Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Ws2J4aPdEb_raZV_Q6WLZuYq9bw.roa
File:                     Ws2J4aPdEb_raZV_Q6WLZuYq9bw.roa (raw, json)
Hash identifier:          UJOhfpK9rLA1rrtLAae9ZE03f0fN+dWFgn6AnwjjtWM=
Subject key identifier:   5A:CD:89:E1:A3:DD:11:BF:EB:69:95:7F:43:A5:8B:66:E6:2A:F5:BC
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0195F013E29CF220DFF65DB21688F29DD686
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Ws2J4aPdEb_raZV_Q6WLZuYq9bw.roa
Signing time:             Tue 01 Apr 2025 06:39:49 +0000
ROA not before:           Tue 01 Apr 2025 06:39:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.187.5.0/24 maxlen: 24
                          89.187.11.0/24 maxlen: 24
                          89.187.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f0:13:e2:9c:f2:20:df:f6:5d:b2:16:88:f2:9d:d6:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Apr  1 06:39:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5acd89e1a3dd11bfeb69957f43a58b66e62af5bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:bd:73:de:f7:bb:28:1c:52:6e:f8:89:73:33:
                    67:a3:22:97:57:4a:e9:92:6b:6d:3c:89:1f:f7:0c:
                    d3:48:f1:22:df:92:90:9c:1b:43:47:47:d4:85:8c:
                    df:7a:d8:28:18:d1:34:81:c1:5d:23:16:de:9b:35:
                    43:50:a7:db:b8:ba:42:fa:68:43:71:82:9f:d0:83:
                    c4:fa:19:f5:53:3a:02:de:f3:e6:1c:15:65:5d:22:
                    07:3d:50:a4:1e:5e:80:92:8e:37:03:a4:6f:0a:a4:
                    19:71:f3:1d:28:c8:44:4a:7d:77:0a:f1:80:e8:8a:
                    f8:0d:ea:24:f5:2c:61:c6:77:52:56:fc:be:ac:83:
                    bf:b7:db:b6:cf:dc:8e:4e:b1:fc:c0:37:e1:59:bf:
                    7e:60:5d:c0:7d:45:90:1f:08:66:96:19:b4:84:8a:
                    e6:df:6d:9a:1f:07:b3:2e:ef:0c:53:44:0a:dd:ac:
                    c6:bd:12:5a:49:0f:6b:bb:c5:e1:08:dc:01:66:09:
                    4d:04:f2:d5:78:25:e4:0d:fb:46:62:2a:ec:30:8c:
                    c4:03:3b:9c:69:92:08:51:03:d2:65:32:73:d2:42:
                    63:ba:a4:45:40:85:4a:18:e2:bd:f7:b0:61:7d:33:
                    e1:c9:42:0a:2d:cf:ad:e0:fd:91:54:cb:bb:46:74:
                    5f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:CD:89:E1:A3:DD:11:BF:EB:69:95:7F:43:A5:8B:66:E6:2A:F5:BC
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Ws2J4aPdEb_raZV_Q6WLZuYq9bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.5.0/24
                  89.187.11.0/24
                  89.187.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:cd:a7:0f:d0:19:2f:2f:b3:b0:8d:1e:8c:97:5e:df:ea:c0:
         bf:35:80:e4:12:f8:7b:4f:15:44:c7:79:12:a6:38:be:1b:14:
         8a:df:1f:c9:7b:7d:fe:c5:0f:91:80:6d:d1:82:a0:72:84:3f:
         60:db:3e:f0:ca:ce:89:dc:9a:92:d8:40:0f:7e:ef:3e:f8:22:
         eb:62:ed:8b:30:a3:8b:6f:f8:90:e4:97:ac:49:05:4b:68:f4:
         a3:3e:51:24:ce:a6:32:bc:48:29:97:69:81:ff:e5:f9:9d:dd:
         53:95:2a:dd:fb:4d:aa:43:fd:13:66:6e:87:4f:60:b4:1d:96:
         0f:e4:2d:13:80:79:32:7f:ea:b5:05:0c:4f:54:d0:c6:89:2e:
         8d:88:ac:15:25:e9:74:74:2d:d0:21:c9:b8:b2:8e:0c:3f:cd:
         d2:d0:82:20:d4:b8:82:bc:96:e8:67:fe:9a:3e:da:e5:ab:e3:
         6d:e2:75:51:14:09:7e:17:fc:fd:58:a8:7a:44:60:9f:4b:c5:
         18:86:48:79:97:cd:fc:62:25:71:75:24:73:2c:71:13:50:88:
         81:8c:ad:da:00:21:72:59:6e:d4:f7:a0:40:be:20:1b:62:68:
         69:66:c9:9d:91:ce:ff:ae:09:0b:27:24:c0:cc:21:51:f8:7c:
         36:af:e8:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZXwE+Kc8iDf9l2yFojyndaGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwNDAxMDYzOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWNkODllMWEzZGQxMWJmZWI2OTk1N2Y0M2E1OGI2NmU2MmFmNWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7L1z3ve7KBxSbviJczNnoyKXV0rp
kmttPIkf9wzTSPEi35KQnBtDR0fUhYzfetgoGNE0gcFdIxbemzVDUKfbuLpC+mhD
cYKf0IPE+hn1UzoC3vPmHBVlXSIHPVCkHl6Ako43A6RvCqQZcfMdKMhESn13CvGA
6Ir4Deok9SxhxndSVvy+rIO/t9u2z9yOTrH8wDfhWb9+YF3AfUWQHwhmlhm0hIrm
322aHwezLu8MU0QK3azGvRJaSQ9ru8XhCNwBZglNBPLVeCXkDftGYirsMIzEAzuc
aZIIUQPSZTJz0kJjuqRFQIVKGOK997BhfTPhyUIKLc+t4P2RVMu7RnRfyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFrNieGj3RG/62mVf0Oli2bmKvW8MB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvV3MySjRhUGRFYl9yYVpWX1E2V0xadVlxOWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWbsFAwQA
WbsLAwQAWbsVMA0GCSqGSIb3DQEBCwUAA4IBAQDVzacP0BkvL7OwjR6Ml17f6sC/
NYDkEvh7TxVEx3kSpji+GxSK3x/Je33+xQ+RgG3RgqByhD9g2z7wys6J3JqS2EAP
fu8++CLrYu2LMKOLb/iQ5JesSQVLaPSjPlEkzqYyvEgpl2mB/+X5nd1TlSrd+02q
Q/0TZm6HT2C0HZYP5C0TgHkyf+q1BQxPVNDGiS6NiKwVJel0dC3QIcm4so4MP83S
0IIg1LiCvJboZ/6aPtrlq+Nt4nVRFAl+F/z9WKh6RGCfS8UYhkh5l838YiVxdSRz
LHETUIiBjK3aACFyWW7U96BAviAbYmhpZsmdkc7/rgkLJyTAzCFR+Hw2r+ih
-----END CERTIFICATE-----