Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/NTo8wbiTR1K2HfWuJU9NIGO7ZNw.roa
File:                     NTo8wbiTR1K2HfWuJU9NIGO7ZNw.roa (raw, json)
Hash identifier:          chETypjvCT3i5s+QcgGlph3xjE01ueClG2327nST8KQ=
Subject key identifier:   35:3A:3C:C1:B8:93:47:52:B6:1D:F5:AE:25:4F:4D:20:63:BB:64:DC
Certificate issuer:       /CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Certificate serial:       019425FDC86E1DFBF8E5B16A0AB8F0833715
Authority key identifier: E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/NTo8wbiTR1K2HfWuJU9NIGO7ZNw.roa
Signing time:             Thu 02 Jan 2025 07:49:36 +0000
ROA not before:           Thu 02 Jan 2025 07:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59703
IP address blocks:        89.33.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c8:6e:1d:fb:f8:e5:b1:6a:0a:b8:f0:83:37:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7fed4e778209c3cae93d4b76d350704462c3aab
        Validity
            Not Before: Jan  2 07:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=353a3cc1b8934752b61df5ae254f4d2063bb64dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:9d:b9:c7:43:a2:96:a5:0d:8c:8c:96:34:be:
                    31:27:3d:cb:0c:2d:17:15:bc:c2:e5:ae:05:74:e8:
                    60:6c:fd:46:63:3b:31:d9:7b:11:92:cd:42:b7:2e:
                    4a:a7:c0:ba:ee:6e:75:e9:c6:40:62:66:6d:f7:b2:
                    a0:94:53:f4:73:0b:ea:55:82:23:69:2a:a5:e3:19:
                    11:28:32:20:cc:68:b9:fa:e8:82:7a:2e:80:18:a7:
                    f2:27:21:67:79:e5:83:01:9c:1d:e9:c6:16:ea:60:
                    3e:a7:4f:f1:da:83:87:9d:97:35:d6:f9:81:64:e8:
                    f6:03:b9:73:47:d2:3b:01:a1:07:49:d8:6d:6c:c3:
                    d6:89:1c:8c:56:8e:0f:02:18:a9:9c:af:80:86:4f:
                    f4:4b:95:a0:7c:f0:e0:5d:7b:c8:10:40:a9:b8:b8:
                    45:f4:1f:89:92:90:03:af:17:3e:70:61:0a:07:df:
                    4a:0c:e4:b3:97:55:8e:f4:5a:e0:24:3e:76:8e:fb:
                    64:ac:d7:dc:8b:9a:ae:ef:e0:16:e2:71:f9:14:3a:
                    a6:a4:56:5b:03:cc:7c:6d:7e:f4:31:e1:12:5e:ca:
                    1e:d9:51:27:b8:4d:52:1a:98:be:aa:4f:02:05:cd:
                    79:04:a1:1c:5e:12:75:31:27:87:28:d4:a6:28:95:
                    b6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:3A:3C:C1:B8:93:47:52:B6:1D:F5:AE:25:4F:4D:20:63:BB:64:DC
            X509v3 Authority Key Identifier:
                keyid:E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/NTo8wbiTR1K2HfWuJU9NIGO7ZNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:b0:c5:68:40:14:86:21:bc:41:6c:3a:e7:c2:09:c3:f4:c3:
         9b:44:41:83:9d:b1:11:2f:b3:84:a8:7a:b9:25:30:40:dd:60:
         3c:54:31:f0:9f:5b:d6:84:ba:76:d3:8b:3e:4c:6d:44:04:1b:
         48:81:e8:2b:2d:bc:da:74:b0:1b:6a:2d:57:b4:95:ca:d9:e8:
         e1:fe:47:e9:42:25:9d:cf:6b:de:3a:13:7e:1c:bd:d4:96:69:
         0c:ee:ef:59:e5:0d:07:ea:bc:bb:c7:ab:5e:c3:1f:97:b5:4e:
         a1:b1:59:8d:51:df:a6:29:27:b1:f4:ca:16:5a:10:6a:ea:c0:
         b9:0a:4e:c4:ac:00:a9:41:11:fc:06:7f:25:ea:99:3f:b0:db:
         53:f0:25:a0:10:d9:77:a6:ce:72:45:3f:8e:1f:bb:d2:39:23:
         3f:a4:2b:94:13:ae:a6:3b:b3:a7:d2:7c:40:d6:e1:b2:13:7d:
         e4:3c:6b:9d:28:fd:59:14:0a:e6:bf:54:45:54:c2:86:1f:f0:
         43:5e:02:a3:d7:41:67:2b:c1:65:14:52:e4:34:78:5f:ac:36:
         a5:59:6f:f7:85:3c:98:a0:61:c0:d7:51:d3:98:00:e5:b1:61:
         cf:0a:0c:73:27:65:6d:84:c8:59:9e:e7:9f:de:f8:35:1d:0f:
         5e:05:ae:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/chuHfv45bFqCrjwgzcVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZmVkNGU3NzgyMDljM2NhZTkzZDRiNzZkMzUwNzA0NDYy
YzNhYWIwHhcNMjUwMTAyMDc0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTNhM2NjMWI4OTM0NzUyYjYxZGY1YWUyNTRmNGQyMDYzYmI2NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ25x0OilqUNjIyWNL4xJz3LDC0X
FbzC5a4FdOhgbP1GYzsx2XsRks1Cty5Kp8C67m516cZAYmZt97KglFP0cwvqVYIj
aSql4xkRKDIgzGi5+uiCei6AGKfyJyFneeWDAZwd6cYW6mA+p0/x2oOHnZc11vmB
ZOj2A7lzR9I7AaEHSdhtbMPWiRyMVo4PAhipnK+Ahk/0S5WgfPDgXXvIEECpuLhF
9B+JkpADrxc+cGEKB99KDOSzl1WO9FrgJD52jvtkrNfci5qu7+AW4nH5FDqmpFZb
A8x8bX70MeESXsoe2VEnuE1SGpi+qk8CBc15BKEcXhJ1MSeHKNSmKJW2bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDU6PMG4k0dSth31riVPTSBju2TcMB8GA1UdIwQY
MBaAFOf+1Od4IJw8rpPUt201BwRGLDqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQt
OGJiODAxNTJhYjM0LzEvTlRvOHdiaVRSMUsySGZXdUpVOU5JR083Wk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQtOGJiODAxNTJhYjM0
LzEvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSGBMA0G
CSqGSIb3DQEBCwUAA4IBAQA0sMVoQBSGIbxBbDrnwgnD9MObREGDnbERL7OEqHq5
JTBA3WA8VDHwn1vWhLp204s+TG1EBBtIgegrLbzadLAbai1XtJXK2ejh/kfpQiWd
z2veOhN+HL3UlmkM7u9Z5Q0H6ry7x6tewx+XtU6hsVmNUd+mKSex9MoWWhBq6sC5
Ck7ErACpQRH8Bn8l6pk/sNtT8CWgENl3ps5yRT+OH7vSOSM/pCuUE66mO7On0nxA
1uGyE33kPGudKP1ZFArmv1RFVMKGH/BDXgKj10FnK8FlFFLkNHhfrDalWW/3hTyY
oGHA11HTmADlsWHPCgxzJ2VthMhZnuef3vg1HQ9eBa7q
-----END CERTIFICATE-----