Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/IRm19nOK5U99-KFgT6Iyqb6FLRs.roa
File:                     IRm19nOK5U99-KFgT6Iyqb6FLRs.roa (raw, json)
Hash identifier:          il+0ahEt0jHE3mPTA9QCPGv0irQio4DzrHv3lezN4EI=
Subject key identifier:   21:19:B5:F6:73:8A:E5:4F:7D:F8:A1:60:4F:A2:32:A9:BE:85:2D:1B
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       01942143AFB5E496501C210E5291AB91715C
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/IRm19nOK5U99-KFgT6Iyqb6FLRs.roa
Signing time:             Wed 01 Jan 2025 09:47:51 +0000
ROA not before:           Wed 01 Jan 2025 09:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39412
IP address blocks:        95.131.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:af:b5:e4:96:50:1c:21:0e:52:91:ab:91:71:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Jan  1 09:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2119b5f6738ae54f7df8a1604fa232a9be852d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:57:3a:d0:40:7c:13:57:22:1f:dc:47:30:2a:
                    02:98:98:69:7e:95:f1:b9:aa:31:71:76:a0:8c:6a:
                    07:0c:a7:aa:5c:df:a4:6c:93:d7:c2:7e:29:d3:a1:
                    f1:d6:86:f9:b0:1a:ec:fe:4e:61:63:ad:19:32:97:
                    03:bd:3c:5f:42:c0:ca:a7:a0:83:b4:82:af:d1:d1:
                    18:64:1c:67:e9:d9:c0:13:66:bb:9a:65:e8:60:2a:
                    d5:39:3a:1e:a5:95:94:02:4d:0b:15:36:c2:cb:ed:
                    d6:11:8e:1f:38:48:16:77:24:e7:8c:d5:f6:7f:a7:
                    a9:a3:ec:74:37:de:1b:1c:f1:43:21:6c:54:0e:46:
                    1b:d9:61:f1:84:ea:e1:61:ae:bc:c3:ac:46:54:06:
                    41:9e:4b:5b:19:11:5f:ae:24:ce:fa:f3:33:54:9c:
                    ba:19:d8:57:5c:dd:ee:b9:17:88:48:0e:c7:b9:7a:
                    6e:13:9b:9e:a1:cb:3e:ff:ec:96:e0:34:35:f5:5f:
                    99:68:de:51:ef:b0:b1:02:56:40:73:12:39:00:56:
                    01:be:79:a0:c2:69:2e:6b:f3:2e:bd:da:85:75:89:
                    42:a6:18:46:32:df:89:4b:84:02:a9:87:0d:8e:d6:
                    ff:e5:72:e9:0a:56:f9:fd:73:9d:69:4f:09:26:3d:
                    33:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:19:B5:F6:73:8A:E5:4F:7D:F8:A1:60:4F:A2:32:A9:BE:85:2D:1B
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/IRm19nOK5U99-KFgT6Iyqb6FLRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:49:c4:07:d3:79:9c:fd:4e:b9:b1:2a:03:f5:15:1b:dc:aa:
         90:64:b0:a8:2e:63:b0:ee:37:ea:f5:dd:5c:ba:b4:54:7e:56:
         e3:fd:46:7e:2d:d2:93:46:9f:40:0d:50:6f:d7:63:89:a1:94:
         9c:6d:9c:2a:ce:d3:59:d6:a2:04:35:6a:62:18:4b:ab:ff:c9:
         0a:76:ce:d0:78:85:ac:0f:c7:17:45:49:2d:a7:c7:d9:bf:f1:
         3c:9b:d5:13:c3:10:d8:5b:a7:35:f0:42:60:99:6c:7d:2e:dd:
         81:8c:d6:36:d2:58:79:96:83:de:b8:3d:54:f0:dc:0a:42:84:
         09:d4:3f:24:03:e0:4f:3b:5c:d6:d1:23:64:51:83:f9:47:2e:
         12:fa:2f:92:0a:ac:90:ee:36:be:a5:a3:50:5a:87:5b:26:3d:
         f9:2b:63:67:4f:b3:0c:65:c6:61:cf:f7:a9:0b:c3:18:1a:ca:
         22:30:bf:06:bc:84:93:64:4a:9f:cd:62:d8:7a:8b:be:c7:ef:
         57:3f:f5:61:93:c7:4e:db:a6:f8:e1:9e:f0:28:90:91:62:4d:
         50:ee:3a:7e:c3:f7:c1:4c:e2:cf:85:11:28:8c:88:6e:f0:a0:
         e6:9c:21:1d:61:32:dc:12:72:21:c4:f2:a9:a7:c7:81:86:f8:
         b3:eb:91:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ6+15JZQHCEOUpGrkXFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTZjZDlmNGJlYjdiMGMwNGQzMWZmZTVjNjc0YTg3YTc3
MzlkMjEwHhcNMjUwMTAxMDk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTE5YjVmNjczOGFlNTRmN2RmOGExNjA0ZmEyMzJhOWJlODUyZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Vc60EB8E1ciH9xHMCoCmJhpfpXx
uaoxcXagjGoHDKeqXN+kbJPXwn4p06Hx1ob5sBrs/k5hY60ZMpcDvTxfQsDKp6CD
tIKv0dEYZBxn6dnAE2a7mmXoYCrVOToepZWUAk0LFTbCy+3WEY4fOEgWdyTnjNX2
f6epo+x0N94bHPFDIWxUDkYb2WHxhOrhYa68w6xGVAZBnktbGRFfriTO+vMzVJy6
GdhXXN3uuReISA7HuXpuE5ueocs+/+yW4DQ19V+ZaN5R77CxAlZAcxI5AFYBvnmg
wmkua/MuvdqFdYlCphhGMt+JS4QCqYcNjtb/5XLpClb5/XOdaU8JJj0zBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEZtfZziuVPffihYE+iMqm+hS0bMB8GA1UdIwQY
MBaAFImmzZ9L63sMBNMf/lxnSoenc50hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYt
MWY5MjQ0OTVmY2RkLzEvSVJtMTluT0s1VTk5LUtGZ1Q2SXlxYjZGTFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYtMWY5MjQ0OTVmY2Rk
LzEvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4MnMA0G
CSqGSIb3DQEBCwUAA4IBAQA0ScQH03mc/U65sSoD9RUb3KqQZLCoLmOw7jfq9d1c
urRUflbj/UZ+LdKTRp9ADVBv12OJoZScbZwqztNZ1qIENWpiGEur/8kKds7QeIWs
D8cXRUktp8fZv/E8m9UTwxDYW6c18EJgmWx9Lt2BjNY20lh5loPeuD1U8NwKQoQJ
1D8kA+BPO1zW0SNkUYP5Ry4S+i+SCqyQ7ja+paNQWodbJj35K2NnT7MMZcZhz/ep
C8MYGsoiML8GvISTZEqfzWLYeou+x+9XP/Vhk8dO26b44Z7wKJCRYk1Q7jp+w/fB
TOLPhREojIhu8KDmnCEdYTLcEnIhxPKpp8eBhviz65Gr
-----END CERTIFICATE-----