Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/I9Ygc6aZ5phKC6DcCh14BM0wPaQ.roa
File:                     I9Ygc6aZ5phKC6DcCh14BM0wPaQ.roa (raw, json)
Hash identifier:          6fCuY0U+3GHL93S/a1bkEF5wP+JVLK6+dPpYAfOtpws=
Subject key identifier:   23:D6:20:73:A6:99:E6:98:4A:0B:A0:DC:0A:1D:78:04:CD:30:3D:A4
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       0194236992B5D60FE1BF98A41E20EED96042
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/I9Ygc6aZ5phKC6DcCh14BM0wPaQ.roa
Signing time:             Wed 01 Jan 2025 19:48:28 +0000
ROA not before:           Wed 01 Jan 2025 19:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41850
IP address blocks:        89.39.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:92:b5:d6:0f:e1:bf:98:a4:1e:20:ee:d9:60:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23d62073a699e6984a0ba0dc0a1d7804cd303da4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:35:df:38:98:41:a4:cd:c5:1b:2a:75:ec:73:
                    b5:f0:15:ef:48:24:88:46:36:df:8a:a2:79:e3:ec:
                    eb:0e:7c:11:d1:ee:a5:c1:dc:9b:03:52:08:c4:80:
                    0d:bb:96:8f:d6:bb:15:57:86:95:3c:8a:7b:70:c1:
                    5a:f6:f0:c0:47:0e:99:a8:70:8f:82:ac:f8:32:50:
                    df:80:88:2b:82:5a:0f:10:80:3c:b7:cb:45:28:ca:
                    fa:d4:84:2e:ec:9c:44:8c:27:3c:d0:d1:1e:a4:8b:
                    18:ed:20:20:9d:26:46:94:ff:ca:12:ec:0a:24:74:
                    e8:08:75:66:71:d5:bf:16:04:b6:db:79:ac:b0:5d:
                    d8:8d:f0:16:08:8e:cb:b7:90:ee:8d:8d:fd:3a:fd:
                    fa:a6:55:4f:b5:30:43:11:49:89:14:03:e9:f1:c1:
                    46:6d:4c:9d:c2:3a:40:52:46:1e:66:94:2d:93:d3:
                    df:4c:9d:c3:16:c4:50:8d:3c:45:4b:b9:f9:29:ce:
                    60:0d:9a:9d:2f:d4:b0:6d:47:71:c0:c7:91:9a:94:
                    ae:34:7f:7a:67:06:24:bd:f3:be:3e:85:4a:46:98:
                    f3:d5:c9:70:b4:d2:ca:d5:f2:8d:4e:ec:f7:05:1d:
                    ba:48:d5:b5:0e:ac:6c:a1:6f:3c:87:e8:6f:d9:94:
                    e9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D6:20:73:A6:99:E6:98:4A:0B:A0:DC:0A:1D:78:04:CD:30:3D:A4
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/I9Ygc6aZ5phKC6DcCh14BM0wPaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:0c:34:2d:b8:c7:50:e6:12:c4:12:12:4b:28:55:67:b9:42:
         d4:c6:1f:a0:21:88:38:14:4d:60:8b:7c:c6:b2:16:c1:15:51:
         f6:87:29:12:a7:46:8c:40:7c:1e:4e:c7:b0:9e:a5:ff:85:ff:
         2b:19:3b:01:44:2d:af:3a:a1:cf:f0:d1:01:b7:3f:06:b8:fc:
         ee:39:76:63:02:29:d3:fd:35:e5:07:19:d8:a9:a8:ea:48:f0:
         29:59:03:eb:9d:e1:3f:f5:98:4f:13:cc:e2:79:39:76:57:e3:
         8e:3f:c0:d5:1b:37:42:ea:41:7a:6f:a4:3f:04:2f:9c:7a:9a:
         96:0a:62:4b:ae:d5:71:7a:a4:b4:03:1a:2c:89:8d:ed:b0:3f:
         83:d1:ad:4f:ea:7d:f0:fb:2f:9e:bb:f0:11:09:d3:57:40:09:
         87:5a:ef:16:e1:c2:ed:1d:70:17:5a:a5:6a:8d:22:6a:e3:64:
         67:91:1e:5f:08:15:1e:0c:1b:06:65:e9:18:e6:16:3d:05:aa:
         a4:5a:f9:77:bc:4a:32:fc:39:d8:c5:db:cb:d2:e7:78:1b:12:
         28:3b:6c:a0:73:9b:57:9a:57:8b:37:d9:ed:a2:85:3a:a4:c3:
         7d:92:5c:6b:85:f9:69:57:58:3d:3e:3f:62:54:40:f8:fd:ee:
         25:15:23:e4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaZK11g/hv5ikHiDu2WBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Q2MjA3M2E2OTllNjk4NGEwYmEwZGMwYTFkNzgwNGNkMzAzZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszXfOJhBpM3FGyp17HO18BXvSCSI
RjbfiqJ54+zrDnwR0e6lwdybA1IIxIANu5aP1rsVV4aVPIp7cMFa9vDARw6ZqHCP
gqz4MlDfgIgrgloPEIA8t8tFKMr61IQu7JxEjCc80NEepIsY7SAgnSZGlP/KEuwK
JHToCHVmcdW/FgS223mssF3YjfAWCI7Lt5DujY39Ov36plVPtTBDEUmJFAPp8cFG
bUydwjpAUkYeZpQtk9PfTJ3DFsRQjTxFS7n5Kc5gDZqdL9SwbUdxwMeRmpSuNH96
ZwYkvfO+PoVKRpjz1clwtNLK1fKNTuz3BR26SNW1DqxsoW88h+hv2ZTpCQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCPWIHOmmeaYSgug3AodeATNMD2kMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0k5WWdjNmFaNXBoS0M2RGNDaDE0Qk0wd1BhUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJZJ/gw
DQYJKoZIhvcNAQELBQADggEBAHEMNC24x1DmEsQSEksoVWe5QtTGH6AhiDgUTWCL
fMayFsEVUfaHKRKnRoxAfB5Ox7Cepf+F/ysZOwFELa86oc/w0QG3Pwa4/O45dmMC
KdP9NeUHGdipqOpI8ClZA+ud4T/1mE8TzOJ5OXZX444/wNUbN0LqQXpvpD8EL5x6
mpYKYkuu1XF6pLQDGiyJje2wP4PRrU/qffD7L5678BEJ01dACYda7xbhwu0dcBda
pWqNImrjZGeRHl8IFR4MGwZl6RjmFj0FqqRa+Xe8SjL8OdjF28vS53gbEig7bKBz
m1eaV4s32e2ihTqkw32SXGuF+WlXWD0+P2JUQPj97iUVI+Q=
-----END CERTIFICATE-----