Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/3n7I_kSrxdGXM-Yy8kH4fsc4pN8.roa
File:                     3n7I_kSrxdGXM-Yy8kH4fsc4pN8.roa (raw, json)
Hash identifier:          s/PREhsDL5iYmJE9h5sCUC+jgqMKpegaWts1GqNWSms=
Subject key identifier:   DE:7E:C8:FE:44:AB:C5:D1:97:33:E6:32:F2:41:F8:7E:C7:38:A4:DF
Certificate issuer:       /CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Certificate serial:       0195D164AAE0E2B94C00C3DBD7B727B478FE
Authority key identifier: 29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/3n7I_kSrxdGXM-Yy8kH4fsc4pN8.roa
Signing time:             Wed 26 Mar 2025 07:39:50 +0000
ROA not before:           Wed 26 Mar 2025 07:39:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203744
IP address blocks:        89.111.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d1:64:aa:e0:e2:b9:4c:00:c3:db:d7:b7:27:b4:78:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
        Validity
            Not Before: Mar 26 07:39:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de7ec8fe44abc5d19733e632f241f87ec738a4df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:13:b8:9a:b4:b8:73:de:dd:78:f8:07:b7:38:
                    e9:70:60:c1:2c:7b:6d:95:02:dd:11:4f:75:df:e0:
                    f1:c1:ee:a2:35:e1:6f:e5:65:53:b7:85:49:06:f1:
                    0c:bb:fd:c5:d6:2f:ba:bf:93:34:c0:75:72:79:32:
                    cb:b9:60:c1:e9:f3:82:23:0a:89:79:79:16:ab:b8:
                    18:1c:7b:27:3a:25:56:34:b9:af:42:30:94:3b:33:
                    4d:46:ff:15:31:e2:54:59:2c:41:ff:6b:52:a3:78:
                    0c:5c:96:1f:47:ed:b9:93:66:d4:47:ad:c5:dd:44:
                    25:cf:e3:11:a1:4b:13:60:66:ee:34:e2:60:fd:72:
                    20:94:6b:cb:75:64:1c:58:ef:32:e5:e0:1c:1e:e1:
                    d6:65:83:47:a5:96:53:bf:bf:db:51:d2:7a:60:4a:
                    1c:da:f3:b3:6f:fe:82:0c:3f:fd:6b:34:8a:09:c2:
                    dc:e9:30:7a:c9:76:66:6a:b8:a4:e8:6a:eb:56:aa:
                    55:ac:7d:40:ae:f1:21:20:20:ef:99:f7:30:a0:e7:
                    f8:18:61:5b:cc:c3:91:73:a9:f8:b5:7f:27:5d:31:
                    72:85:0c:7b:cc:81:4c:56:8b:14:80:c4:e3:64:36:
                    8b:5a:8a:f1:4d:09:57:f8:4d:55:5f:84:c6:6c:30:
                    69:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:7E:C8:FE:44:AB:C5:D1:97:33:E6:32:F2:41:F8:7E:C7:38:A4:DF
            X509v3 Authority Key Identifier:
                keyid:29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/3n7I_kSrxdGXM-Yy8kH4fsc4pN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.111.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:0e:ea:18:28:95:a5:67:98:de:16:60:91:4f:a0:04:f5:01:
         36:41:1b:cc:51:ce:80:d9:f7:4e:8b:b4:46:4b:7e:1d:02:41:
         03:b2:66:f6:51:e0:76:9b:84:90:3a:85:e2:1e:65:b4:4a:12:
         f4:9f:92:2e:91:27:23:41:4e:fe:ce:c8:fb:5a:66:66:b7:8d:
         e9:7f:2c:5e:af:f1:1b:cf:e2:43:32:85:83:25:e6:b1:51:66:
         21:70:9b:83:5b:8b:2f:fa:08:7e:48:9a:cd:a0:34:e1:a8:d8:
         8f:39:9d:b1:65:b3:13:87:b9:fb:0d:30:d2:54:01:05:cc:9d:
         2a:a3:d8:53:59:73:96:2b:18:39:24:55:b7:89:19:32:d0:59:
         88:55:5e:b8:32:bf:31:32:9c:b3:ab:26:20:4b:b4:9a:10:74:
         5e:bb:b7:ad:c8:1d:f4:16:d8:ac:c1:4e:69:7d:bb:60:42:26:
         52:1d:ea:b0:1f:c8:43:b8:3e:2b:9f:18:01:e3:17:cb:79:b4:
         16:78:4b:18:c9:9e:ef:80:8b:88:5a:26:d9:60:f9:14:8a:7b:
         b5:fd:fb:5f:d9:bf:8d:27:36:95:7d:50:f3:07:fd:71:1b:8e:
         5c:10:b6:21:44:43:a5:e2:d1:6c:76:a0:65:8b:21:ec:b9:8f:
         1f:e3:23:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXRZKrg4rlMAMPb17cntHj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTk5NjRlMGNkMzVmYjM2NzU3ZTU2NTNmZmE3NjI2YWM1
ZGVlZTgwHhcNMjUwMzI2MDczOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTdlYzhmZTQ0YWJjNWQxOTczM2U2MzJmMjQxZjg3ZWM3MzhhNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxO4mrS4c97dePgHtzjpcGDBLHtt
lQLdEU913+Dxwe6iNeFv5WVTt4VJBvEMu/3F1i+6v5M0wHVyeTLLuWDB6fOCIwqJ
eXkWq7gYHHsnOiVWNLmvQjCUOzNNRv8VMeJUWSxB/2tSo3gMXJYfR+25k2bUR63F
3UQlz+MRoUsTYGbuNOJg/XIglGvLdWQcWO8y5eAcHuHWZYNHpZZTv7/bUdJ6YEoc
2vOzb/6CDD/9azSKCcLc6TB6yXZmarik6GrrVqpVrH1ArvEhICDvmfcwoOf4GGFb
zMORc6n4tX8nXTFyhQx7zIFMVosUgMTjZDaLWorxTQlX+E1VX4TGbDBp+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5+yP5Eq8XRlzPmMvJB+H7HOKTfMB8GA1UdIwQY
MBaAFCmplk4M01+zZ1flZT/6diasXe7oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTIt
ZDliNTMzZjdmYmMzLzEvM243SV9rU3J4ZEdYTS1ZeThrSDRmc2M0cE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTItZDliNTMzZjdmYmMz
LzEvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWW/wMA0G
CSqGSIb3DQEBCwUAA4IBAQAtDuoYKJWlZ5jeFmCRT6AE9QE2QRvMUc6A2fdOi7RG
S34dAkEDsmb2UeB2m4SQOoXiHmW0ShL0n5IukScjQU7+zsj7WmZmt43pfyxer/Eb
z+JDMoWDJeaxUWYhcJuDW4sv+gh+SJrNoDThqNiPOZ2xZbMTh7n7DTDSVAEFzJ0q
o9hTWXOWKxg5JFW3iRky0FmIVV64Mr8xMpyzqyYgS7SaEHReu7etyB30FtiswU5p
fbtgQiZSHeqwH8hDuD4rnxgB4xfLebQWeEsYyZ7vgIuIWibZYPkUinu1/ftf2b+N
JzaVfVDzB/1xG45cELYhREOl4tFsdqBliyHsuY8f4yPT
-----END CERTIFICATE-----