Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/PRL7sgUPxAooAgpR2OCFKktRv4I.roa
File:                     PRL7sgUPxAooAgpR2OCFKktRv4I.roa (raw, json)
Hash identifier:          7EnjkpMFrtIGkSxH/V71N/Yi8O1F+vC6f4Et13UAYFE=
Subject key identifier:   3D:12:FB:B2:05:0F:C4:0A:28:02:0A:51:D8:E0:85:2A:4B:51:BF:82
Certificate issuer:       /CN=d0f6b8436f6634cd31d7097ce242a549935b18d7
Certificate serial:       01942444C7A66355E3C57AC5095317A5CDD5
Authority key identifier: D0:F6:B8:43:6F:66:34:CD:31:D7:09:7C:E2:42:A5:49:93:5B:18:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Pa4Q29mNM0x1wl84kKlSZNbGNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/PRL7sgUPxAooAgpR2OCFKktRv4I.roa
Signing time:             Wed 01 Jan 2025 23:47:54 +0000
ROA not before:           Wed 01 Jan 2025 23:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59989
IP address blocks:        185.89.84.0/22 maxlen: 22
                          185.89.84.0/24 maxlen: 24
                          185.89.85.0/24 maxlen: 24
                          185.89.86.0/24 maxlen: 24
                          185.89.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/0Pa4Q29mNM0x1wl84kKlSZNbGNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/0Pa4Q29mNM0x1wl84kKlSZNbGNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Pa4Q29mNM0x1wl84kKlSZNbGNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:c7:a6:63:55:e3:c5:7a:c5:09:53:17:a5:cd:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f6b8436f6634cd31d7097ce242a549935b18d7
        Validity
            Not Before: Jan  1 23:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d12fbb2050fc40a28020a51d8e0852a4b51bf82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6f:ba:a1:84:51:a3:fc:b2:e5:81:7e:07:ae:
                    d3:20:49:6c:41:c4:1a:bb:7c:23:f7:b0:6d:97:57:
                    a8:a1:b9:e3:0c:8f:fe:65:2c:01:3e:b0:67:ed:e5:
                    8b:71:aa:b3:3c:68:3b:ce:08:00:44:c1:ce:61:6c:
                    e6:29:08:f6:bc:51:b1:e2:1a:d2:b1:73:47:62:be:
                    60:80:6e:91:e6:fa:20:3c:cf:d7:a8:f9:15:e3:83:
                    0b:f8:95:5f:ee:9e:c5:3b:28:34:7b:b7:bf:20:66:
                    2b:5b:16:8a:f6:b0:0e:aa:8b:48:74:ae:16:3d:85:
                    b7:3d:b9:19:0e:74:6e:76:49:2b:5c:d3:dc:0c:a3:
                    22:24:3a:c2:1c:0d:5d:a2:4f:ce:d0:1f:17:da:09:
                    55:5c:77:ec:5c:e2:0b:b0:45:9b:8e:47:e8:8a:57:
                    a0:81:5f:c2:4b:9e:93:d6:5c:ee:4f:f7:78:1d:52:
                    96:3b:cb:a5:07:c6:61:17:75:ca:c0:63:cb:52:60:
                    f8:41:f8:27:9d:26:0e:36:f6:da:6e:70:97:56:1f:
                    af:4e:a7:61:e1:8b:b7:6d:82:71:07:8f:b0:de:fe:
                    05:0f:cb:7f:69:99:00:85:2e:fb:b9:56:b8:40:56:
                    ef:31:da:27:26:ff:93:9d:77:f2:ca:34:73:60:58:
                    89:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:12:FB:B2:05:0F:C4:0A:28:02:0A:51:D8:E0:85:2A:4B:51:BF:82
            X509v3 Authority Key Identifier:
                keyid:D0:F6:B8:43:6F:66:34:CD:31:D7:09:7C:E2:42:A5:49:93:5B:18:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Pa4Q29mNM0x1wl84kKlSZNbGNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/PRL7sgUPxAooAgpR2OCFKktRv4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/0Pa4Q29mNM0x1wl84kKlSZNbGNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:bf:9e:ff:5b:74:56:1c:ad:dd:d0:d7:8e:a5:5f:bc:e5:90:
         52:24:13:f7:82:ae:52:4e:c4:ef:a3:e4:4e:83:4c:ee:9d:0a:
         76:0e:de:6f:f8:71:d2:3f:bd:ad:e4:5c:94:13:2e:47:86:b5:
         d8:59:df:7c:08:4e:68:a4:d5:9f:91:b3:0f:3f:d7:e3:6d:d0:
         b8:53:c7:d9:0b:29:19:3e:b6:f0:70:ba:79:cb:84:9e:88:af:
         88:e9:32:7d:09:a4:88:23:c6:76:cc:54:dc:84:23:78:6e:6e:
         c8:9e:58:28:b3:2a:4c:5a:7e:f8:92:db:14:b5:d9:9f:63:f1:
         51:67:0f:f0:b5:12:70:3b:75:45:52:52:9d:b8:8a:55:cf:d3:
         9e:10:7f:d5:11:3a:9f:1b:c6:34:e7:f3:a2:65:31:52:4f:16:
         3d:e8:7f:0b:4d:6c:81:3b:13:b5:84:d8:f7:13:00:75:f3:96:
         f7:c6:12:39:b2:8f:5f:19:d2:77:c9:e1:95:52:a1:78:63:b7:
         d4:66:30:0e:04:0f:c6:e7:2d:46:fe:aa:d9:b7:d1:9e:0b:1f:
         3f:ea:67:37:27:07:12:6b:50:06:be:9d:73:a5:93:60:43:66:
         ce:98:c5:23:c7:6f:f3:66:42:85:b3:17:e8:52:5a:1a:aa:e2:
         87:e2:12:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRMemY1XjxXrFCVMXpc3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZjZiODQzNmY2NjM0Y2QzMWQ3MDk3Y2UyNDJhNTQ5OTM1
YjE4ZDcwHhcNMjUwMTAxMjM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDEyZmJiMjA1MGZjNDBhMjgwMjBhNTFkOGUwODUyYTRiNTFiZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmG+6oYRRo/yy5YF+B67TIElsQcQa
u3wj97Btl1eoobnjDI/+ZSwBPrBn7eWLcaqzPGg7zggARMHOYWzmKQj2vFGx4hrS
sXNHYr5ggG6R5vogPM/XqPkV44ML+JVf7p7FOyg0e7e/IGYrWxaK9rAOqotIdK4W
PYW3PbkZDnRudkkrXNPcDKMiJDrCHA1dok/O0B8X2glVXHfsXOILsEWbjkfoileg
gV/CS56T1lzuT/d4HVKWO8ulB8ZhF3XKwGPLUmD4QfgnnSYONvbabnCXVh+vTqdh
4Yu3bYJxB4+w3v4FD8t/aZkAhS77uVa4QFbvMdonJv+TnXfyyjRzYFiJ0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0S+7IFD8QKKAIKUdjghSpLUb+CMB8GA1UdIwQY
MBaAFND2uENvZjTNMdcJfOJCpUmTWxjXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFBhNFEyOW1OTTB4MXdsODRrS2xTWk5iR05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC81MTRhNDItMGJlOC00NWU4LWE3ZjAt
NTVkYThlYzM2MDE0LzEvUFJMN3NnVVB4QW9vQWdwUjJPQ0ZLa3RSdjRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC81MTRhNDItMGJlOC00NWU4LWE3ZjAtNTVkYThlYzM2MDE0
LzEvMFBhNFEyOW1OTTB4MXdsODRrS2xTWk5iR05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVlUMA0G
CSqGSIb3DQEBCwUAA4IBAQCSv57/W3RWHK3d0NeOpV+85ZBSJBP3gq5STsTvo+RO
g0zunQp2Dt5v+HHSP72t5FyUEy5HhrXYWd98CE5opNWfkbMPP9fjbdC4U8fZCykZ
PrbwcLp5y4SeiK+I6TJ9CaSII8Z2zFTchCN4bm7InlgosypMWn74ktsUtdmfY/FR
Zw/wtRJwO3VFUlKduIpVz9OeEH/VETqfG8Y05/OiZTFSTxY96H8LTWyBOxO1hNj3
EwB185b3xhI5so9fGdJ3yeGVUqF4Y7fUZjAOBA/G5y1G/qrZt9GeCx8/6mc3JwcS
a1AGvp1zpZNgQ2bOmMUjx2/zZkKFsxfoUloaquKH4hKC
-----END CERTIFICATE-----