Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/IhPCu9cp-SugT8DxkL_JFeJHw6E.roa
File:                     IhPCu9cp-SugT8DxkL_JFeJHw6E.roa (raw, json)
Hash identifier:          MbEPM1OM+Y9gGLu7XujJzC9L+kdhPoVAKNV+aVA87TY=
Subject key identifier:   22:13:C2:BB:D7:29:F9:2B:A0:4F:C0:F1:90:BF:C9:15:E2:47:C3:A1
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0192577AA6E34331BA4D73A0829EFF14A7AC
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/IhPCu9cp-SugT8DxkL_JFeJHw6E.roa
Signing time:             Fri 04 Oct 2024 12:21:48 +0000
ROA not before:           Fri 04 Oct 2024 12:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198154
IP address blocks:        89.44.242.0/24 maxlen: 24
                          89.46.217.0/24 maxlen: 24
                          109.122.254.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:57:7a:a6:e3:43:31:ba:4d:73:a0:82:9e:ff:14:a7:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Oct  4 12:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2213c2bbd729f92ba04fc0f190bfc915e247c3a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:77:08:7e:ae:35:ed:1f:9b:0a:ff:83:79:aa:
                    f3:65:57:94:ab:91:f8:76:93:73:2a:3f:5b:8d:ba:
                    b2:b3:b6:4b:1d:3f:ba:2a:e8:d3:39:fd:f7:33:f7:
                    15:53:11:1d:d3:27:b3:a1:0b:50:ff:b9:ed:fd:60:
                    06:16:e9:79:9f:77:9a:0c:9b:45:0f:93:c7:78:e8:
                    5e:ea:1d:84:e4:d2:e0:aa:3b:e2:c5:2f:f9:42:9d:
                    f3:65:9d:c5:e9:ce:80:3f:37:ec:22:9b:6c:47:ec:
                    09:95:1f:1a:33:af:b3:56:02:56:fb:cc:c7:5b:9c:
                    de:71:49:fa:fe:0f:34:ca:92:75:9b:3b:29:5c:c0:
                    fc:e4:2f:c2:d6:13:f9:14:a0:b5:7c:dc:76:bf:b4:
                    69:4d:39:9a:37:61:1c:0f:78:92:43:2d:63:7b:cb:
                    1f:cf:2a:5a:49:2e:bc:15:dd:47:18:eb:88:62:68:
                    f0:4e:0f:9a:94:dc:aa:88:7f:23:00:45:38:ea:f4:
                    ee:1f:c4:ed:16:ce:ea:50:dd:0b:ba:99:70:95:64:
                    22:a3:83:4b:0a:69:72:15:ed:35:61:50:06:d4:ff:
                    02:da:3d:30:b6:67:70:42:eb:5e:d4:bd:d4:89:e4:
                    ae:d3:db:b9:52:0a:42:62:7d:27:56:06:b6:68:ec:
                    51:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:13:C2:BB:D7:29:F9:2B:A0:4F:C0:F1:90:BF:C9:15:E2:47:C3:A1
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/IhPCu9cp-SugT8DxkL_JFeJHw6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.242.0/24
                  89.46.217.0/24
                  109.122.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:88:f3:c7:38:fa:ce:7e:78:3e:16:c4:6e:9b:9a:91:65:94:
         e1:3d:40:a8:a2:ff:52:c8:94:f2:a7:84:62:b6:4b:be:0f:79:
         7a:47:e5:e5:f5:e3:81:34:5c:64:1b:2e:2f:c9:55:10:51:ec:
         92:44:61:cd:4b:0d:8d:b7:09:44:4a:ca:7b:3b:46:7e:68:0a:
         2f:ee:d2:98:f8:1b:bd:f0:93:a8:18:76:fb:e5:1c:40:e2:d7:
         c2:e1:ac:c8:36:f7:48:fb:db:c2:9e:40:5e:33:15:0f:da:d3:
         9d:5f:26:e6:50:2e:39:b3:2a:2b:5d:ed:c1:9f:bf:9e:cf:e9:
         cb:b7:80:4c:1a:2b:69:11:82:b6:f2:bf:5c:c3:10:f5:70:c4:
         40:f0:5b:4d:4d:da:96:ce:96:59:ff:3b:3f:f5:e4:10:9f:69:
         93:08:81:b8:95:21:60:3c:0d:16:25:6e:55:30:b6:8a:68:bb:
         8e:3e:58:b6:1c:ce:40:23:d4:b9:3a:26:c0:95:cd:04:9d:b2:
         4f:44:1b:4f:ac:66:b7:46:9d:b6:20:70:10:7e:7b:af:ac:a2:
         99:e4:be:88:aa:89:68:94:3d:31:a3:c3:c3:39:a0:ea:32:82:
         8d:46:f3:2d:ef:51:92:5b:ad:1d:5e:d2:9e:22:6d:91:57:ca:
         56:80:1f:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJXeqbjQzG6TXOggp7/FKesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQxMDA0MTIyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjEzYzJiYmQ3MjlmOTJiYTA0ZmMwZjE5MGJmYzkxNWUyNDdjM2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3cIfq417R+bCv+DearzZVeUq5H4
dpNzKj9bjbqys7ZLHT+6KujTOf33M/cVUxEd0yezoQtQ/7nt/WAGFul5n3eaDJtF
D5PHeOhe6h2E5NLgqjvixS/5Qp3zZZ3F6c6APzfsIptsR+wJlR8aM6+zVgJW+8zH
W5zecUn6/g80ypJ1mzspXMD85C/C1hP5FKC1fNx2v7RpTTmaN2EcD3iSQy1je8sf
zypaSS68Fd1HGOuIYmjwTg+alNyqiH8jAEU46vTuH8TtFs7qUN0LuplwlWQio4NL
CmlyFe01YVAG1P8C2j0wtmdwQute1L3UieSu09u5UgpCYn0nVga2aOxR9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCITwrvXKfkroE/A8ZC/yRXiR8OhMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvSWhQQ3U5Y3AtU3VnVDhEeGtMX0pGZUpIdzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSzyAwQA
WS7ZAwQBbXr+MA0GCSqGSIb3DQEBCwUAA4IBAQCUiPPHOPrOfng+FsRum5qRZZTh
PUCoov9SyJTyp4Ritku+D3l6R+Xl9eOBNFxkGy4vyVUQUeySRGHNSw2NtwlESsp7
O0Z+aAov7tKY+Bu98JOoGHb75RxA4tfC4azINvdI+9vCnkBeMxUP2tOdXybmUC45
syorXe3Bn7+ez+nLt4BMGitpEYK28r9cwxD1cMRA8FtNTdqWzpZZ/zs/9eQQn2mT
CIG4lSFgPA0WJW5VMLaKaLuOPli2HM5AI9S5OibAlc0EnbJPRBtPrGa3Rp22IHAQ
fnuvrKKZ5L6IqololD0xo8PDOaDqMoKNRvMt71GSW60dXtKeIm2RV8pWgB9N
-----END CERTIFICATE-----