Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/2d0a48-9f86-48e0-a01e-5b3285c3abaa/1/1-807yUmPHz4IsK5x-j_MUOfei3Y.roa
File:                     1-807yUmPHz4IsK5x-j_MUOfei3Y.roa (raw, json)
Hash identifier:          ld615U7g1fyntUuZJsJkyBsfvHeO3Vnx7/PuZx0Y6J0=
Subject key identifier:   FB:CD:3B:C9:49:8F:1F:3E:08:B0:AE:71:FA:3F:CC:50:E7:DE:8B:76
Certificate issuer:       /CN=26c988f21ff1ed7df42a6263723226686d3c18d6
Certificate serial:       01942444D57CB89F9CAB111328022D29675D
Authority key identifier: 26:C9:88:F2:1F:F1:ED:7D:F4:2A:62:63:72:32:26:68:6D:3C:18:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JsmI8h_x7X30KmJjcjImaG08GNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/2d0a48-9f86-48e0-a01e-5b3285c3abaa/1/1-807yUmPHz4IsK5x-j_MUOfei3Y.roa
Signing time:             Wed 01 Jan 2025 23:47:58 +0000
ROA not before:           Wed 01 Jan 2025 23:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56648
IP address blocks:        89.207.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/2d0a48-9f86-48e0-a01e-5b3285c3abaa/1/JsmI8h_x7X30KmJjcjImaG08GNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/2d0a48-9f86-48e0-a01e-5b3285c3abaa/1/JsmI8h_x7X30KmJjcjImaG08GNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JsmI8h_x7X30KmJjcjImaG08GNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:d5:7c:b8:9f:9c:ab:11:13:28:02:2d:29:67:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26c988f21ff1ed7df42a6263723226686d3c18d6
        Validity
            Not Before: Jan  1 23:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbcd3bc9498f1f3e08b0ae71fa3fcc50e7de8b76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:97:26:ea:43:2a:9c:22:a9:ef:fa:e1:df:fe:
                    e5:b5:f8:30:ee:73:3d:71:51:17:c6:8e:57:d3:ab:
                    5a:b6:2a:ee:93:b1:10:50:a0:b0:ec:80:80:b6:df:
                    4f:fb:68:17:3d:94:52:85:69:37:59:77:31:60:e7:
                    32:34:39:60:45:ff:4f:9a:9b:87:82:18:89:2c:bb:
                    ce:81:58:d6:a5:0c:00:b2:c0:a1:df:a6:3f:83:2d:
                    a5:48:a2:30:ec:5b:29:7f:85:cd:f5:f1:81:6f:a1:
                    f8:9f:cb:a8:18:88:a2:4a:da:93:55:fe:a3:bf:e7:
                    5a:b1:13:cd:fa:5b:b3:3c:5f:05:60:ef:53:ff:38:
                    ec:6b:6f:32:e4:16:63:b7:11:c6:e9:d1:40:1b:d3:
                    29:e5:8b:17:54:13:3a:0c:0f:57:53:45:2c:9e:74:
                    11:1a:6e:37:60:51:aa:a0:d1:56:2e:16:3e:9e:df:
                    b6:b8:a8:b8:43:63:30:a8:87:cb:8c:c7:07:7e:9c:
                    ae:37:3c:9f:60:8a:e7:0f:5d:0c:42:ad:fa:bc:ef:
                    68:98:6e:f6:80:41:1d:92:5d:f4:9e:eb:44:3d:ae:
                    a2:48:2b:ec:e1:53:06:76:25:63:99:da:73:c2:2f:
                    78:2c:44:85:93:d5:2f:24:1e:2a:0c:72:08:10:e6:
                    da:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:CD:3B:C9:49:8F:1F:3E:08:B0:AE:71:FA:3F:CC:50:E7:DE:8B:76
            X509v3 Authority Key Identifier:
                keyid:26:C9:88:F2:1F:F1:ED:7D:F4:2A:62:63:72:32:26:68:6D:3C:18:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JsmI8h_x7X30KmJjcjImaG08GNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2d0a48-9f86-48e0-a01e-5b3285c3abaa/1/1-807yUmPHz4IsK5x-j_MUOfei3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2d0a48-9f86-48e0-a01e-5b3285c3abaa/1/JsmI8h_x7X30KmJjcjImaG08GNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:75:8d:8c:3a:24:64:98:48:92:53:28:22:56:b2:33:fd:79:
         38:50:b0:d3:1c:94:7a:b4:3b:a2:36:ed:18:63:eb:52:a4:47:
         02:07:52:ca:61:c0:fe:42:d6:c9:5b:c0:48:73:53:5a:18:97:
         03:9c:8c:cc:1d:80:db:23:96:82:15:fe:90:f5:2c:83:db:8c:
         56:3e:80:b1:dd:cf:7b:6b:35:fe:d7:d1:24:dd:d1:f7:05:74:
         47:60:72:23:07:c9:b5:13:88:92:4b:c0:cb:b3:44:c0:18:ab:
         3b:a3:39:09:43:8d:ef:4a:b0:92:28:a7:1b:14:78:13:3f:f3:
         54:8c:28:f4:a7:b7:d1:11:e1:cd:cd:71:ad:cd:63:eb:88:9a:
         17:19:46:ae:d1:7e:6f:60:b1:c1:b3:f5:e6:dc:82:1f:29:44:
         8b:53:1b:40:67:fc:df:ce:8a:a7:55:10:78:0a:75:06:d8:d6:
         bd:0e:f8:9d:e1:08:24:9c:7a:ee:9b:4a:26:7e:bf:1d:9e:ee:
         a3:f7:9f:ff:2f:7a:8f:ec:a9:39:b2:c9:b0:45:d4:72:e6:3a:
         29:21:2a:dc:78:8f:e7:ed:78:12:5c:4e:36:88:8e:65:16:21:
         18:f2:72:94:19:93:37:55:c5:61:6c:e2:b8:f2:00:28:6e:99:
         52:9b:a4:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRNV8uJ+cqxETKAItKWddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2Yzk4OGYyMWZmMWVkN2RmNDJhNjI2MzcyMzIyNjY4NmQz
YzE4ZDYwHhcNMjUwMTAxMjM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmNkM2JjOTQ5OGYxZjNlMDhiMGFlNzFmYTNmY2M1MGU3ZGU4Yjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA85cm6kMqnCKp7/rh3/7ltfgw7nM9
cVEXxo5X06tatiruk7EQUKCw7ICAtt9P+2gXPZRShWk3WXcxYOcyNDlgRf9PmpuH
ghiJLLvOgVjWpQwAssCh36Y/gy2lSKIw7Fspf4XN9fGBb6H4n8uoGIiiStqTVf6j
v+dasRPN+luzPF8FYO9T/zjsa28y5BZjtxHG6dFAG9Mp5YsXVBM6DA9XU0UsnnQR
Gm43YFGqoNFWLhY+nt+2uKi4Q2MwqIfLjMcHfpyuNzyfYIrnD10MQq36vO9omG72
gEEdkl30nutEPa6iSCvs4VMGdiVjmdpzwi94LESFk9UvJB4qDHIIEObadQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvNO8lJjx8+CLCucfo/zFDn3ot2MB8GA1UdIwQY
MBaAFCbJiPIf8e199CpiY3IyJmhtPBjWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnNtSThoX3g3WDMwS21KamNqSW1hRzA4R05ZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yZDBhNDgtOWY4Ni00OGUwLWEwMWUt
NWIzMjg1YzNhYmFhLzEvMS04MDd5VW1QSHo0SXNLNXgtal9NVU9mZWkzWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjEvMmQwYTQ4LTlmODYtNDhlMC1hMDFlLTViMzI4NWMzYWJh
YS8xL0pzbUk4aF94N1gzMEttSmpjakltYUcwOEdOWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFnPnTAN
BgkqhkiG9w0BAQsFAAOCAQEANHWNjDokZJhIklMoIlayM/15OFCw0xyUerQ7ojbt
GGPrUqRHAgdSymHA/kLWyVvASHNTWhiXA5yMzB2A2yOWghX+kPUsg9uMVj6Asd3P
e2s1/tfRJN3R9wV0R2ByIwfJtROIkkvAy7NEwBirO6M5CUON70qwkiinGxR4Ez/z
VIwo9Ke30RHhzc1xrc1j64iaFxlGrtF+b2CxwbP15tyCHylEi1MbQGf8386Kp1UQ
eAp1BtjWvQ74neEIJJx67ptKJn6/HZ7uo/ef/y96j+ypObLJsEXUcuY6KSEq3HiP
5+14ElxONoiOZRYhGPJylBmTN1XFYWziuPIAKG6ZUpukJQ==
-----END CERTIFICATE-----