Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-aPkk-yzW8sinyx1kx92eVdzzdU.roa
File:                     1-aPkk-yzW8sinyx1kx92eVdzzdU.roa (raw, json)
Hash identifier:          4i/z4UcoQq24Fxv7myWGcOVUlEBpT9PiSSt/z/UmaLg=
Subject key identifier:   F9:A3:E4:93:EC:B3:5B:CB:22:9F:2C:75:93:1F:76:79:57:73:CD:D5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143CE8645E75C6B70BA69639DB1641C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-aPkk-yzW8sinyx1kx92eVdzzdU.roa
Signing time:             Wed 01 Jan 2025 09:47:59 +0000
ROA not before:           Wed 01 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        89.213.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ce:86:45:e7:5c:6b:70:ba:69:63:9d:b1:64:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9a3e493ecb35bcb229f2c75931f76795773cdd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:16:33:40:af:dc:68:a8:51:4e:2f:ea:6c:fd:
                    7d:22:bd:ff:f7:bb:94:a5:a5:59:90:fc:16:d1:65:
                    63:65:64:c8:13:11:64:88:06:52:00:ff:9f:8a:31:
                    fe:49:de:48:0e:71:21:21:91:91:41:a6:dd:2d:58:
                    20:ca:f9:78:e8:6e:4a:b0:6f:e6:e3:2e:b0:9e:11:
                    ad:1f:dd:1c:e4:76:20:f2:a6:bc:6c:d3:4c:db:a1:
                    c7:76:bc:c3:be:aa:a6:25:63:63:7e:b6:2d:1d:e8:
                    ab:3a:15:4b:49:eb:cd:eb:18:51:a3:7b:68:1d:69:
                    1d:7d:4b:09:16:5a:82:10:bb:3c:a2:ac:54:54:12:
                    89:38:3c:d3:f8:d6:e9:b5:ad:c3:a7:fc:9f:c7:94:
                    16:de:61:76:08:0a:c8:13:ea:75:5b:44:3e:a1:bf:
                    c5:f0:12:84:39:84:7a:d5:27:ef:e4:1e:d8:33:9d:
                    57:5a:dc:a5:38:49:47:50:12:5a:b7:4f:22:ec:9b:
                    84:fe:82:c3:3a:cf:bd:cd:4e:a2:dd:cc:2e:3c:07:
                    a3:85:89:99:df:ab:03:47:14:e2:be:f5:9f:5c:ca:
                    d5:76:9d:7c:02:4d:3b:cf:f3:34:52:a7:f1:59:c7:
                    49:a9:13:7d:c3:2d:11:82:36:08:87:09:98:b0:be:
                    e4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A3:E4:93:EC:B3:5B:CB:22:9F:2C:75:93:1F:76:79:57:73:CD:D5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-aPkk-yzW8sinyx1kx92eVdzzdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:81:a8:9c:4c:28:38:b6:12:1e:70:a8:d1:bd:1c:e4:96:c7:
         cf:5d:36:28:f8:f6:31:69:af:d4:9c:ce:4f:0c:a4:27:ea:4d:
         97:c5:cd:97:9e:98:e7:a0:0a:6c:15:4b:11:78:e6:16:91:b5:
         82:93:43:47:bb:39:0f:ea:65:5a:ac:05:01:83:e6:ad:6b:5e:
         f2:85:14:34:ad:33:b1:9b:8d:fb:d2:f8:44:00:f6:cd:0c:8b:
         65:5c:f3:d5:11:94:94:5b:2a:3a:d2:94:f2:ca:fe:7e:d7:3f:
         38:9b:1f:93:79:ab:cd:ae:88:e0:69:ee:f9:11:9c:77:af:ad:
         8d:89:52:37:4d:31:e5:bf:a6:e8:0d:ed:0b:c1:fd:09:51:88:
         d2:68:aa:85:41:19:49:41:82:07:10:b2:46:09:32:aa:d2:aa:
         02:d9:2b:9a:9d:83:d8:63:b9:02:fe:4a:53:ca:d9:a4:4c:55:
         72:e4:a6:27:c6:1c:19:6c:fd:3e:68:48:b6:00:80:15:f6:bb:
         73:65:b5:3f:0f:5f:ec:1f:c9:36:39:f8:6e:7b:67:a9:ed:f3:
         4e:1f:1b:f0:4e:36:02:9f:11:7c:e6:43:b1:ae:a1:48:d2:9a:
         77:7e:4a:bb:92:4f:40:ae:9a:7a:04:55:6d:5c:f2:e8:20:9e:
         c3:b2:0e:f5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhQ86GRedca3C6aWOdsWQcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWEzZTQ5M2VjYjM1YmNiMjI5ZjJjNzU5MzFmNzY3OTU3NzNjZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxYzQK/caKhRTi/qbP19Ir3/97uU
paVZkPwW0WVjZWTIExFkiAZSAP+fijH+Sd5IDnEhIZGRQabdLVggyvl46G5KsG/m
4y6wnhGtH90c5HYg8qa8bNNM26HHdrzDvqqmJWNjfrYtHeirOhVLSevN6xhRo3to
HWkdfUsJFlqCELs8oqxUVBKJODzT+Nbpta3Dp/yfx5QW3mF2CArIE+p1W0Q+ob/F
8BKEOYR61Sfv5B7YM51XWtylOElHUBJat08i7JuE/oLDOs+9zU6i3cwuPAejhYmZ
36sDRxTivvWfXMrVdp18Ak07z/M0UqfxWcdJqRN9wy0RgjYIhwmYsL7kowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmj5JPss1vLIp8sdZMfdnlXc83VMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1hUGtrLXl6VzhzaW55eDFreDkyZVZkenpkVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlnVNDAN
BgkqhkiG9w0BAQsFAAOCAQEAOYGonEwoOLYSHnCo0b0c5JbHz102KPj2MWmv1JzO
TwykJ+pNl8XNl56Y56AKbBVLEXjmFpG1gpNDR7s5D+plWqwFAYPmrWte8oUUNK0z
sZuN+9L4RAD2zQyLZVzz1RGUlFsqOtKU8sr+ftc/OJsfk3mrza6I4Gnu+RGcd6+t
jYlSN00x5b+m6A3tC8H9CVGI0miqhUEZSUGCBxCyRgkyqtKqAtkrmp2D2GO5Av5K
U8rZpExVcuSmJ8YcGWz9PmhItgCAFfa7c2W1Pw9f7B/JNjn4bntnqe3zTh8b8E42
Ap8RfOZDsa6hSNKad35Ku5JPQK6aegRVbVzy6CCew7IO9Q==
-----END CERTIFICATE-----