Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BA1vnpQkAFpXRAzWewgZI7nRRgQ.roa
File:                     BA1vnpQkAFpXRAzWewgZI7nRRgQ.roa (raw, json)
Hash identifier:          MpCvFqOFoxniA5OpCwj1GVK9CxNPrvBoHeuBBL2L5uQ=
Subject key identifier:   04:0D:6F:9E:94:24:00:5A:57:44:0C:D6:7B:08:19:23:B9:D1:46:04
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194282753BA2EF4D3C1385CFB64DE47CFA0
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BA1vnpQkAFpXRAzWewgZI7nRRgQ.roa
Signing time:             Thu 02 Jan 2025 17:54:13 +0000
ROA not before:           Thu 02 Jan 2025 17:54:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15731
IP address blocks:        89.35.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:53:ba:2e:f4:d3:c1:38:5c:fb:64:de:47:cf:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=040d6f9e9424005a57440cd67b081923b9d14604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e4:90:a7:85:83:fa:99:3f:5d:cd:b2:9c:82:
                    3c:7f:44:7d:31:75:44:2a:1c:18:15:1c:c4:ca:6f:
                    86:69:c4:fe:dd:e2:86:9c:77:4a:34:d8:f6:a6:16:
                    27:fe:75:75:08:bc:0f:95:12:fe:08:74:db:38:40:
                    89:24:d4:f7:21:e6:7e:dd:cf:5d:0e:40:f7:f9:22:
                    25:34:67:37:33:e0:a2:ad:f1:27:3a:2b:b5:11:6b:
                    5c:2a:3f:77:86:36:52:5a:59:dc:c9:35:51:70:19:
                    8f:d1:4e:60:c1:80:7c:5d:b3:98:8d:e2:fd:bd:e5:
                    2f:b7:b2:73:61:c2:64:52:18:9f:01:eb:13:a0:78:
                    39:b4:21:b9:b2:5f:d0:b3:40:9e:8c:07:cc:eb:11:
                    87:00:60:40:0a:f7:05:c4:5c:aa:2e:18:e1:14:f4:
                    10:6f:0f:0a:23:aa:25:60:c0:97:db:61:b3:17:3e:
                    2d:a3:f5:5d:ea:84:db:58:e9:0b:4a:71:26:5b:68:
                    0f:6a:0b:c9:71:e8:b4:c8:66:85:ed:6d:c0:15:08:
                    bd:75:d6:c9:67:41:fb:1b:18:e5:8e:25:05:86:7d:
                    79:e2:1f:2c:08:9e:68:2b:c7:ac:38:8d:ea:1d:be:
                    9c:20:4f:bc:07:b0:4e:37:4a:ff:67:1f:eb:6d:af:
                    2d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:0D:6F:9E:94:24:00:5A:57:44:0C:D6:7B:08:19:23:B9:D1:46:04
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BA1vnpQkAFpXRAzWewgZI7nRRgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:5a:f4:d4:e6:10:53:f4:b7:a8:06:31:b1:4b:d3:1d:64:0d:
         92:04:ff:ae:3f:88:49:55:85:2c:bb:5b:09:aa:5d:d4:1d:49:
         02:f7:2f:8f:4b:22:5e:63:b8:56:6c:1e:cd:02:bf:14:0f:73:
         95:6f:d1:a4:e7:19:ed:8c:3c:b5:86:29:00:1a:b7:26:58:6e:
         d1:44:25:74:a8:6e:69:09:79:4c:c2:8f:4c:c4:d9:ed:46:ba:
         59:dd:37:56:60:00:fb:0a:bc:af:d2:b0:58:83:74:26:b4:e4:
         f6:d9:5b:07:be:9e:2d:d9:af:21:7f:c7:d8:93:19:39:aa:da:
         00:50:30:aa:63:1b:a7:ae:5d:90:a4:49:ab:0b:69:49:c0:0d:
         e6:c1:f4:e2:55:29:4a:5f:93:2a:ba:0a:34:f7:48:a2:39:d1:
         0b:2e:a2:e0:1f:db:e2:25:4f:7c:23:dd:f5:dd:9f:1a:09:32:
         76:47:b0:a7:2f:ca:2d:35:8b:9a:2e:9c:86:bb:79:42:0a:7f:
         4e:b6:d6:58:44:b3:01:dd:e6:df:d2:a8:06:fd:ed:c1:fc:d6:
         06:d2:75:99:67:10:fd:4a:98:18:9d:d3:95:4c:ea:e3:01:c2:
         30:65:39:46:df:cb:e0:2b:c6:4b:77:6d:ba:5e:6e:f9:88:3b:
         23:85:79:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ1O6LvTTwThc+2TeR8+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDBkNmY5ZTk0MjQwMDVhNTc0NDBjZDY3YjA4MTkyM2I5ZDE0NjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOSQp4WD+pk/Xc2ynII8f0R9MXVE
KhwYFRzEym+GacT+3eKGnHdKNNj2phYn/nV1CLwPlRL+CHTbOECJJNT3IeZ+3c9d
DkD3+SIlNGc3M+CirfEnOiu1EWtcKj93hjZSWlncyTVRcBmP0U5gwYB8XbOYjeL9
veUvt7JzYcJkUhifAesToHg5tCG5sl/Qs0CejAfM6xGHAGBACvcFxFyqLhjhFPQQ
bw8KI6olYMCX22GzFz4to/Vd6oTbWOkLSnEmW2gPagvJcei0yGaF7W3AFQi9ddbJ
Z0H7GxjljiUFhn154h8sCJ5oK8esOI3qHb6cIE+8B7BON0r/Zx/rba8tBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQNb56UJABaV0QM1nsIGSO50UYEMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvQkExdm5wUWtBRnBYUkF6V2V3Z1pJN25SUmdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSN3MA0G
CSqGSIb3DQEBCwUAA4IBAQCUWvTU5hBT9LeoBjGxS9MdZA2SBP+uP4hJVYUsu1sJ
ql3UHUkC9y+PSyJeY7hWbB7NAr8UD3OVb9Gk5xntjDy1hikAGrcmWG7RRCV0qG5p
CXlMwo9MxNntRrpZ3TdWYAD7Cryv0rBYg3QmtOT22VsHvp4t2a8hf8fYkxk5qtoA
UDCqYxunrl2QpEmrC2lJwA3mwfTiVSlKX5Mqugo090iiOdELLqLgH9viJU98I931
3Z8aCTJ2R7CnL8otNYuaLpyGu3lCCn9OttZYRLMB3ebf0qgG/e3B/NYG0nWZZxD9
SpgYndOVTOrjAcIwZTlG38vgK8ZLd226Xm75iDsjhXma
-----END CERTIFICATE-----