Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/zTLxL4slk5kZQfWpH_PY-TD7nNM.roa
File:                     zTLxL4slk5kZQfWpH_PY-TD7nNM.roa (raw, json)
Hash identifier:          tzDHOIgeKhCjAOTBNpSwMn6WduYNfsmvzrDJbeHe5/Y=
Subject key identifier:   CD:32:F1:2F:8B:25:93:99:19:41:F5:A9:1F:F3:D8:F9:30:FB:9C:D3
Certificate issuer:       /CN=f82554a856a422b061ae64c577630f91d408cd4a
Certificate serial:       01942067E37AD84FF165196B9687EB274C67
Authority key identifier: F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/zTLxL4slk5kZQfWpH_PY-TD7nNM.roa
Signing time:             Wed 01 Jan 2025 05:47:46 +0000
ROA not before:           Wed 01 Jan 2025 05:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197922
IP address blocks:        89.234.142.0/23 maxlen: 23
                          89.234.148.0/24 maxlen: 24
                          89.234.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e3:7a:d8:4f:f1:65:19:6b:96:87:eb:27:4c:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f82554a856a422b061ae64c577630f91d408cd4a
        Validity
            Not Before: Jan  1 05:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd32f12f8b2593991941f5a91ff3d8f930fb9cd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:37:ee:0f:d0:c9:5b:68:4f:e0:fe:a6:04:76:
                    b8:bd:cd:7a:b0:f9:61:ba:36:29:8f:ac:a8:dc:70:
                    97:b2:1f:85:8f:6f:30:e4:8e:45:9f:14:84:1b:92:
                    3a:d0:68:71:48:7c:1c:19:eb:64:d6:70:ab:16:91:
                    8d:14:2b:72:61:ec:f6:ca:07:34:ee:e3:ac:3c:92:
                    6f:72:8d:ce:45:17:8a:f0:9f:4a:f8:0b:5b:1d:c4:
                    32:66:31:35:5c:85:8d:c1:88:70:0f:b9:33:c8:a4:
                    93:2f:37:fc:5c:d0:c4:cf:ad:6a:b8:ba:c1:d5:5c:
                    ce:8a:96:ee:62:8a:09:10:e7:71:33:93:fe:5b:c6:
                    67:80:72:36:74:59:f3:83:b3:01:04:23:d5:36:ff:
                    13:af:f1:b1:5b:42:8e:51:b7:19:9c:bc:6a:43:03:
                    7d:75:03:d0:3e:f8:f9:2a:ee:84:13:ef:2f:57:82:
                    7f:7c:87:79:71:9b:cc:10:35:61:8e:2b:8d:1a:61:
                    80:f2:49:0e:7b:85:4c:30:1b:22:a3:1d:3f:40:2b:
                    dd:c1:dd:fb:79:73:10:d1:36:c2:f9:7c:a4:f4:15:
                    d1:ae:da:33:ea:d4:79:82:b6:ed:fc:d4:0d:01:c2:
                    03:85:c9:7b:4c:0b:62:58:42:01:2a:1c:e7:87:3d:
                    3f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:32:F1:2F:8B:25:93:99:19:41:F5:A9:1F:F3:D8:F9:30:FB:9C:D3
            X509v3 Authority Key Identifier:
                keyid:F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/zTLxL4slk5kZQfWpH_PY-TD7nNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.234.142.0/23
                  89.234.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:45:b2:e0:fa:85:3f:80:c5:22:25:a0:c1:3e:d3:f7:38:29:
         4c:5c:fc:c3:82:ed:56:8c:19:ef:f6:5c:f2:db:97:7f:40:44:
         3a:b4:90:d9:93:04:13:07:8f:ac:98:24:bd:b5:40:1b:d3:7f:
         0e:eb:be:e8:84:23:48:72:e0:36:57:d9:cb:27:35:7f:5d:87:
         ce:0c:40:aa:c1:83:65:43:c0:e2:e4:55:48:4c:dd:2e:3c:72:
         19:5a:a4:b7:6e:18:2c:33:b2:db:ab:ef:2c:4c:10:69:ad:ee:
         a8:f3:0e:2d:d7:67:13:d7:0f:94:88:87:32:c1:54:36:69:bf:
         79:20:36:9f:99:d1:cd:b8:76:48:7d:18:f4:2a:4e:91:ee:3f:
         59:cd:6c:77:83:f3:04:5a:3e:1e:c0:41:56:5a:81:05:6f:4f:
         ae:11:a4:37:3b:37:fe:41:6d:04:e7:c5:15:b8:34:46:2c:c0:
         d3:77:53:91:c2:8f:2f:48:f9:e9:ed:68:87:79:c2:1b:e9:a9:
         2e:56:51:db:2d:02:64:f5:ce:29:77:63:56:b5:01:1f:b7:2a:
         19:b6:b5:fa:a4:b1:6d:c0:63:7f:e3:cb:dd:3b:f1:c7:83:6d:
         68:02:46:f7:59:fa:d6:7b:6d:6a:d7:94:32:04:22:9e:c0:3b:
         41:2d:6a:c5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQgZ+N62E/xZRlrlofrJ0xnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjU1NGE4NTZhNDIyYjA2MWFlNjRjNTc3NjMwZjkxZDQw
OGNkNGEwHhcNMjUwMTAxMDU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDMyZjEyZjhiMjU5Mzk5MTk0MWY1YTkxZmYzZDhmOTMwZmI5Y2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDfuD9DJW2hP4P6mBHa4vc16sPlh
ujYpj6yo3HCXsh+Fj28w5I5FnxSEG5I60GhxSHwcGetk1nCrFpGNFCtyYez2ygc0
7uOsPJJvco3ORReK8J9K+AtbHcQyZjE1XIWNwYhwD7kzyKSTLzf8XNDEz61quLrB
1VzOipbuYooJEOdxM5P+W8ZngHI2dFnzg7MBBCPVNv8Tr/GxW0KOUbcZnLxqQwN9
dQPQPvj5Ku6EE+8vV4J/fId5cZvMEDVhjiuNGmGA8kkOe4VMMBsiox0/QCvdwd37
eXMQ0TbC+Xyk9BXRrtoz6tR5grbt/NQNAcIDhcl7TAtiWEIBKhznhz0/SQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM0y8S+LJZOZGUH1qR/z2Pkw+5zTMB8GA1UdIwQY
MBaAFPglVKhWpCKwYa5kxXdjD5HUCM1KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DVlVxRmFrSXJCaHJtVEZkMk1Qa2RRSXpVby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNm
LTk2NWQ2ZDYwM2JmYS8xL3pUTHhMNHNsazVrWlFmV3BIX1BZLVREN25OTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNmLTk2NWQ2ZDYwM2Jm
YS8xLzEtQ1ZVcUZha0lyQmhybVRGZDJNUGtkUUl6VW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAFZ6o4D
BAFZ6pQwDQYJKoZIhvcNAQELBQADggEBAFJFsuD6hT+AxSIloME+0/c4KUxc/MOC
7VaMGe/2XPLbl39ARDq0kNmTBBMHj6yYJL21QBvTfw7rvuiEI0hy4DZX2csnNX9d
h84MQKrBg2VDwOLkVUhM3S48chlapLduGCwzstur7yxMEGmt7qjzDi3XZxPXD5SI
hzLBVDZpv3kgNp+Z0c24dkh9GPQqTpHuP1nNbHeD8wRaPh7AQVZagQVvT64RpDc7
N/5BbQTnxRW4NEYswNN3U5HCjy9I+entaId5whvpqS5WUdstAmT1zil3Y1a1AR+3
Khm2tfqksW3AY3/jy9078ceDbWgCRvdZ+tZ7bWrXlDIEIp7AO0EtasU=
-----END CERTIFICATE-----