Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/MK7rMcnFnU0mcqkkPz9P0S29WNo.roa
File:                     MK7rMcnFnU0mcqkkPz9P0S29WNo.roa (raw, json)
Hash identifier:          EFa7ohFp1uYY5h4SZ2yRARykjAm+g5yWsJNaAwJqLKY=
Subject key identifier:   30:AE:EB:31:C9:C5:9D:4D:26:72:A9:24:3F:3F:4F:D1:2D:BD:58:DA
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369AD49F8AA552F386CF0C1D647543F
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/MK7rMcnFnU0mcqkkPz9P0S29WNo.roa
Signing time:             Wed 01 Jan 2025 19:48:35 +0000
ROA not before:           Wed 01 Jan 2025 19:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60125
IP address blocks:        89.35.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ad:49:f8:aa:55:2f:38:6c:f0:c1:d6:47:54:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30aeeb31c9c59d4d2672a9243f3f4fd12dbd58da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5a:30:67:32:16:fe:39:f6:74:f9:8f:c0:d5:
                    21:e1:c5:76:fd:6b:0a:3e:d0:7c:23:40:a4:ea:d6:
                    42:c5:4c:c0:4b:62:b4:4e:15:35:d8:a1:97:f1:18:
                    66:84:45:66:bd:84:1c:e0:3f:e6:4e:72:f8:ba:94:
                    58:e6:6b:03:ac:a6:93:2b:ea:e7:40:8f:d4:aa:e6:
                    54:15:29:52:10:39:30:c7:ea:50:d2:31:5e:5b:53:
                    d7:31:62:af:fc:26:e7:9c:e4:b4:5f:42:e1:31:40:
                    50:22:2a:7b:57:3d:a0:9c:ca:a1:d4:0d:71:68:55:
                    3f:8f:c4:0c:c2:72:99:1a:e2:bb:98:f9:38:2f:52:
                    c2:ba:8f:f3:c3:09:31:64:45:aa:a8:dc:0b:51:8b:
                    50:c4:74:2e:3b:4c:6f:bf:f2:ec:b6:98:cd:ab:6c:
                    51:96:16:0f:8a:fd:b5:d9:df:79:eb:ed:9c:f9:2f:
                    45:74:73:2c:3b:cd:a7:52:47:34:91:3e:9a:b2:00:
                    48:15:f3:f0:e9:01:02:3b:32:12:14:99:97:a6:be:
                    6d:b1:ac:cf:ef:3f:ac:2d:53:4c:4e:ec:ec:7c:15:
                    f7:52:22:77:b2:6b:85:45:93:ec:5d:73:ef:b9:fd:
                    00:f6:1e:59:ab:d5:41:08:09:c0:9d:69:25:ac:90:
                    0e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:AE:EB:31:C9:C5:9D:4D:26:72:A9:24:3F:3F:4F:D1:2D:BD:58:DA
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/MK7rMcnFnU0mcqkkPz9P0S29WNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:70:a1:49:a9:6d:0d:52:59:f2:b9:51:7d:68:98:bf:0a:49:
         8c:e9:b3:bd:65:15:3f:98:5e:c1:79:a7:d3:08:4e:a1:4a:78:
         0d:8a:24:33:a6:51:ff:a1:b4:d3:11:85:52:63:d5:92:d4:f4:
         46:34:f1:7b:ee:97:08:82:57:9d:97:22:e2:d1:47:41:6b:06:
         21:c3:97:01:a2:25:13:00:5a:56:4c:8a:20:ae:8e:4a:5f:31:
         39:db:7f:1b:4d:8b:c7:ed:c8:5d:a5:f1:4c:f2:a3:c3:ba:90:
         5e:c2:1f:4f:1f:a8:b4:5a:fa:53:49:8f:02:cc:51:c8:d2:0e:
         56:6a:43:4a:ad:8d:13:bf:0e:bc:8e:ad:e8:f2:4d:d9:48:55:
         b6:bf:f3:70:f3:6f:68:42:aa:75:ba:e5:8d:ec:67:0d:b5:da:
         51:64:eb:89:d2:78:a0:93:8b:5d:88:e5:25:ba:b8:50:f4:90:
         e9:a9:c1:04:d6:77:e6:c3:35:c8:63:5c:bb:21:8c:84:54:69:
         ca:c6:21:5f:63:c5:07:a6:70:9b:a9:84:40:29:ce:b8:69:d1:
         20:27:93:a0:5b:91:e9:36:46:02:8e:0c:13:da:a3:59:d1:5a:
         fd:65:aa:74:72:b5:18:4b:fa:90:64:a7:da:2b:5f:83:62:33:
         38:ba:26:1e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaa1J+KpVLzhs8MHWR1Q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGFlZWIzMWM5YzU5ZDRkMjY3MmE5MjQzZjNmNGZkMTJkYmQ1OGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlowZzIW/jn2dPmPwNUh4cV2/WsK
PtB8I0Ck6tZCxUzAS2K0ThU12KGX8RhmhEVmvYQc4D/mTnL4upRY5msDrKaTK+rn
QI/UquZUFSlSEDkwx+pQ0jFeW1PXMWKv/CbnnOS0X0LhMUBQIip7Vz2gnMqh1A1x
aFU/j8QMwnKZGuK7mPk4L1LCuo/zwwkxZEWqqNwLUYtQxHQuO0xvv/LstpjNq2xR
lhYPiv212d956+2c+S9FdHMsO82nUkc0kT6asgBIFfPw6QECOzISFJmXpr5tsazP
7z+sLVNMTuzsfBX3UiJ3smuFRZPsXXPvuf0A9h5Zq9VBCAnAnWklrJAO5QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDCu6zHJxZ1NJnKpJD8/T9EtvVjaMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL01LN3JNY25GblUwbWNxa2tQejlQMFMyOVdOby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZI3Ew
DQYJKoZIhvcNAQELBQADggEBAJ1woUmpbQ1SWfK5UX1omL8KSYzps71lFT+YXsF5
p9MITqFKeA2KJDOmUf+htNMRhVJj1ZLU9EY08XvulwiCV52XIuLRR0FrBiHDlwGi
JRMAWlZMiiCujkpfMTnbfxtNi8ftyF2l8Uzyo8O6kF7CH08fqLRa+lNJjwLMUcjS
DlZqQ0qtjRO/DryOrejyTdlIVba/83Dzb2hCqnW65Y3sZw212lFk64nSeKCTi12I
5SW6uFD0kOmpwQTWd+bDNchjXLshjIRUacrGIV9jxQemcJuphEApzrhp0SAnk6Bb
kek2RgKODBPao1nRWv1lqnRytRhL+pBkp9orX4NiMzi6Jh4=
-----END CERTIFICATE-----