Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/Tqry6ntz7b3kTeJ5OCnwPvloJIw.roa
File:                     Tqry6ntz7b3kTeJ5OCnwPvloJIw.roa (raw, json)
Hash identifier:          y/Hg2mPZLnUNHUkA7kXq+J0F+bsaFDCzyOC2OJvkyTk=
Subject key identifier:   4E:AA:F2:EA:7B:73:ED:BD:E4:4D:E2:79:38:29:F0:3E:F9:68:24:8C
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       019424B3BF44D0C89F7A33DEC42B8AC18490
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/Tqry6ntz7b3kTeJ5OCnwPvloJIw.roa
Signing time:             Thu 02 Jan 2025 01:49:07 +0000
ROA not before:           Thu 02 Jan 2025 01:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213690
IP address blocks:        185.14.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bf:44:d0:c8:9f:7a:33:de:c4:2b:8a:c1:84:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Jan  2 01:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4eaaf2ea7b73edbde44de2793829f03ef968248c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:88:82:8d:ba:47:64:e1:a6:ca:ad:60:a2:a3:
                    a1:05:a7:8f:10:89:41:75:f9:d5:05:2c:fb:dd:04:
                    f8:d2:b7:1d:86:01:d1:1a:9e:42:01:9a:12:d7:08:
                    8f:7f:a8:90:fd:31:99:01:81:16:ad:b1:b6:56:97:
                    bd:13:94:2a:43:bc:09:7e:c5:90:b9:19:7a:5c:27:
                    26:33:92:f1:26:d2:75:f9:6e:8e:c9:01:63:47:b9:
                    77:56:3d:90:db:95:05:c7:e3:f1:a2:32:1f:e6:82:
                    05:58:e8:e2:90:bc:b6:59:e0:eb:d9:73:4f:e5:f9:
                    24:a0:95:26:6d:82:68:e7:be:ce:f8:01:6a:a7:af:
                    34:c0:4c:07:fb:be:5e:0f:b6:fb:c0:8d:61:7f:88:
                    7e:aa:da:0c:28:b9:36:5d:a5:ff:25:ac:c0:d4:ce:
                    c3:1a:d6:c8:72:1d:ab:64:9f:6a:4f:9e:6e:ba:df:
                    8c:10:00:6f:dd:ee:ec:52:33:28:01:cb:4b:b4:32:
                    60:96:01:5b:e9:f0:e9:1e:53:94:8d:96:db:e3:77:
                    fc:46:e4:d1:5c:7f:1d:a9:18:a0:84:63:c1:de:05:
                    30:53:d7:1e:08:54:ee:33:9c:25:89:d0:b1:c3:6e:
                    c9:39:f9:74:a1:8a:cf:32:3e:29:4b:4b:ac:76:5a:
                    6d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:AA:F2:EA:7B:73:ED:BD:E4:4D:E2:79:38:29:F0:3E:F9:68:24:8C
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/Tqry6ntz7b3kTeJ5OCnwPvloJIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:b9:26:78:c1:e3:6b:72:87:4f:ad:2c:be:c8:42:f4:1a:1e:
         02:53:ca:34:dc:81:ac:bf:97:dd:d2:bc:e9:b7:b0:bb:ed:9d:
         0f:01:63:d0:c8:a5:c0:b3:45:8d:7e:20:19:25:2e:80:c1:6e:
         90:0f:5b:ec:ad:fe:1f:27:63:ac:70:77:07:e3:3f:73:b7:fe:
         43:b7:65:b0:8f:de:27:bb:58:24:5a:fc:52:cd:e5:7d:b7:31:
         0f:29:05:89:46:a1:86:84:26:ae:09:21:3e:ec:d1:d2:6b:e8:
         27:93:7d:2b:bb:fb:0e:a6:24:a5:a0:b4:73:ff:1a:92:c7:ba:
         ad:25:62:d3:2f:22:a7:61:9c:f4:fa:4f:e0:ad:64:cf:ad:4a:
         da:19:f3:7f:36:19:11:c4:04:7f:64:07:4e:80:3d:aa:45:6d:
         b0:a4:bf:3e:e2:66:6d:2d:1d:98:31:c4:7f:fd:85:74:65:1e:
         95:d0:fd:ec:88:56:ab:f7:3d:12:82:43:32:b1:ba:f4:74:e0:
         3d:51:2b:40:ee:5d:f5:24:31:34:67:b1:ee:39:ce:21:d0:32:
         c1:3d:c3:55:03:6e:cd:15:eb:f4:fc:b6:a8:24:52:93:19:ac:
         e0:39:70:65:ed:2e:ea:3b:ff:1c:ae:bf:5c:50:d1:06:e3:9d:
         04:d9:e0:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks79E0MifejPexCuKwYSQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjUwMTAyMDE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWFhZjJlYTdiNzNlZGJkZTQ0ZGUyNzkzODI5ZjAzZWY5NjgyNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4iCjbpHZOGmyq1goqOhBaePEIlB
dfnVBSz73QT40rcdhgHRGp5CAZoS1wiPf6iQ/TGZAYEWrbG2Vpe9E5QqQ7wJfsWQ
uRl6XCcmM5LxJtJ1+W6OyQFjR7l3Vj2Q25UFx+PxojIf5oIFWOjikLy2WeDr2XNP
5fkkoJUmbYJo577O+AFqp680wEwH+75eD7b7wI1hf4h+qtoMKLk2XaX/JazA1M7D
GtbIch2rZJ9qT55uut+MEABv3e7sUjMoActLtDJglgFb6fDpHlOUjZbb43f8RuTR
XH8dqRighGPB3gUwU9ceCFTuM5wlidCxw27JOfl0oYrPMj4pS0usdlptEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6q8up7c+295E3ieTgp8D75aCSMMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvVHFyeTZudHo3YjNrVGVKNU9DbndQdmxvSkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7uMA0G
CSqGSIb3DQEBCwUAA4IBAQCKuSZ4weNrcodPrSy+yEL0Gh4CU8o03IGsv5fd0rzp
t7C77Z0PAWPQyKXAs0WNfiAZJS6AwW6QD1vsrf4fJ2OscHcH4z9zt/5Dt2Wwj94n
u1gkWvxSzeV9tzEPKQWJRqGGhCauCSE+7NHSa+gnk30ru/sOpiSloLRz/xqSx7qt
JWLTLyKnYZz0+k/grWTPrUraGfN/NhkRxAR/ZAdOgD2qRW2wpL8+4mZtLR2YMcR/
/YV0ZR6V0P3siFar9z0SgkMysbr0dOA9UStA7l31JDE0Z7HuOc4h0DLBPcNVA27N
Fev0/LaoJFKTGazgOXBl7S7qO/8crr9cUNEG450E2eAp
-----END CERTIFICATE-----