Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/bSRwpXF4daZ64mmbWkichNXlbKQ.roa
File:                     bSRwpXF4daZ64mmbWkichNXlbKQ.roa (raw, json)
Hash identifier:          UI3xu+IDrHLUWFrOWnEgl/cse2lLBjv83Y/Ok1oQevo=
Subject key identifier:   6D:24:70:A5:71:78:75:A6:7A:E2:69:9B:5A:48:9C:84:D5:E5:6C:A4
Certificate issuer:       /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial:       0194228D25243B41CE6B7ADD722016CA4EEC
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/bSRwpXF4daZ64mmbWkichNXlbKQ.roa
Signing time:             Wed 01 Jan 2025 15:47:42 +0000
ROA not before:           Wed 01 Jan 2025 15:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        89.238.120.0/24 maxlen: 24
                          89.238.121.0/24 maxlen: 24
                          89.238.122.0/24 maxlen: 24
                          89.238.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:25:24:3b:41:ce:6b:7a:dd:72:20:16:ca:4e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
        Validity
            Not Before: Jan  1 15:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d2470a5717875a67ae2699b5a489c84d5e56ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:18:60:df:eb:92:92:14:a7:6e:cc:45:bf:f8:
                    0e:26:59:7c:ff:14:2a:21:15:3e:33:ee:ad:d1:d6:
                    76:9a:e6:f7:3e:76:ee:4c:10:99:eb:8e:c2:8c:99:
                    f1:91:da:5b:34:be:c5:d9:bc:43:7c:81:62:31:a0:
                    f6:82:e8:8b:b0:5a:61:49:61:f3:3b:7b:7a:8c:00:
                    57:02:53:e9:5b:75:92:42:b1:07:7d:c4:6b:f7:40:
                    ba:b2:9e:1a:d9:fc:b0:00:98:0e:b1:20:8f:7a:03:
                    e3:b2:e4:98:65:2c:a3:3d:4b:fb:1a:85:bf:ef:20:
                    3c:2e:f5:d5:64:38:d9:74:f2:fa:7f:85:53:44:e4:
                    b6:08:6f:55:1e:c7:ac:cb:59:1a:cb:d1:b1:6e:82:
                    c3:91:c0:ee:e3:b1:52:12:11:9f:0d:7e:4b:47:36:
                    ff:63:1b:87:e8:41:15:dc:04:e1:02:be:1f:9f:f2:
                    29:0a:06:97:45:a8:3d:86:34:b2:57:7a:59:00:12:
                    ae:59:e5:03:9c:a7:d2:9c:95:6f:83:2a:c8:0d:d5:
                    4e:aa:7e:ee:c5:17:70:14:6d:ac:76:b5:6a:1f:a6:
                    83:0d:e7:86:9f:23:04:ac:86:de:ca:48:ed:1e:39:
                    89:0e:a8:b4:fc:5f:2c:1d:64:aa:c9:57:f3:dd:77:
                    c1:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:24:70:A5:71:78:75:A6:7A:E2:69:9B:5A:48:9C:84:D5:E5:6C:A4
            X509v3 Authority Key Identifier:
                keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/bSRwpXF4daZ64mmbWkichNXlbKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.238.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:5d:9a:4c:50:27:8f:d3:7b:c9:12:e1:c2:7d:0b:a9:9e:1e:
         43:e7:b6:1b:a5:1f:ef:42:68:0b:51:14:96:4d:6b:f5:08:bc:
         9e:af:40:38:ea:d8:31:7a:be:51:43:58:6c:ef:33:ba:44:0a:
         30:e8:52:dc:83:dc:51:df:b2:c4:3e:16:a3:90:6a:5c:e3:8e:
         c9:f1:4d:9c:35:2e:05:aa:a7:a8:25:52:2c:df:74:cf:78:d7:
         6c:c9:1a:ab:6a:f6:13:63:79:83:e9:fb:b8:14:c0:c3:ea:03:
         19:f7:03:cb:b8:4a:79:5d:2d:0d:bd:31:40:ad:30:ae:02:58:
         ed:00:d1:c4:4f:01:ff:53:ba:bc:93:56:c9:08:5e:c9:93:48:
         a5:a9:e2:32:0f:87:06:87:78:ee:8d:9e:10:c1:1b:5c:21:f2:
         4f:90:68:b3:5d:b6:98:2b:e8:ac:2f:94:63:46:f6:01:4f:dd:
         3e:22:e7:ba:6c:5f:1b:b5:f8:d2:55:be:d4:59:9c:81:a7:42:
         7f:18:45:26:6e:1e:4d:30:c3:e6:cf:cb:9e:40:74:5a:b8:b7:
         fb:22:fc:5c:0e:7c:4c:72:1f:67:23:0a:2c:f3:32:e7:94:a0:
         38:64:68:53:84:32:0f:3f:03:df:3e:05:43:3d:92:9e:67:a4:
         0e:64:f8:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSUkO0HOa3rdciAWyk7sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjUwMTAxMTU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDI0NzBhNTcxNzg3NWE2N2FlMjY5OWI1YTQ4OWM4NGQ1ZTU2Y2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthhg3+uSkhSnbsxFv/gOJll8/xQq
IRU+M+6t0dZ2mub3PnbuTBCZ647CjJnxkdpbNL7F2bxDfIFiMaD2guiLsFphSWHz
O3t6jABXAlPpW3WSQrEHfcRr90C6sp4a2fywAJgOsSCPegPjsuSYZSyjPUv7GoW/
7yA8LvXVZDjZdPL6f4VTROS2CG9VHsesy1kay9GxboLDkcDu47FSEhGfDX5LRzb/
YxuH6EEV3AThAr4fn/IpCgaXRag9hjSyV3pZABKuWeUDnKfSnJVvgyrIDdVOqn7u
xRdwFG2sdrVqH6aDDeeGnyMErIbeykjtHjmJDqi0/F8sHWSqyVfz3XfBrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0kcKVxeHWmeuJpm1pInITV5WykMB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvYlNSd3BYRjRkYVo2NG1tYldraWNoTlhsYktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWe54MA0G
CSqGSIb3DQEBCwUAA4IBAQCIXZpMUCeP03vJEuHCfQupnh5D57YbpR/vQmgLURSW
TWv1CLyer0A46tgxer5RQ1hs7zO6RAow6FLcg9xR37LEPhajkGpc447J8U2cNS4F
qqeoJVIs33TPeNdsyRqravYTY3mD6fu4FMDD6gMZ9wPLuEp5XS0NvTFArTCuAljt
ANHETwH/U7q8k1bJCF7Jk0ilqeIyD4cGh3jujZ4QwRtcIfJPkGizXbaYK+isL5Rj
RvYBT90+Iue6bF8btfjSVb7UWZyBp0J/GEUmbh5NMMPmz8ueQHRauLf7IvxcDnxM
ch9nIwos8zLnlKA4ZGhThDIPPwPfPgVDPZKeZ6QOZPgf
-----END CERTIFICATE-----