Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-cZQJ9X5DhZxb3HgncgUaBGuVwg.roa
File:                     1-cZQJ9X5DhZxb3HgncgUaBGuVwg.roa (raw, json)
Hash identifier:          IbXxkXiPrKMhoGn0DKetKc5Y+fklWKRGWJWj4y/DhvA=
Subject key identifier:   F9:C6:50:27:D5:F9:0E:16:71:6F:71:E0:9D:C8:14:68:11:AE:57:08
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214403ABFB55ED2747D792899DE55B47
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-cZQJ9X5DhZxb3HgncgUaBGuVwg.roa
Signing time:             Wed 01 Jan 2025 09:48:12 +0000
ROA not before:           Wed 01 Jan 2025 09:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202827
IP address blocks:        89.213.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:03:ab:fb:55:ed:27:47:d7:92:89:9d:e5:5b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9c65027d5f90e16716f71e09dc8146811ae5708
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5f:f4:6b:46:08:2b:14:06:8d:fe:08:4a:0b:
                    f7:46:c4:0f:00:96:4e:b2:75:f9:dc:72:d3:b6:13:
                    17:4d:71:81:a5:9f:6e:70:15:24:8c:f1:0d:be:73:
                    3b:ca:43:f2:b7:7c:e2:da:1b:c3:46:b0:eb:40:5e:
                    96:15:88:04:f3:41:08:4b:da:f3:f0:72:64:17:94:
                    cd:74:cf:35:bb:a4:7f:cc:b8:2a:fa:96:16:00:73:
                    49:c9:e8:ab:d2:1f:e0:47:8b:b0:f2:83:6c:2a:70:
                    a9:32:b0:43:a7:94:65:92:5f:25:dd:58:9e:ba:94:
                    62:37:ca:89:c9:24:d9:cd:0a:e0:b8:38:54:63:69:
                    4c:7b:ec:0c:3f:6e:79:02:ba:79:fd:32:36:01:59:
                    c5:6f:aa:35:8c:90:8c:2b:02:5a:00:6c:78:00:15:
                    1f:4e:6e:e4:41:54:f5:fc:7b:5f:ad:36:f7:1d:a1:
                    d5:5e:cb:58:75:d1:cb:ba:83:19:b7:1d:39:9e:ad:
                    e4:04:1d:a8:e5:35:f6:f3:65:3a:8b:72:8c:0e:53:
                    d2:e0:1f:a3:7f:c6:80:1c:74:e0:54:7f:9f:db:57:
                    86:f1:43:0e:3c:8c:85:7a:dd:f3:f2:55:66:f1:37:
                    1c:60:77:22:aa:8d:df:d6:5e:c6:2b:45:b8:67:55:
                    dd:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C6:50:27:D5:F9:0E:16:71:6F:71:E0:9D:C8:14:68:11:AE:57:08
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-cZQJ9X5DhZxb3HgncgUaBGuVwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:49:17:b8:bf:53:2d:5f:01:42:01:bd:86:59:32:1e:77:1d:
         63:de:bf:ca:4b:03:36:a9:21:bd:cb:60:f1:af:2b:26:55:59:
         19:c6:07:8a:33:3d:b2:66:e0:21:d4:35:71:55:a4:61:9f:21:
         7c:35:c5:46:bd:2c:25:d6:7f:80:a7:77:93:40:47:66:52:02:
         60:27:5d:3a:bd:e3:b5:8a:9c:c8:22:3b:09:02:8d:62:ec:42:
         9f:52:96:2e:88:b1:fe:a6:9d:33:e5:23:35:80:fc:a8:d9:ed:
         bd:07:02:a0:50:2d:e2:ea:f6:72:38:07:8a:e4:fc:3c:c4:88:
         93:89:d7:49:16:9f:9d:8a:57:3f:08:f4:f2:a8:14:cc:8b:8b:
         fc:fd:a7:6f:0b:ba:7f:2a:8a:60:80:01:ee:e4:7a:ca:18:c0:
         55:82:1a:01:8c:ce:e3:31:2c:55:03:93:2d:de:ad:ee:a5:2b:
         d9:f1:b4:7d:d2:1b:89:f5:b2:50:ef:fb:94:a4:f6:56:db:f0:
         56:b5:9b:43:c8:29:79:cb:56:b8:ef:84:90:4b:86:cf:1e:0c:
         02:b6:20:2c:d6:c1:c4:32:4f:74:b7:57:24:2b:e9:85:e5:45:
         0b:0e:a6:4a:ed:be:5d:46:0a:69:a2:7a:a6:8c:37:41:13:56:
         d8:3e:ea:49
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhRAOr+1XtJ0fXkomd5VtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWM2NTAyN2Q1ZjkwZTE2NzE2ZjcxZTA5ZGM4MTQ2ODExYWU1NzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxV/0a0YIKxQGjf4ISgv3RsQPAJZO
snX53HLTthMXTXGBpZ9ucBUkjPENvnM7ykPyt3zi2hvDRrDrQF6WFYgE80EIS9rz
8HJkF5TNdM81u6R/zLgq+pYWAHNJyeir0h/gR4uw8oNsKnCpMrBDp5Rlkl8l3Vie
upRiN8qJySTZzQrguDhUY2lMe+wMP255Arp5/TI2AVnFb6o1jJCMKwJaAGx4ABUf
Tm7kQVT1/HtfrTb3HaHVXstYddHLuoMZtx05nq3kBB2o5TX282U6i3KMDlPS4B+j
f8aAHHTgVH+f21eG8UMOPIyFet3z8lVm8TccYHciqo3f1l7GK0W4Z1XdmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnGUCfV+Q4WcW9x4J3IFGgRrlcIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1jWlFKOVg1RGhaeGIzSGduY2dVYUJHdVZ3Zy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFnVnjAN
BgkqhkiG9w0BAQsFAAOCAQEAZEkXuL9TLV8BQgG9hlkyHncdY96/yksDNqkhvctg
8a8rJlVZGcYHijM9smbgIdQ1cVWkYZ8hfDXFRr0sJdZ/gKd3k0BHZlICYCddOr3j
tYqcyCI7CQKNYuxCn1KWLoix/qadM+UjNYD8qNntvQcCoFAt4ur2cjgHiuT8PMSI
k4nXSRafnYpXPwj08qgUzIuL/P2nbwu6fyqKYIAB7uR6yhjAVYIaAYzO4zEsVQOT
Ld6t7qUr2fG0fdIbifWyUO/7lKT2VtvwVrWbQ8gpectWuO+EkEuGzx4MArYgLNbB
xDJPdLdXJCvpheVFCw6mSu2+XUYKaaJ6pow3QRNW2D7qSQ==
-----END CERTIFICATE-----