Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/bbb782-39f5-4d24-91d2-3e5ee4a8f388/1/olL7czVWLNgm7W1_IvIVMdMAMJQ.roa
File:                     olL7czVWLNgm7W1_IvIVMdMAMJQ.roa (raw, json)
Hash identifier:          E2ePc2MjZUE+sDvLqhAeZtvQFjQHcecfsCWi8c1v1uE=
Subject key identifier:   A2:52:FB:73:35:56:2C:D8:26:ED:6D:7F:22:F2:15:31:D3:00:30:94
Certificate issuer:       /CN=9daebaf6f97ec9374df6c1492f59d5f13a9dd008
Certificate serial:       0194221F8E7537FA27AB2C80E00246834E0B
Authority key identifier: 9D:AE:BA:F6:F9:7E:C9:37:4D:F6:C1:49:2F:59:D5:F1:3A:9D:D0:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/na669vl-yTdN9sFJL1nV8Tqd0Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/bbb782-39f5-4d24-91d2-3e5ee4a8f388/1/olL7czVWLNgm7W1_IvIVMdMAMJQ.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215320
IP address blocks:        89.47.246.0/24 maxlen: 24
                          2a0d:3c80::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/bbb782-39f5-4d24-91d2-3e5ee4a8f388/1/na669vl-yTdN9sFJL1nV8Tqd0Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/bbb782-39f5-4d24-91d2-3e5ee4a8f388/1/na669vl-yTdN9sFJL1nV8Tqd0Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/na669vl-yTdN9sFJL1nV8Tqd0Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8e:75:37:fa:27:ab:2c:80:e0:02:46:83:4e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9daebaf6f97ec9374df6c1492f59d5f13a9dd008
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a252fb7335562cd826ed6d7f22f21531d3003094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:87:ce:f6:42:dc:63:28:f1:e5:d4:e8:ba:a9:
                    11:e2:f0:8d:d6:f8:aa:c2:d5:96:6f:bf:e2:ab:de:
                    ed:3c:b2:b2:83:17:ee:41:5c:38:01:6c:5f:08:9d:
                    37:f0:eb:e3:d3:17:94:8c:a4:04:a2:dc:f9:cb:62:
                    f5:68:be:e1:90:9d:d9:e6:cb:af:4e:35:81:f9:3d:
                    1b:47:12:a5:83:e2:0e:3a:c1:76:e5:41:e4:e8:15:
                    ea:c8:8c:b8:17:af:35:78:02:60:32:9c:ee:58:6f:
                    61:b4:cd:6d:45:be:08:0d:c6:3b:cf:88:70:9e:85:
                    da:5c:4f:19:73:5e:8b:e1:9f:c2:c7:40:5b:ae:76:
                    ce:da:8f:b1:07:72:e5:f2:3a:2c:e6:0e:90:21:d4:
                    be:fa:21:72:0c:41:26:03:fc:4b:b9:e0:c4:ef:7c:
                    a2:94:a5:16:ce:8b:8e:22:82:1c:a2:9f:bc:3c:52:
                    45:10:23:0b:e4:06:7b:24:c0:df:2d:ab:2b:07:c5:
                    dc:31:0f:78:d0:ae:d3:ee:a8:4c:a5:94:7d:63:e6:
                    f5:4d:d4:4c:85:a8:96:87:f5:50:18:2b:58:cc:16:
                    60:b8:cd:a6:cc:48:63:4f:e5:0f:b1:12:0a:09:2f:
                    a8:61:ce:e7:1b:30:c8:f3:3a:15:0f:95:ab:23:bf:
                    db:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:52:FB:73:35:56:2C:D8:26:ED:6D:7F:22:F2:15:31:D3:00:30:94
            X509v3 Authority Key Identifier:
                keyid:9D:AE:BA:F6:F9:7E:C9:37:4D:F6:C1:49:2F:59:D5:F1:3A:9D:D0:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/na669vl-yTdN9sFJL1nV8Tqd0Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bbb782-39f5-4d24-91d2-3e5ee4a8f388/1/olL7czVWLNgm7W1_IvIVMdMAMJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bbb782-39f5-4d24-91d2-3e5ee4a8f388/1/na669vl-yTdN9sFJL1nV8Tqd0Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.246.0/24
                IPv6:
                  2a0d:3c80::/31

    Signature Algorithm: sha256WithRSAEncryption
         42:0b:0e:76:6b:70:90:5e:54:43:09:a9:f0:48:53:f0:8d:e5:
         0e:48:3f:c7:97:16:08:57:0d:65:04:dd:69:cc:ff:af:96:ec:
         c1:6d:4e:34:71:b2:9b:06:35:e4:6f:a4:75:6b:c1:d9:e9:8e:
         52:de:94:9d:ad:a7:2c:06:24:84:5c:e3:ad:1a:3c:43:29:c7:
         41:6e:f7:d6:9b:de:a3:3a:2a:d6:d7:6a:08:b5:52:66:d6:34:
         2a:1a:66:6c:73:51:1b:75:c2:e7:ad:5f:55:a8:fe:20:ab:cc:
         e7:63:d7:a4:76:48:6f:88:db:d3:e3:72:c9:02:a2:44:a7:49:
         3b:74:6d:60:d8:de:2c:35:1e:bc:35:7a:22:1b:6b:70:f7:ab:
         03:80:41:03:8f:24:84:2b:1e:89:1a:90:2f:d3:49:ea:1c:b4:
         39:78:c9:4a:2d:3a:1b:81:2b:0c:b6:90:7a:ec:25:99:cf:a1:
         ad:77:37:da:85:d4:f2:0e:75:81:16:92:22:a4:5a:b0:43:3a:
         24:ad:7a:3f:e3:ae:ad:47:a4:18:3e:eb:c1:87:18:71:99:2c:
         5b:e4:1c:bb:f7:4b:fc:56:fa:7c:9e:a5:ce:46:87:bc:a9:a8:
         46:fc:a9:6f:07:51:3e:1c:bf:9e:6f:bb:74:1e:bc:96:53:b9:
         b7:38:8e:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH451N/onqyyA4AJGg04LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYWViYWY2Zjk3ZWM5Mzc0ZGY2YzE0OTJmNTlkNWYxM2E5
ZGQwMDgwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjUyZmI3MzM1NTYyY2Q4MjZlZDZkN2YyMmYyMTUzMWQzMDAzMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IfO9kLcYyjx5dTouqkR4vCN1viq
wtWWb7/iq97tPLKygxfuQVw4AWxfCJ038Ovj0xeUjKQEotz5y2L1aL7hkJ3Z5suv
TjWB+T0bRxKlg+IOOsF25UHk6BXqyIy4F681eAJgMpzuWG9htM1tRb4IDcY7z4hw
noXaXE8Zc16L4Z/Cx0BbrnbO2o+xB3Ll8jos5g6QIdS++iFyDEEmA/xLueDE73yi
lKUWzouOIoIcop+8PFJFECML5AZ7JMDfLasrB8XcMQ940K7T7qhMpZR9Y+b1TdRM
haiWh/VQGCtYzBZguM2mzEhjT+UPsRIKCS+oYc7nGzDI8zoVD5WrI7/b7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKJS+3M1VizYJu1tfyLyFTHTADCUMB8GA1UdIwQY
MBaAFJ2uuvb5fsk3TfbBSS9Z1fE6ndAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmE2Njl2bC15VGROOXNGSkwxblY4VHFkMEFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9iYmI3ODItMzlmNS00ZDI0LTkxZDIt
M2U1ZWU0YThmMzg4LzEvb2xMN2N6VldMTmdtN1cxX0l2SVZNZE1BTUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9iYmI3ODItMzlmNS00ZDI0LTkxZDItM2U1ZWU0YThmMzg4
LzEvbmE2Njl2bC15VGROOXNGSkwxblY4VHFkMEFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWS/2MA0E
AgACMAcDBQEqDTyAMA0GCSqGSIb3DQEBCwUAA4IBAQBCCw52a3CQXlRDCanwSFPw
jeUOSD/HlxYIVw1lBN1pzP+vluzBbU40cbKbBjXkb6R1a8HZ6Y5S3pSdracsBiSE
XOOtGjxDKcdBbvfWm96jOirW12oItVJm1jQqGmZsc1EbdcLnrV9VqP4gq8znY9ek
dkhviNvT43LJAqJEp0k7dG1g2N4sNR68NXoiG2tw96sDgEEDjySEKx6JGpAv00nq
HLQ5eMlKLTobgSsMtpB67CWZz6GtdzfahdTyDnWBFpIipFqwQzokrXo/466tR6QY
PuvBhxhxmSxb5By790v8Vvp8nqXORoe8qahG/KlvB1E+HL+eb7t0HryWU7m3OI4u
-----END CERTIFICATE-----