Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1ESP2p_NWNFIcF_EQCcVHlls_zA.roa
File:                     1ESP2p_NWNFIcF_EQCcVHlls_zA.roa (raw, json)
Hash identifier:          mHurUsOv+2zB72QaPgPIkOwIBkmNqkTfdwFjPwuNxWk=
Subject key identifier:   D4:44:8F:DA:9F:CD:58:D1:48:70:5F:C4:40:27:15:1E:59:6C:FF:30
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019440CE251FBEB2DA993F2BEEEEAD961C9B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1ESP2p_NWNFIcF_EQCcVHlls_zA.roa
Signing time:             Tue 07 Jan 2025 12:47:19 +0000
ROA not before:           Tue 07 Jan 2025 12:47:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        89.213.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:40:ce:25:1f:be:b2:da:99:3f:2b:ee:ee:ad:96:1c:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  7 12:47:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4448fda9fcd58d148705fc44027151e596cff30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:30:3a:76:0a:63:d2:09:03:51:46:2d:1a:13:
                    e3:1e:15:63:d1:a7:bc:4b:f8:f5:3a:23:d2:a8:ce:
                    53:21:dd:8e:86:ce:0d:4a:ad:74:50:e8:31:27:68:
                    2d:b4:64:80:ef:92:0b:4b:f1:26:20:e4:cc:f6:be:
                    42:87:ba:fb:b0:a3:ce:92:84:8a:b6:93:31:a7:26:
                    74:80:8a:14:c2:f9:87:de:da:56:19:31:88:f9:12:
                    82:7c:81:69:cf:43:cc:6f:2e:be:cf:2d:1b:41:71:
                    1c:bf:fc:a4:a2:e5:cc:1e:34:6d:b1:07:16:9e:2e:
                    3d:8e:16:86:38:d0:0b:e5:ec:84:48:aa:e6:71:5f:
                    1c:7a:e5:7e:44:09:d8:89:73:c5:53:c0:fe:b5:61:
                    78:c4:84:ff:2c:a0:73:7d:48:6b:d5:43:c0:be:61:
                    b5:29:b2:57:07:f3:b1:e1:ad:42:39:19:9b:47:87:
                    42:12:aa:5c:6c:b7:82:70:d2:a4:93:6f:73:38:b1:
                    38:2b:06:f7:85:8c:4a:5a:38:b8:8e:78:9f:0f:20:
                    a0:f4:82:e8:8b:e2:dc:26:c9:94:e7:79:70:e3:b7:
                    39:a9:ec:04:11:de:ca:ec:69:5f:f0:88:a8:a3:e4:
                    99:42:2e:10:be:37:da:85:97:ef:69:fd:14:45:20:
                    7f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:44:8F:DA:9F:CD:58:D1:48:70:5F:C4:40:27:15:1E:59:6C:FF:30
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1ESP2p_NWNFIcF_EQCcVHlls_zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:97:e2:76:16:34:ea:b6:94:ff:e5:e9:45:fe:2b:e1:13:9b:
         1c:66:3f:11:e6:29:16:bd:94:92:1b:bf:19:0e:1f:a1:1d:63:
         d7:3c:f1:7e:64:00:32:eb:03:09:93:71:2b:aa:ba:2a:a0:30:
         06:89:b2:fc:3a:ad:1c:c8:ec:d4:a1:76:86:dd:39:db:14:12:
         d2:ee:dd:7b:17:dd:10:7e:83:3a:68:ab:f2:0e:72:d7:cd:33:
         b5:dc:bb:ca:0c:b2:01:78:86:48:69:5a:49:f7:f7:af:a7:e9:
         a1:19:7c:47:9b:dc:97:bd:8d:bb:c8:9a:c5:1d:10:92:e7:f1:
         91:c9:91:aa:36:ca:15:f3:6b:a1:93:89:85:af:17:2b:42:d1:
         05:78:12:46:42:24:c1:e5:9a:8e:20:74:fb:ef:e1:9b:ff:53:
         02:2b:a7:59:3c:68:13:3b:76:e3:4c:1f:e9:f9:87:fe:49:e3:
         99:4a:11:3b:08:fc:a9:49:5a:ea:ea:7d:cf:c6:32:68:1c:f4:
         f6:70:6e:30:eb:23:ec:bd:60:97:cb:c0:8c:13:83:ba:fa:ea:
         39:c8:69:34:54:73:bf:0b:ef:f5:e4:5e:71:d9:31:a3:87:13:
         da:7c:e4:a7:80:68:3d:58:4f:cb:b9:5f:64:99:b0:11:3d:a1:
         2a:87:6a:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRAziUfvrLamT8r7u6tlhybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTA3MTI0NzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDQ0OGZkYTlmY2Q1OGQxNDg3MDVmYzQ0MDI3MTUxZTU5NmNmZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DA6dgpj0gkDUUYtGhPjHhVj0ae8
S/j1OiPSqM5TId2Ohs4NSq10UOgxJ2gttGSA75ILS/EmIOTM9r5Ch7r7sKPOkoSK
tpMxpyZ0gIoUwvmH3tpWGTGI+RKCfIFpz0PMby6+zy0bQXEcv/ykouXMHjRtsQcW
ni49jhaGONAL5eyESKrmcV8ceuV+RAnYiXPFU8D+tWF4xIT/LKBzfUhr1UPAvmG1
KbJXB/Ox4a1CORmbR4dCEqpcbLeCcNKkk29zOLE4Kwb3hYxKWji4jnifDyCg9ILo
i+LcJsmU53lw47c5qewEEd7K7Glf8Iioo+SZQi4QvjfahZfvaf0URSB/HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNREj9qfzVjRSHBfxEAnFR5ZbP8wMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMUVTUDJwX05XTkZJY0ZfRVFDY1ZIbGxzX3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUGMA0G
CSqGSIb3DQEBCwUAA4IBAQCdl+J2FjTqtpT/5elF/ivhE5scZj8R5ikWvZSSG78Z
Dh+hHWPXPPF+ZAAy6wMJk3ErqroqoDAGibL8Oq0cyOzUoXaG3TnbFBLS7t17F90Q
foM6aKvyDnLXzTO13LvKDLIBeIZIaVpJ9/evp+mhGXxHm9yXvY27yJrFHRCS5/GR
yZGqNsoV82uhk4mFrxcrQtEFeBJGQiTB5ZqOIHT77+Gb/1MCK6dZPGgTO3bjTB/p
+Yf+SeOZShE7CPypSVrq6n3PxjJoHPT2cG4w6yPsvWCXy8CME4O6+uo5yGk0VHO/
C+/15F5x2TGjhxPafOSngGg9WE/LuV9kmbARPaEqh2qm
-----END CERTIFICATE-----