Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/fP5gK7Clsw9SsVF2kXkfiUCqIsc.roa
File:                     fP5gK7Clsw9SsVF2kXkfiUCqIsc.roa (raw, json)
Hash identifier:          sN82/8ck4cE58TeZQmemT9dreS3hgLroKAZO+qJp+VQ=
Subject key identifier:   7C:FE:60:2B:B0:A5:B3:0F:52:B1:51:76:91:79:1F:89:40:AA:22:C7
Certificate issuer:       /CN=331706b915bab8dac2b5547fbc87adeb61e6aede
Certificate serial:       01946A85953E9224085FF01950AC32B23E4A
Authority key identifier: 33:17:06:B9:15:BA:B8:DA:C2:B5:54:7F:BC:87:AD:EB:61:E6:AE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/fP5gK7Clsw9SsVF2kXkfiUCqIsc.roa
Signing time:             Wed 15 Jan 2025 15:12:06 +0000
ROA not before:           Wed 15 Jan 2025 15:12:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206564
IP address blocks:        89.110.128.0/18 maxlen: 32
                          2a05:c700::/32 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:85:95:3e:92:24:08:5f:f0:19:50:ac:32:b2:3e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331706b915bab8dac2b5547fbc87adeb61e6aede
        Validity
            Not Before: Jan 15 15:12:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cfe602bb0a5b30f52b1517691791f8940aa22c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8f:be:58:9d:85:8e:8a:dc:6f:6b:3b:e3:b2:
                    55:47:52:df:44:e1:08:21:6c:ea:4d:bc:49:0b:94:
                    8c:fa:ea:d6:b7:19:6b:ad:e9:85:0f:29:ab:bd:1d:
                    2b:86:d9:5a:54:73:99:f9:1e:c9:7c:5f:56:a7:60:
                    89:f8:26:9d:8d:d4:94:66:f1:63:9c:5b:15:a8:e7:
                    93:ad:7c:41:1b:67:2e:79:5e:94:ce:55:61:85:8e:
                    07:e3:81:73:60:e2:84:47:1f:ef:60:4a:0d:91:df:
                    0a:0e:fb:e4:8a:f1:85:a4:2f:df:20:66:07:3e:a2:
                    49:51:8a:df:77:c7:f4:7f:a6:c9:1f:f5:83:12:9c:
                    6d:60:e7:6b:bc:ed:8d:bc:fd:d5:d3:ec:b3:47:89:
                    48:2e:ad:74:67:ea:73:a8:c1:98:9d:64:9c:b8:b4:
                    0c:f3:6d:d3:59:d8:d8:89:e0:ba:d6:4b:05:79:47:
                    a9:8e:58:bf:7f:ce:c3:f8:0c:18:ae:33:f5:97:28:
                    29:9d:eb:21:98:d1:c3:b5:8f:f9:a7:c9:7f:1b:04:
                    2b:7e:d1:00:69:42:35:18:e4:c7:a3:ae:52:0f:eb:
                    c2:26:f2:00:a5:62:1f:ea:0a:3d:f1:7f:61:12:81:
                    79:88:40:56:c3:13:0c:3c:5a:e0:49:d1:e9:0d:d2:
                    34:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:FE:60:2B:B0:A5:B3:0F:52:B1:51:76:91:79:1F:89:40:AA:22:C7
            X509v3 Authority Key Identifier:
                keyid:33:17:06:B9:15:BA:B8:DA:C2:B5:54:7F:BC:87:AD:EB:61:E6:AE:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/fP5gK7Clsw9SsVF2kXkfiUCqIsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.110.128.0/18
                IPv6:
                  2a05:c700::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:cc:c2:60:e6:9a:07:d9:ba:21:d8:13:d4:37:47:7c:d4:e4:
         26:c4:2f:02:9b:e2:01:f6:ca:40:22:1b:5c:24:2a:fb:5a:60:
         ae:f9:c0:6f:a7:72:7b:26:4a:6c:55:7f:d9:ea:58:53:25:16:
         ad:46:33:8f:e0:4f:51:c0:0f:9b:bb:f1:a6:d3:c9:5e:ed:ae:
         cf:63:29:31:8c:15:f7:51:b9:8f:c1:95:03:e1:44:88:ad:a1:
         c3:1c:5d:eb:27:dd:1e:39:d3:31:c8:c4:80:6a:54:00:70:4b:
         ed:64:5c:f6:e6:de:a8:e7:46:5a:f0:3d:c4:0f:33:0e:ee:25:
         88:a2:2e:23:70:d8:c7:9f:e3:e2:d1:bb:8e:e8:e0:d3:46:7e:
         54:b9:6d:8f:24:15:fe:b9:8a:f8:49:8f:b1:a2:0a:52:32:3f:
         00:1b:d8:3f:0d:39:8c:4f:20:bb:33:c4:ff:45:0b:66:ac:14:
         d7:9c:ea:8b:9d:82:7c:0f:71:4f:06:f6:08:7d:61:a2:54:dc:
         e7:45:b6:ad:67:e4:51:45:68:f2:0b:eb:c1:b1:b9:c7:7c:04:
         cb:67:2d:05:db:00:de:70:74:77:2e:6d:e0:a2:e9:c3:42:4c:
         ea:65:cc:40:ab:cc:21:0a:fc:0e:b3:85:ac:67:86:6b:bd:17:
         ae:aa:77:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZRqhZU+kiQIX/AZUKwysj5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMTcwNmI5MTViYWI4ZGFjMmI1NTQ3ZmJjODdhZGViNjFl
NmFlZGUwHhcNMjUwMTE1MTUxMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2ZlNjAyYmIwYTViMzBmNTJiMTUxNzY5MTc5MWY4OTQwYWEyMmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArI++WJ2Fjorcb2s747JVR1LfROEI
IWzqTbxJC5SM+urWtxlrremFDymrvR0rhtlaVHOZ+R7JfF9Wp2CJ+CadjdSUZvFj
nFsVqOeTrXxBG2cueV6UzlVhhY4H44FzYOKERx/vYEoNkd8KDvvkivGFpC/fIGYH
PqJJUYrfd8f0f6bJH/WDEpxtYOdrvO2NvP3V0+yzR4lILq10Z+pzqMGYnWScuLQM
823TWdjYieC61ksFeUepjli/f87D+AwYrjP1lygpneshmNHDtY/5p8l/GwQrftEA
aUI1GOTHo65SD+vCJvIApWIf6go98X9hEoF5iEBWwxMMPFrgSdHpDdI0fQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHz+YCuwpbMPUrFRdpF5H4lAqiLHMB8GA1UdIwQY
MBaAFDMXBrkVurjawrVUf7yHreth5q7eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXhjR3VSVzZ1TnJDdFZSX3ZJZXQ2MkhtcnQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xMTJjZTctNzQxNS00YzVkLWE4OTAt
ZWM5NTE0OGZkMjM2LzEvZlA1Z0s3Q2xzdzlTc1ZGMmtYa2ZpVUNxSXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xMTJjZTctNzQxNS00YzVkLWE4OTAtZWM5NTE0OGZkMjM2
LzEvTXhjR3VSVzZ1TnJDdFZSX3ZJZXQ2MkhtcnQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGWW6AMA0E
AgACMAcDBQAqBccAMA0GCSqGSIb3DQEBCwUAA4IBAQAhzMJg5poH2boh2BPUN0d8
1OQmxC8Cm+IB9spAIhtcJCr7WmCu+cBvp3J7JkpsVX/Z6lhTJRatRjOP4E9RwA+b
u/Gm08le7a7PYykxjBX3UbmPwZUD4USIraHDHF3rJ90eOdMxyMSAalQAcEvtZFz2
5t6o50Za8D3EDzMO7iWIoi4jcNjHn+Pi0buO6ODTRn5UuW2PJBX+uYr4SY+xogpS
Mj8AG9g/DTmMTyC7M8T/RQtmrBTXnOqLnYJ8D3FPBvYIfWGiVNznRbatZ+RRRWjy
C+vBsbnHfATLZy0F2wDecHR3Lm3gounDQkzqZcxAq8whCvwOs4WsZ4ZrvReuqne4
-----END CERTIFICATE-----