Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RcqNbkC-HQev4ulZteLKyDwNxjU.roa
File:                     RcqNbkC-HQev4ulZteLKyDwNxjU.roa (raw, json)
Hash identifier:          JdyNsbir0L0x3daINkti+SCPEdLz+k6VoDzDXmgCo2Y=
Subject key identifier:   45:CA:8D:6E:40:BE:1D:07:AF:E2:E9:59:B5:E2:CA:C8:3C:0D:C6:35
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01954110026F8D916666BEA29DB6FA4AE2B7
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RcqNbkC-HQev4ulZteLKyDwNxjU.roa
Signing time:             Wed 26 Feb 2025 07:02:02 +0000
ROA not before:           Wed 26 Feb 2025 07:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61389
IP address blocks:        89.42.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 09:59:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:41:10:02:6f:8d:91:66:66:be:a2:9d:b6:fa:4a:e2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Feb 26 07:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45ca8d6e40be1d07afe2e959b5e2cac83c0dc635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b1:42:a6:9d:7b:6d:60:dc:c0:76:a2:f8:c0:
                    4d:b6:e3:6d:0b:79:ed:7a:c6:cf:3f:8a:39:7e:d7:
                    ee:01:a0:ed:a5:a6:10:b7:f6:99:94:a1:b6:a2:19:
                    09:9d:72:eb:1e:55:0c:42:f2:c5:cf:ec:94:9a:f9:
                    71:14:76:f4:fe:5b:96:d0:1c:f9:ef:a0:15:88:88:
                    c9:c8:b6:42:1e:71:de:3d:8f:8f:61:89:79:98:e7:
                    6b:86:be:11:e0:a6:52:3f:dd:be:d2:c9:bf:18:f7:
                    8e:cd:34:89:2e:c5:82:b7:14:c3:bc:23:5e:6b:ac:
                    4d:40:fd:6d:c3:d3:e6:d9:73:aa:7d:b4:02:b3:96:
                    98:e1:19:63:ae:a7:2f:38:15:3e:20:25:8a:89:9a:
                    8e:a8:5f:25:de:06:ec:e0:19:9d:c9:53:20:e2:65:
                    58:c5:05:28:67:e8:6f:c4:bf:2c:cf:80:f9:58:35:
                    e0:fe:ae:49:5b:58:46:67:3a:2e:20:f4:72:89:65:
                    74:3a:9a:e7:cb:a0:9c:29:3c:36:0f:69:d8:3c:fa:
                    50:f8:f0:d9:8b:2c:2b:75:0c:69:25:93:ae:4b:12:
                    fd:cd:07:10:5d:71:5d:e0:80:c6:57:ae:de:9a:26:
                    33:4d:8d:eb:5b:4d:0a:9b:24:17:96:42:6d:cb:d3:
                    f3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:CA:8D:6E:40:BE:1D:07:AF:E2:E9:59:B5:E2:CA:C8:3C:0D:C6:35
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RcqNbkC-HQev4ulZteLKyDwNxjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:be:f9:f0:f9:19:0a:29:13:0b:51:93:6f:c6:ad:38:4a:83:
         1b:c8:c8:83:28:5a:4d:ef:7c:51:d8:8b:59:85:5b:42:c3:cf:
         aa:cf:d7:57:b0:0a:cd:94:2f:51:ed:c9:88:d1:1c:f1:57:8e:
         db:a8:61:be:b6:f6:8d:77:c8:4f:12:3a:c1:7e:68:ff:5f:b0:
         df:eb:46:42:30:b2:91:5e:3f:44:25:78:78:ca:61:37:4a:15:
         c7:e7:fb:90:d7:94:f9:2a:32:86:4c:e9:a0:b8:17:67:dd:8f:
         3b:64:70:c2:7e:a4:2d:3c:a1:4a:1b:a1:a5:23:74:e9:6b:fa:
         71:3f:07:87:da:9b:93:b0:dd:25:09:78:1c:28:64:59:37:01:
         a6:c4:6e:b8:12:19:8a:fd:5f:88:14:0a:ee:77:0b:96:17:86:
         d9:7d:26:4d:af:af:e0:37:10:77:6e:70:b4:8b:b2:b4:fb:40:
         1c:c0:e9:9b:78:d6:ad:a3:ec:bc:23:ec:4d:cc:9b:9c:17:32:
         bd:e9:d6:59:e3:e5:c1:ac:66:b9:c9:7c:78:43:40:12:0e:bd:
         db:92:79:62:fb:9e:88:78:ac:cd:a7:41:5c:42:9c:d2:3f:67:
         9d:e9:23:7e:18:2f:00:89:0f:6e:22:63:48:7c:04:76:23:29:
         c1:02:c0:98
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZVBEAJvjZFmZr6inbb6SuK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMjI2MDcwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWNhOGQ2ZTQwYmUxZDA3YWZlMmU5NTliNWUyY2FjODNjMGRjNjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbFCpp17bWDcwHai+MBNtuNtC3nt
esbPP4o5ftfuAaDtpaYQt/aZlKG2ohkJnXLrHlUMQvLFz+yUmvlxFHb0/luW0Bz5
76AViIjJyLZCHnHePY+PYYl5mOdrhr4R4KZSP92+0sm/GPeOzTSJLsWCtxTDvCNe
a6xNQP1tw9Pm2XOqfbQCs5aY4RljrqcvOBU+ICWKiZqOqF8l3gbs4BmdyVMg4mVY
xQUoZ+hvxL8sz4D5WDXg/q5JW1hGZzouIPRyiWV0Oprny6CcKTw2D2nYPPpQ+PDZ
iywrdQxpJZOuSxL9zQcQXXFd4IDGV67emiYzTY3rW00KmyQXlkJty9Pz3wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEXKjW5Avh0Hr+LpWbXiysg8DcY1MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1JjcU5ia0MtSFFldjR1bFp0ZUxLeUR3TnhqVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZKg8w
DQYJKoZIhvcNAQELBQADggEBAAm++fD5GQopEwtRk2/GrThKgxvIyIMoWk3vfFHY
i1mFW0LDz6rP11ewCs2UL1HtyYjRHPFXjtuoYb629o13yE8SOsF+aP9fsN/rRkIw
spFeP0QleHjKYTdKFcfn+5DXlPkqMoZM6aC4F2fdjztkcMJ+pC08oUoboaUjdOlr
+nE/B4fam5Ow3SUJeBwoZFk3AabEbrgSGYr9X4gUCu53C5YXhtl9Jk2vr+A3EHdu
cLSLsrT7QBzA6Zt41q2j7Lwj7E3Mm5wXMr3p1lnj5cGsZrnJfHhDQBIOvduSeWL7
noh4rM2nQVxCnNI/Z53pI34YLwCJD24iY0h8BHYjKcECwJg=
-----END CERTIFICATE-----