Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/bnb74LoHijb6ReFXDA8dOSN40TY.roa
File:                     bnb74LoHijb6ReFXDA8dOSN40TY.roa (raw, json)
Hash identifier:          pwFJIAxYs5XXfIXS9iTFUvVpEjtoEP1h/fTl5ckAITo=
Subject key identifier:   6E:76:FB:E0:BA:07:8A:36:FA:45:E1:57:0C:0F:1D:39:23:78:D1:36
Certificate issuer:       /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial:       019420D65594160675C098A8FE723028A868
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/bnb74LoHijb6ReFXDA8dOSN40TY.roa
Signing time:             Wed 01 Jan 2025 07:48:25 +0000
ROA not before:           Wed 01 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204448
IP address blocks:        89.25.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:55:94:16:06:75:c0:98:a8:fe:72:30:28:a8:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
        Validity
            Not Before: Jan  1 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e76fbe0ba078a36fa45e1570c0f1d392378d136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:67:d5:f1:85:2c:81:4f:57:a1:1e:af:55:8f:
                    a7:d5:ab:f1:50:e0:fa:0a:bc:40:b9:6e:a4:9a:9a:
                    db:be:4b:d5:dd:68:05:d5:3f:95:10:c0:27:e8:1c:
                    0f:32:3b:f4:f3:3f:0b:20:df:11:8e:ed:cb:2a:4a:
                    d2:6e:6e:ca:c0:aa:cc:c7:85:e6:86:e4:2a:38:21:
                    65:bb:77:b1:72:32:39:29:79:7c:11:c9:5b:01:a6:
                    b5:bb:12:8d:f6:ec:fa:b9:f3:f2:a1:9f:7b:77:6f:
                    7f:98:51:6d:6c:a5:cf:86:7e:2e:64:52:41:08:00:
                    83:74:6a:4f:8a:38:a0:97:68:45:9a:fe:57:1c:64:
                    4b:03:70:97:63:d0:e2:06:33:13:ad:2b:c8:77:fa:
                    ab:e7:e7:2c:18:74:f0:6a:ac:a7:46:be:7b:a1:9d:
                    ee:37:a6:c7:f1:22:13:0d:60:dc:4f:9a:f4:65:95:
                    1b:7d:46:f8:35:f6:c8:85:fb:65:7c:68:79:f8:ac:
                    7e:38:0a:5a:5b:69:bf:97:9d:43:39:28:66:5b:38:
                    25:e4:ea:37:38:5a:99:46:0e:cd:f6:71:88:f8:f2:
                    f5:92:80:3b:7e:f6:2a:22:d5:2e:a9:28:16:ba:1c:
                    c8:8b:17:a4:52:aa:d7:bb:0c:64:22:d7:45:ed:b3:
                    5a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:76:FB:E0:BA:07:8A:36:FA:45:E1:57:0C:0F:1D:39:23:78:D1:36
            X509v3 Authority Key Identifier:
                keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/bnb74LoHijb6ReFXDA8dOSN40TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.25.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:2a:fb:91:df:46:2f:cf:ff:fd:17:37:87:b1:fd:df:88:5f:
         1e:9f:57:71:0f:dc:f7:8f:49:5a:8a:3b:97:eb:89:7f:9a:4f:
         ef:2e:59:48:85:b8:94:4b:3b:7b:31:8e:8f:15:24:f9:9e:41:
         34:92:20:6b:ab:e3:5a:dc:b9:4c:31:39:00:32:04:09:9f:e3:
         1f:d3:81:e3:6a:32:6c:21:74:2b:af:fd:08:eb:91:86:c9:f1:
         e7:5c:b1:90:6d:ba:2b:93:8c:73:e2:c0:68:cb:e8:13:e7:2c:
         fe:f6:f8:18:d4:8f:d0:41:c9:94:f5:ce:30:0d:f1:0c:46:50:
         09:c9:0b:3b:21:40:68:1c:ce:ad:6a:8d:36:ec:bc:f0:94:4e:
         61:09:9b:31:55:5b:30:a2:e5:2f:07:62:5b:12:57:7c:b9:f1:
         ce:d0:92:28:2a:0d:ba:27:ba:3f:60:51:8f:2a:bf:ce:40:d5:
         9b:6b:18:29:a4:0f:e3:fb:77:d2:17:5f:89:f5:6c:be:d8:bc:
         eb:b0:00:fa:70:58:e8:91:57:56:10:a9:e5:b8:1b:10:9e:af:
         39:ad:73:84:b9:f2:33:e7:06:5b:1c:b4:d8:09:66:e9:25:a8:
         ed:68:9e:4d:b1:23:af:e3:5a:44:60:ab:c7:eb:27:83:3c:42:
         68:77:67:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lWUFgZ1wJio/nIwKKhoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjUwMTAxMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc2ZmJlMGJhMDc4YTM2ZmE0NWUxNTcwYzBmMWQzOTIzNzhkMTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmfV8YUsgU9XoR6vVY+n1avxUOD6
CrxAuW6kmprbvkvV3WgF1T+VEMAn6BwPMjv08z8LIN8Rju3LKkrSbm7KwKrMx4Xm
huQqOCFlu3excjI5KXl8EclbAaa1uxKN9uz6ufPyoZ97d29/mFFtbKXPhn4uZFJB
CACDdGpPijigl2hFmv5XHGRLA3CXY9DiBjMTrSvId/qr5+csGHTwaqynRr57oZ3u
N6bH8SITDWDcT5r0ZZUbfUb4NfbIhftlfGh5+Kx+OApaW2m/l51DOShmWzgl5Oo3
OFqZRg7N9nGI+PL1koA7fvYqItUuqSgWuhzIixekUqrXuwxkItdF7bNaIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG52++C6B4o2+kXhVwwPHTkjeNE2MB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvYm5iNzRMb0hpamI2UmVGWERBOGRPU040MFRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRkiMA0G
CSqGSIb3DQEBCwUAA4IBAQBzKvuR30Yvz//9FzeHsf3fiF8en1dxD9z3j0laijuX
64l/mk/vLllIhbiUSzt7MY6PFST5nkE0kiBrq+Na3LlMMTkAMgQJn+Mf04HjajJs
IXQrr/0I65GGyfHnXLGQbbork4xz4sBoy+gT5yz+9vgY1I/QQcmU9c4wDfEMRlAJ
yQs7IUBoHM6tao027LzwlE5hCZsxVVswouUvB2JbEld8ufHO0JIoKg26J7o/YFGP
Kr/OQNWbaxgppA/j+3fSF1+J9Wy+2LzrsAD6cFjokVdWEKnluBsQnq85rXOEufIz
5wZbHLTYCWbpJajtaJ5NsSOv41pEYKvH6yeDPEJod2dS
-----END CERTIFICATE-----