3MjhmZDA5OGJhNDZhMzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybRsj4nYlczsQFLYPk1595iP+Hcw
2TyI+rHQIoGIKkK8ZEFzG4NlmTtKVaxYD842CvQOHtOsg5eaE8YmaWD3csVOtJxM
IFLhTjoBmiBgVDyT0INSSaFhH6bOR3ocRH9kEa/g7AcZFyC1MpLtyIAMMOp0iRu5
jdCBniR1u31dAThwD6nwJXhRG//orIrteJ69UXIOGU390tNdst7iAOd8UCLdsfUl
/ftzwuhWvaJTNf/5glU4WpGSxdzxDYoLknC08yU7EXJSqtnmkkAYqIKHXWOGQ0pp
RUyAxeM1r0+L7wNkq9xydKBbGmWG/cxXWr5PlH9H3LfJx3B96mnrdfS6rwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFHz42olv0UFWsNStI3KP0Ji6RqObMB8GA1UdIwQY
MBaAFPglVKhWpCKwYa5kxXdjD5HUCM1KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DVlVxRmFrSXJCaHJtVEZkMk1Qa2RRSXpVby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNm
LTk2NWQ2ZDYwM2JmYS8xL2ZQamFpV19SUVZhdzFLMGpjb19RbUxwR281cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNmLTk2NWQ2ZDYwM2Jm
YS8xLzEtQ1ZVcUZha0lyQmhybVRGZDJNUGtkUUl6VW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBABZ6r4w
DwQCAAIwCQMHBCoAWIAYADANBgkqhkiG9w0BAQsFAAOCAQEADetY/j6B23D+oIG3
NP4aDnqrZVMYOvruJh8o57K+zsA5zBkK0Tv49CWFdDVmBgkhyKWErmzIk/QqCrOI
HQ/TDVQ4oeYPXWFKVOaFQO2WBi3xPJn3ne6YtsZp85TdPuhNU2202fzrFntSB8Z/
3/6dADioGYpd/lzMNiGkmUEahAW0QOQPxpuKzvZdBkwYBpNDTwjVi94V0sgt5Dkb
AIxO/nGpTnDoOPXyVfgU/yfLF092JZTuQ62euPtUZC0SlbAyRuTmNhmf79ju+uzN
/EbgSvFeW1RXFNOhW/O41U2mLHrz0IT1dRPKAsuAjMLtZsqlmVxt7Yfr37WmU87H
f4rT3w==
-----END CERTIFICATE-----