Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/vel8G0_GwQFflB8Mgko4kMTZKps.roa
File:                     vel8G0_GwQFflB8Mgko4kMTZKps.roa (raw, json)
Hash identifier:          rEt+VHHycH8jAHwOJN7GUU5Y5p8vUpqH1HAPUwtitdw=
Subject key identifier:   BD:E9:7C:1B:4F:C6:C1:01:5F:94:1F:0C:82:4A:38:90:C4:D9:2A:9B
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019427B5CA98195060C424B636A45914BC33
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/vel8G0_GwQFflB8Mgko4kMTZKps.roa
Signing time:             Thu 02 Jan 2025 15:50:12 +0000
ROA not before:           Thu 02 Jan 2025 15:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39810
IP address blocks:        89.187.0.0/23 maxlen: 24
                          89.187.2.0/24 maxlen: 24
                          89.187.3.0/24 maxlen: 24
                          2a10:e400::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ca:98:19:50:60:c4:24:b6:36:a4:59:14:bc:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  2 15:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bde97c1b4fc6c1015f941f0c824a3890c4d92a9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:48:5c:c0:26:4f:ae:26:53:c4:8c:41:4e:bb:
                    63:76:9f:95:16:7a:98:23:4b:b5:8d:7c:f9:b3:7c:
                    f9:fc:de:42:8f:d6:03:bc:06:8f:a2:2d:91:bf:bf:
                    14:51:fc:2e:3a:44:ff:de:61:6c:cc:c0:57:0f:47:
                    83:62:b8:17:f6:01:33:60:c1:fd:e2:19:58:00:b5:
                    c3:cf:ca:0e:4d:5f:3e:bb:9d:a2:3a:fd:7d:b4:57:
                    f8:f4:f8:75:d7:2f:15:5b:47:ea:a8:ba:1d:dc:af:
                    ef:1f:9a:f0:98:6c:06:fb:a3:2c:98:7f:97:26:50:
                    78:43:86:b8:0e:69:3a:19:15:37:fd:20:58:5c:f8:
                    d3:3d:b9:ef:33:09:44:8d:01:73:68:ff:49:ac:29:
                    c8:4f:e6:c8:b7:41:30:cf:5d:d1:ab:1d:ce:8a:fe:
                    cb:52:8f:52:c2:30:d2:94:f6:57:5c:8e:2b:70:ef:
                    1b:83:9e:fa:b5:bf:f8:7c:53:cf:c4:10:be:3c:a5:
                    f7:ee:3b:37:a1:ae:08:0b:0e:2b:53:1a:ff:90:34:
                    9d:45:74:d5:39:b3:16:bf:53:cb:13:9c:75:15:27:
                    22:74:a8:2c:ac:98:c1:48:18:42:a1:38:4d:82:51:
                    a6:6a:de:aa:ec:64:eb:51:0e:22:4f:85:54:54:1f:
                    f0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E9:7C:1B:4F:C6:C1:01:5F:94:1F:0C:82:4A:38:90:C4:D9:2A:9B
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/vel8G0_GwQFflB8Mgko4kMTZKps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.0.0/22
                IPv6:
                  2a10:e400::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:5b:c5:4a:35:00:67:b8:26:d5:15:d1:e3:01:f2:ec:04:59:
         09:17:49:58:8d:6b:29:de:84:cb:fc:4d:94:98:68:fd:5c:e7:
         3f:c2:16:5e:dc:f4:b4:c0:b4:e9:db:12:81:5b:33:4d:4e:8d:
         50:57:73:f1:ab:67:d2:07:2e:15:83:6d:eb:a6:14:82:a0:f2:
         a7:a3:d2:d9:cd:c3:db:24:32:f0:0b:c5:fb:65:00:aa:f1:05:
         17:51:25:5b:e4:78:90:4b:d9:4a:b4:c0:dc:01:5c:5f:d9:0a:
         d4:3f:8e:29:2c:0a:ba:f2:2f:f4:28:43:c0:f1:0e:88:8c:67:
         84:1c:46:0e:a9:c6:bb:d0:c2:aa:64:20:2c:73:93:1f:ec:2d:
         79:b2:03:dc:83:9e:82:29:cd:79:3e:9b:9c:a0:98:4d:9a:f0:
         1c:9c:0e:1e:ba:44:23:2e:a8:a4:29:54:8e:56:41:05:9e:0c:
         a3:ee:4a:d5:dc:0d:ae:e6:6a:95:33:ad:45:89:c5:e3:45:81:
         de:49:07:69:b7:8c:03:68:9c:1c:2e:fc:b9:82:36:75:dd:67:
         41:c8:26:b0:8e:19:95:bb:44:22:d1:c6:6d:24:5c:30:6a:55:
         73:71:fd:f8:47:6a:45:48:00:ce:cd:f0:1f:dd:2b:0e:54:5c:
         42:70:1e:d8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntcqYGVBgxCS2NqRZFLwzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwMTAyMTU1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGU5N2MxYjRmYzZjMTAxNWY5NDFmMGM4MjRhMzg5MGM0ZDkyYTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEhcwCZPriZTxIxBTrtjdp+VFnqY
I0u1jXz5s3z5/N5Cj9YDvAaPoi2Rv78UUfwuOkT/3mFszMBXD0eDYrgX9gEzYMH9
4hlYALXDz8oOTV8+u52iOv19tFf49Ph11y8VW0fqqLod3K/vH5rwmGwG+6MsmH+X
JlB4Q4a4Dmk6GRU3/SBYXPjTPbnvMwlEjQFzaP9JrCnIT+bIt0Ewz13Rqx3Oiv7L
Uo9SwjDSlPZXXI4rcO8bg576tb/4fFPPxBC+PKX37js3oa4ICw4rUxr/kDSdRXTV
ObMWv1PLE5x1FScidKgsrJjBSBhCoThNglGmat6q7GTrUQ4iT4VUVB/w8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL3pfBtPxsEBX5QfDIJKOJDE2SqbMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvdmVsOEcwX0d3UUZmbEI4TWdrbzRrTVRaS3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCWbsAMA0E
AgACMAcDBQMqEOQAMA0GCSqGSIb3DQEBCwUAA4IBAQByW8VKNQBnuCbVFdHjAfLs
BFkJF0lYjWsp3oTL/E2UmGj9XOc/whZe3PS0wLTp2xKBWzNNTo1QV3Pxq2fSBy4V
g23rphSCoPKno9LZzcPbJDLwC8X7ZQCq8QUXUSVb5HiQS9lKtMDcAVxf2QrUP44p
LAq68i/0KEPA8Q6IjGeEHEYOqca70MKqZCAsc5Mf7C15sgPcg56CKc15PpucoJhN
mvAcnA4eukQjLqikKVSOVkEFngyj7krV3A2u5mqVM61FicXjRYHeSQdpt4wDaJwc
Lvy5gjZ13WdByCawjhmVu0Qi0cZtJFwwalVzcf34R2pFSADOzfAf3SsOVFxCcB7Y
-----END CERTIFICATE-----