Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/tv62RBBqohKxYzcycLc_xEOWUNk.roa
File:                     tv62RBBqohKxYzcycLc_xEOWUNk.roa (raw, json)
Hash identifier:          0SFt/njPH5N+KmKGkT8rCoj+nHuAVB0xwDfk4Lcq+Tg=
Subject key identifier:   B6:FE:B6:44:10:6A:A2:12:B1:63:37:32:70:B7:3F:C4:43:96:50:D9
Certificate issuer:       /CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
Certificate serial:       019428233C3FFB7B58CB9DECCD4EFC6F4E8B
Authority key identifier: B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/tv62RBBqohKxYzcycLc_xEOWUNk.roa
Signing time:             Thu 02 Jan 2025 17:49:45 +0000
ROA not before:           Thu 02 Jan 2025 17:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54339
IP address blocks:        89.38.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:3c:3f:fb:7b:58:cb:9d:ec:cd:4e:fc:6f:4e:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
        Validity
            Not Before: Jan  2 17:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6feb644106aa212b163373270b73fc4439650d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fd:00:ad:88:31:eb:19:db:bc:1d:1b:c0:8f:
                    24:47:f1:8e:5f:ba:5b:29:68:cf:4e:46:39:f5:14:
                    f4:23:9c:5b:25:2e:ba:ad:c0:8d:d7:ed:e6:d6:40:
                    fa:61:42:83:01:1f:8d:e9:b1:1e:4c:e6:c9:7d:a0:
                    25:f1:d5:87:55:4a:ee:56:8e:d6:8b:6d:c6:cb:ce:
                    77:7b:fd:fe:a4:30:38:93:1d:01:a8:8e:41:ab:d9:
                    4f:13:59:6a:50:66:21:5a:9a:21:90:c3:69:ee:62:
                    8f:8a:0c:1a:52:76:85:9a:18:5a:f0:fd:43:1e:c1:
                    70:fe:eb:80:70:8d:a0:83:96:b0:d7:65:c3:6a:11:
                    93:ce:39:f4:b4:fd:fa:3c:56:92:e7:df:ba:05:7c:
                    cd:df:4c:5a:0f:58:e4:58:53:8c:66:c6:d9:9b:b6:
                    50:9a:e5:3f:76:d8:c5:9d:c6:fe:9e:a7:c9:37:d6:
                    95:c0:9b:b1:2f:54:1e:af:7e:15:70:5c:42:91:bb:
                    e7:87:39:6a:9c:d3:52:c8:d0:67:53:66:e8:cd:00:
                    b3:4a:a3:af:8f:07:5c:e5:74:6a:5b:45:21:71:3f:
                    1c:d1:8c:29:eb:1d:14:0f:6d:6d:00:84:67:d9:c7:
                    b6:7c:26:9d:d8:49:8f:72:55:86:8d:39:38:05:94:
                    88:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FE:B6:44:10:6A:A2:12:B1:63:37:32:70:B7:3F:C4:43:96:50:D9
            X509v3 Authority Key Identifier:
                keyid:B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/tv62RBBqohKxYzcycLc_xEOWUNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:b9:c3:84:d2:f3:7d:1e:30:ae:9e:ee:24:6b:bd:44:f2:8b:
         2a:39:cf:4a:5f:8a:a0:6b:fd:d7:36:50:82:3c:9a:9f:7e:37:
         37:a7:73:00:80:e1:e4:d1:00:b2:cf:cc:35:aa:fd:9b:31:63:
         74:c2:49:5b:da:21:38:3d:59:b6:66:7f:3d:39:a7:0d:46:13:
         b7:7c:93:14:50:66:f6:16:7b:df:78:78:3f:bd:a3:d8:3d:30:
         b6:a3:ca:08:30:34:33:6f:86:97:80:f9:0d:96:6b:96:68:4f:
         c3:71:b5:13:98:f7:e6:16:09:15:65:42:a0:51:8d:c9:e7:cf:
         8c:4e:6a:1c:ec:63:82:d0:89:16:45:40:56:9b:a9:53:c7:cd:
         f4:84:c9:c0:83:bc:2a:34:98:93:5b:0e:36:43:cb:5d:a0:5d:
         29:a4:95:98:fd:6d:4d:74:92:ac:92:5b:61:b5:dc:de:6c:63:
         34:52:08:87:6f:80:dc:01:48:14:e5:d4:90:5a:1f:30:a3:29:
         6f:bd:75:69:da:32:b8:ac:2b:bd:fd:75:a0:14:11:9b:33:c5:
         a1:f5:ac:4f:96:36:67:33:f2:68:c7:a9:2f:ba:91:65:53:92:
         75:d6:1c:7c:6b:b5:95:e1:dd:52:40:6d:2f:2e:fe:b7:e8:89:
         80:11:d3:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzw/+3tYy53szU78b06LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzhhYTE4NzMwZjRhODNlMjg1MmM1NjkyNTUxYWJiNWIx
ZWU3ZWEwHhcNMjUwMTAyMTc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmZlYjY0NDEwNmFhMjEyYjE2MzM3MzI3MGI3M2ZjNDQzOTY1MGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf0ArYgx6xnbvB0bwI8kR/GOX7pb
KWjPTkY59RT0I5xbJS66rcCN1+3m1kD6YUKDAR+N6bEeTObJfaAl8dWHVUruVo7W
i23Gy853e/3+pDA4kx0BqI5Bq9lPE1lqUGYhWpohkMNp7mKPigwaUnaFmhha8P1D
HsFw/uuAcI2gg5aw12XDahGTzjn0tP36PFaS59+6BXzN30xaD1jkWFOMZsbZm7ZQ
muU/dtjFncb+nqfJN9aVwJuxL1Qer34VcFxCkbvnhzlqnNNSyNBnU2bozQCzSqOv
jwdc5XRqW0UhcT8c0Ywp6x0UD21tAIRn2ce2fCad2EmPclWGjTk4BZSI1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLb+tkQQaqISsWM3MnC3P8RDllDZMB8GA1UdIwQY
MBaAFLjIqhhzD0qD4oUsVpJVGrtbHufqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODkt
YTU3NjA0YTNmNmJiLzEvdHY2MlJCQnFvaEt4WXpjeWNMY194RU9XVU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODktYTU3NjA0YTNmNmJi
LzEvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSYoMA0G
CSqGSIb3DQEBCwUAA4IBAQChucOE0vN9HjCunu4ka71E8osqOc9KX4qga/3XNlCC
PJqffjc3p3MAgOHk0QCyz8w1qv2bMWN0wklb2iE4PVm2Zn89OacNRhO3fJMUUGb2
FnvfeHg/vaPYPTC2o8oIMDQzb4aXgPkNlmuWaE/DcbUTmPfmFgkVZUKgUY3J58+M
Tmoc7GOC0IkWRUBWm6lTx830hMnAg7wqNJiTWw42Q8tdoF0ppJWY/W1NdJKsklth
tdzebGM0UgiHb4DcAUgU5dSQWh8woylvvXVp2jK4rCu9/XWgFBGbM8Wh9axPljZn
M/Jox6kvupFlU5J11hx8a7WV4d1SQG0vLv636ImAEdPY
-----END CERTIFICATE-----