Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/Y2AwHZ4LjgCyZ7c3VA39uJ1uOJA.roa
File:                     Y2AwHZ4LjgCyZ7c3VA39uJ1uOJA.roa (raw, json)
Hash identifier:          jN16HvDKq8wIqjLIVTWw0neRTt/pe6lIdR9PV+gdOvM=
Subject key identifier:   63:60:30:1D:9E:0B:8E:00:B2:67:B7:37:54:0D:FD:B8:9D:6E:38:90
Certificate issuer:       /CN=4e4c1389a849ef5dccb8303703b898c91e63d14f
Certificate serial:       01942444D08416363E5A8EE1370067EC4727
Authority key identifier: 4E:4C:13:89:A8:49:EF:5D:CC:B8:30:37:03:B8:98:C9:1E:63:D1:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/Y2AwHZ4LjgCyZ7c3VA39uJ1uOJA.roa
Signing time:             Wed 01 Jan 2025 23:47:57 +0000
ROA not before:           Wed 01 Jan 2025 23:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25447
IP address blocks:        152.89.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:d0:84:16:36:3e:5a:8e:e1:37:00:67:ec:47:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e4c1389a849ef5dccb8303703b898c91e63d14f
        Validity
            Not Before: Jan  1 23:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6360301d9e0b8e00b267b737540dfdb89d6e3890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3d:f7:2b:43:6b:c6:a6:54:bd:c9:13:a3:f2:
                    0a:a5:5e:a1:cf:ad:c3:87:9e:7f:30:52:f3:7b:79:
                    9f:cf:e6:90:26:c5:85:82:c3:d6:a8:b8:a5:84:43:
                    dc:c0:0a:12:93:a1:c2:6d:84:a8:11:e5:12:1b:f0:
                    f5:d7:49:16:6d:8e:9d:1c:bf:ce:10:e1:5d:d0:71:
                    94:c0:95:13:43:60:d5:52:9b:1a:d8:14:fa:44:dc:
                    bd:0e:bd:d9:91:b8:8b:b4:a6:8e:a4:1c:c7:c5:a2:
                    13:7e:ac:ca:a7:ef:91:f8:1d:60:6f:46:09:de:35:
                    f2:ef:c1:3e:10:c6:07:ce:74:3f:65:bb:fb:e0:80:
                    3b:30:ee:1a:a6:ec:3d:c6:2e:24:ff:36:c4:77:5d:
                    cb:aa:d5:96:ef:8a:20:0c:48:45:86:b3:ed:22:4a:
                    6f:63:0a:1f:af:35:9d:c6:40:2f:b3:a6:89:61:1a:
                    d1:a7:cd:cd:6b:a5:a2:94:de:a4:73:e1:6a:06:95:
                    3a:db:f7:b5:28:b8:bf:9d:e0:3f:b2:87:71:31:fb:
                    e3:aa:d3:e4:3b:de:5b:36:3b:8e:01:2f:c0:5e:f6:
                    97:8a:76:3b:1f:9c:46:c5:34:3a:84:06:30:6c:31:
                    5b:f5:05:2b:8f:c1:aa:8b:11:48:82:c3:4c:43:32:
                    29:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:60:30:1D:9E:0B:8E:00:B2:67:B7:37:54:0D:FD:B8:9D:6E:38:90
            X509v3 Authority Key Identifier:
                keyid:4E:4C:13:89:A8:49:EF:5D:CC:B8:30:37:03:B8:98:C9:1E:63:D1:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/Y2AwHZ4LjgCyZ7c3VA39uJ1uOJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:6d:11:f6:c5:cb:7e:76:58:1b:65:2d:d9:13:61:ad:c3:28:
         f9:b3:fe:65:0a:e8:3a:ef:4e:69:de:c9:44:42:92:d6:e2:3a:
         f5:de:db:2b:ed:b8:9a:48:d9:48:3a:36:32:ae:9f:44:3a:b6:
         0e:4f:3e:f4:6e:53:b9:08:04:39:91:cb:c5:eb:5e:7d:d7:3c:
         24:e6:30:17:c6:07:c9:19:58:40:cb:9f:c2:d5:1b:65:4c:14:
         33:27:4c:b3:60:9b:ea:2a:fb:a1:06:73:68:4d:94:e9:8c:35:
         05:60:99:86:07:e2:59:df:7b:04:99:1d:9d:23:02:88:7d:2b:
         16:e0:12:d3:e7:e7:f7:1d:03:49:26:4e:fc:c9:e6:74:d9:c9:
         00:e3:d3:65:b1:f2:48:f8:49:30:91:5e:c4:d7:ca:6e:00:11:
         33:da:f8:2b:cf:47:b6:3a:d6:6f:65:a5:2b:97:cf:d3:6b:8b:
         43:d7:41:50:20:f2:7c:df:c1:0d:e8:6c:66:fc:c4:2e:18:7f:
         80:f5:cf:6d:8f:8e:10:d4:7f:41:93:20:dd:b6:f6:0b:94:dc:
         0a:86:d7:4b:6f:f9:9e:11:c4:ab:1b:34:69:b0:30:6a:26:32:
         c0:cc:86:94:3c:4a:ae:b7:86:76:67:99:80:e5:b6:a3:64:4d:
         56:7d:1a:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRNCEFjY+Wo7hNwBn7EcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNGMxMzg5YTg0OWVmNWRjY2I4MzAzNzAzYjg5OGM5MWU2
M2QxNGYwHhcNMjUwMTAxMjM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzYwMzAxZDllMGI4ZTAwYjI2N2I3Mzc1NDBkZmRiODlkNmUzODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArz33K0NrxqZUvckTo/IKpV6hz63D
h55/MFLze3mfz+aQJsWFgsPWqLilhEPcwAoSk6HCbYSoEeUSG/D110kWbY6dHL/O
EOFd0HGUwJUTQ2DVUpsa2BT6RNy9Dr3ZkbiLtKaOpBzHxaITfqzKp++R+B1gb0YJ
3jXy78E+EMYHznQ/Zbv74IA7MO4apuw9xi4k/zbEd13LqtWW74ogDEhFhrPtIkpv
YwofrzWdxkAvs6aJYRrRp83Na6WilN6kc+FqBpU62/e1KLi/neA/sodxMfvjqtPk
O95bNjuOAS/AXvaXinY7H5xGxTQ6hAYwbDFb9QUrj8GqixFIgsNMQzIplQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNgMB2eC44Asme3N1QN/bidbjiQMB8GA1UdIwQY
MBaAFE5ME4moSe9dzLgwNwO4mMkeY9FPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGt3VGlhaEo3MTNNdURBM0E3aVl5UjVqMFU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zOTY1YjAtZmVlOS00OWJmLWE1NGQt
YThkODM4NDM4ZDhhLzEvWTJBd0haNExqZ0N5WjdjM1ZBMzl1SjF1T0pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zOTY1YjAtZmVlOS00OWJmLWE1NGQtYThkODM4NDM4ZDhh
LzEvVGt3VGlhaEo3MTNNdURBM0E3aVl5UjVqMFU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmFncMA0G
CSqGSIb3DQEBCwUAA4IBAQCbbRH2xct+dlgbZS3ZE2Gtwyj5s/5lCug6705p3slE
QpLW4jr13tsr7biaSNlIOjYyrp9EOrYOTz70blO5CAQ5kcvF61591zwk5jAXxgfJ
GVhAy5/C1RtlTBQzJ0yzYJvqKvuhBnNoTZTpjDUFYJmGB+JZ33sEmR2dIwKIfSsW
4BLT5+f3HQNJJk78yeZ02ckA49NlsfJI+EkwkV7E18puABEz2vgrz0e2OtZvZaUr
l8/Ta4tD10FQIPJ838EN6Gxm/MQuGH+A9c9tj44Q1H9BkyDdtvYLlNwKhtdLb/me
EcSrGzRpsDBqJjLAzIaUPEqut4Z2Z5mA5bajZE1WfRrJ
-----END CERTIFICATE-----