Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/hhzSm6GjX7s3vRc-UjvW8KahBO0.roa
File:                     hhzSm6GjX7s3vRc-UjvW8KahBO0.roa (raw, json)
Hash identifier:          Ee9hXcXaMVLm37/p4g8p7BURdDDaz2FT+WhXrMvmGFM=
Subject key identifier:   86:1C:D2:9B:A1:A3:5F:BB:37:BD:17:3E:52:3B:D6:F0:A6:A1:04:ED
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019427B5CADBF781EF112424DAD5DC6154E8
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/hhzSm6GjX7s3vRc-UjvW8KahBO0.roa
Signing time:             Thu 02 Jan 2025 15:50:12 +0000
ROA not before:           Thu 02 Jan 2025 15:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        89.187.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ca:db:f7:81:ef:11:24:24:da:d5:dc:61:54:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  2 15:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=861cd29ba1a35fbb37bd173e523bd6f0a6a104ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f5:5d:f5:e3:ea:96:eb:bf:b2:b2:cd:0d:ba:
                    82:b8:ec:47:75:68:d5:a3:09:3c:75:60:c6:0a:b7:
                    2a:03:8a:0b:57:c1:de:cd:63:6a:85:7b:17:f3:44:
                    54:df:a8:ac:eb:4c:bc:f5:36:23:16:98:cf:dd:87:
                    ca:fe:e4:16:f5:8f:9a:26:f8:4a:b3:0f:0e:06:6d:
                    38:37:84:20:0a:bc:b9:3a:ea:90:b2:df:66:77:36:
                    f0:8b:18:59:6d:ac:a2:cc:b3:cc:91:9a:ea:60:22:
                    1d:16:92:24:e7:fb:df:d4:5d:d1:0f:0b:ed:e3:da:
                    e9:c2:a6:22:91:78:bb:e6:bc:fe:3e:62:80:9a:5e:
                    b2:42:6f:30:fb:45:8f:7a:ec:78:1b:4d:92:da:66:
                    ad:08:be:af:be:7f:39:3b:ad:57:84:42:66:4a:dd:
                    88:b7:cc:1b:8c:ce:83:e4:f3:77:49:a6:20:46:dd:
                    a8:02:c6:de:71:3b:b9:6e:b7:c2:9c:3d:07:3a:b4:
                    7c:bd:50:47:39:53:b8:09:89:3c:7f:98:58:e7:c4:
                    b7:9a:10:e5:84:16:57:f1:b9:f7:18:3a:ea:94:6c:
                    ea:d6:c0:39:50:74:c7:90:29:1e:5e:c2:ea:41:aa:
                    3f:e9:96:2f:2c:b1:a7:27:a5:2e:8e:24:e2:89:6b:
                    d5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:1C:D2:9B:A1:A3:5F:BB:37:BD:17:3E:52:3B:D6:F0:A6:A1:04:ED
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/hhzSm6GjX7s3vRc-UjvW8KahBO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:d7:1a:fc:8a:7e:be:cb:e5:cd:1b:c1:9c:a1:4f:2d:4d:02:
         07:9d:f3:15:51:c6:26:db:f7:09:40:ce:e3:d7:1c:2e:8f:63:
         99:3a:1b:ce:05:65:fe:07:ba:2f:cf:38:22:67:b1:06:4b:0b:
         33:32:2d:ae:d4:9d:ae:63:b7:cc:e0:19:4f:ea:bf:6f:30:8e:
         a0:43:4c:48:f0:1e:2f:98:e0:0c:42:de:e1:fd:ae:f9:d9:12:
         e1:be:1b:90:f8:03:30:f9:3c:0f:be:d9:fa:7e:87:f8:69:1c:
         0b:1c:09:12:67:ba:db:94:ff:1a:62:fd:eb:76:44:ef:3d:79:
         d4:6a:1d:33:ef:7f:cb:fe:23:d2:01:8a:7a:0f:3f:0a:61:ca:
         ab:95:0c:5b:e4:a6:3c:2d:76:2d:17:dc:b9:a5:71:d7:ec:09:
         5e:94:43:2c:41:c4:f3:e5:84:31:36:55:3c:a3:ec:51:be:b5:
         e9:7b:51:3a:b6:11:66:b6:d5:f0:0d:bd:85:3c:26:99:8b:7f:
         bf:7d:b2:4b:df:10:34:a1:93:8e:12:3e:e1:f2:96:f8:42:46:
         b2:da:c0:ce:59:e1:25:4a:85:73:d6:d5:e1:f0:52:30:4a:c9:
         32:fb:b1:9c:00:7c:17:04:aa:cb:c1:4d:af:14:77:15:eb:47:
         b1:54:84:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntcrb94HvESQk2tXcYVToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwMTAyMTU1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjFjZDI5YmExYTM1ZmJiMzdiZDE3M2U1MjNiZDZmMGE2YTEwNGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPVd9ePqluu/srLNDbqCuOxHdWjV
owk8dWDGCrcqA4oLV8HezWNqhXsX80RU36is60y89TYjFpjP3YfK/uQW9Y+aJvhK
sw8OBm04N4QgCry5OuqQst9mdzbwixhZbayizLPMkZrqYCIdFpIk5/vf1F3RDwvt
49rpwqYikXi75rz+PmKAml6yQm8w+0WPeux4G02S2matCL6vvn85O61XhEJmSt2I
t8wbjM6D5PN3SaYgRt2oAsbecTu5brfCnD0HOrR8vVBHOVO4CYk8f5hY58S3mhDl
hBZX8bn3GDrqlGzq1sA5UHTHkCkeXsLqQao/6ZYvLLGnJ6UujiTiiWvVLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYc0puho1+7N70XPlI71vCmoQTtMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvaGh6U202R2pYN3MzdlJjLVVqdlc4S2FoQk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsEMA0G
CSqGSIb3DQEBCwUAA4IBAQDI1xr8in6+y+XNG8GcoU8tTQIHnfMVUcYm2/cJQM7j
1xwuj2OZOhvOBWX+B7ovzzgiZ7EGSwszMi2u1J2uY7fM4BlP6r9vMI6gQ0xI8B4v
mOAMQt7h/a752RLhvhuQ+AMw+TwPvtn6fof4aRwLHAkSZ7rblP8aYv3rdkTvPXnU
ah0z73/L/iPSAYp6Dz8KYcqrlQxb5KY8LXYtF9y5pXHX7AlelEMsQcTz5YQxNlU8
o+xRvrXpe1E6thFmttXwDb2FPCaZi3+/fbJL3xA0oZOOEj7h8pb4Qkay2sDOWeEl
SoVz1tXh8FIwSsky+7GcAHwXBKrLwU2vFHcV60exVIQZ
-----END CERTIFICATE-----