Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/pAaBglS_ph_lomtz_pi-YWsNz74.roa
File:                     pAaBglS_ph_lomtz_pi-YWsNz74.roa (raw, json)
Hash identifier:          +DNf/G42yq93h12+GOLlNd9IxjCcQ12CMJ+kjCCl/Cw=
Subject key identifier:   A4:06:81:82:54:BF:A6:1F:E5:A2:6B:73:FE:98:BE:61:6B:0D:CF:BE
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       019427B421EC78010DBDD441AD4FCEDD76AB
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/pAaBglS_ph_lomtz_pi-YWsNz74.roa
Signing time:             Thu 02 Jan 2025 15:48:24 +0000
ROA not before:           Thu 02 Jan 2025 15:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        89.117.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:21:ec:78:01:0d:bd:d4:41:ad:4f:ce:dd:76:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan  2 15:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a406818254bfa61fe5a26b73fe98be616b0dcfbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3a:b8:8f:e1:5a:1c:e4:a2:ba:fc:6c:f9:7a:
                    50:15:a1:8a:d8:5e:be:83:8f:fd:00:6c:e9:0e:c2:
                    ac:ea:86:a2:a1:c0:74:aa:19:1c:3d:45:4e:11:32:
                    d6:45:23:0e:5e:b2:0e:40:70:5e:41:47:f2:d5:a2:
                    7b:e9:6b:01:0a:3d:37:7c:43:65:d0:75:36:5b:98:
                    60:9f:e8:bb:cc:a0:b3:d8:1c:dc:c1:0b:39:79:ef:
                    67:a2:1a:ea:b9:f4:4c:68:60:1f:71:61:b3:4f:22:
                    5f:df:58:c7:a6:91:a6:a9:fc:d7:42:32:d4:e3:f2:
                    8b:e5:51:69:e6:82:8b:b5:7d:83:3b:e4:5e:f2:b4:
                    22:8b:23:ba:4d:00:81:eb:da:ee:f8:33:5d:11:d0:
                    7f:3f:be:ab:31:52:31:d5:8e:e1:bc:eb:2b:a8:bb:
                    4c:c1:b7:c7:c2:e9:4a:97:db:47:39:43:42:55:46:
                    13:dd:98:3c:c5:16:4b:cd:4e:06:68:88:23:f3:82:
                    f9:c7:20:5e:93:c5:60:73:99:28:bf:bb:b3:67:18:
                    db:b5:2d:0e:a8:66:14:dd:b0:d8:88:42:28:03:bd:
                    f3:81:92:ad:3c:6e:0d:96:20:3f:ab:20:9a:4f:cf:
                    d4:7d:4f:15:75:d7:23:1f:44:0f:6a:45:43:ca:1a:
                    7b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:06:81:82:54:BF:A6:1F:E5:A2:6B:73:FE:98:BE:61:6B:0D:CF:BE
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/pAaBglS_ph_lomtz_pi-YWsNz74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.117.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:7e:ad:2c:94:40:d4:a9:e8:13:6f:6e:85:0c:c0:58:ff:c3:
         a9:b4:48:01:8f:71:98:dd:d0:13:6c:72:02:e3:b9:a5:ad:eb:
         09:7a:e3:4c:66:1e:96:3b:f2:7d:67:65:46:6f:bd:3d:c8:21:
         81:fe:86:27:45:36:7d:4e:5b:ad:04:75:38:e3:7a:1e:fa:68:
         ba:f1:9f:9e:13:01:68:79:6a:de:00:66:98:6e:7f:d5:2f:42:
         9d:bd:91:e3:78:83:4e:75:5c:e2:63:d7:0e:29:ca:1b:ab:77:
         d8:63:43:43:f9:7f:0c:b6:23:77:46:f3:46:de:4c:be:9b:92:
         30:e2:ae:e0:bf:d0:03:2b:df:0c:c8:d6:05:2e:bb:b6:5b:32:
         d6:20:20:5d:75:81:d2:78:c8:1e:1d:a1:05:50:c7:f1:e2:83:
         3e:24:a7:b7:5b:27:f1:84:e3:32:52:94:8d:a9:10:ec:fc:6f:
         f6:a3:f8:55:5d:ff:64:ec:18:b0:7c:e8:9b:d1:5c:89:6f:a1:
         d9:5e:82:86:e2:66:5d:c9:c3:dd:78:d3:9b:1f:f8:0d:cf:f0:
         f6:4e:92:2f:bb:85:6c:92:70:e8:c3:6f:1c:8a:fb:42:71:c6:
         b1:cd:80:af:80:60:08:42:d8:4a:fb:e4:32:07:37:77:a0:41:
         a3:bb:ac:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntCHseAENvdRBrU/O3XarMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwMTAyMTU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDA2ODE4MjU0YmZhNjFmZTVhMjZiNzNmZTk4YmU2MTZiMGRjZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTq4j+FaHOSiuvxs+XpQFaGK2F6+
g4/9AGzpDsKs6oaiocB0qhkcPUVOETLWRSMOXrIOQHBeQUfy1aJ76WsBCj03fENl
0HU2W5hgn+i7zKCz2BzcwQs5ee9nohrqufRMaGAfcWGzTyJf31jHppGmqfzXQjLU
4/KL5VFp5oKLtX2DO+Re8rQiiyO6TQCB69ru+DNdEdB/P76rMVIx1Y7hvOsrqLtM
wbfHwulKl9tHOUNCVUYT3Zg8xRZLzU4GaIgj84L5xyBek8Vgc5kov7uzZxjbtS0O
qGYU3bDYiEIoA73zgZKtPG4NliA/qyCaT8/UfU8VddcjH0QPakVDyhp7EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQGgYJUv6Yf5aJrc/6YvmFrDc++MB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvcEFhQmdsU19waF9sb210el9waS1ZV3NOejc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWXX8MA0G
CSqGSIb3DQEBCwUAA4IBAQCDfq0slEDUqegTb26FDMBY/8OptEgBj3GY3dATbHIC
47mlresJeuNMZh6WO/J9Z2VGb709yCGB/oYnRTZ9TlutBHU443oe+mi68Z+eEwFo
eWreAGaYbn/VL0KdvZHjeINOdVziY9cOKcobq3fYY0ND+X8MtiN3RvNG3ky+m5Iw
4q7gv9ADK98MyNYFLru2WzLWICBddYHSeMgeHaEFUMfx4oM+JKe3WyfxhOMyUpSN
qRDs/G/2o/hVXf9k7BiwfOib0VyJb6HZXoKG4mZdycPdeNObH/gNz/D2TpIvu4Vs
knDow28civtCccaxzYCvgGAIQthK++QyBzd3oEGju6ya
-----END CERTIFICATE-----