Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2lNbCfwt0rwoiqWqxQYO9WEEs0g.roa
File:                     2lNbCfwt0rwoiqWqxQYO9WEEs0g.roa (raw, json)
Hash identifier:          +QNI2t6rMxlx+NjAwbNquKtCy6pV7F8t8lcENN/Lnk8=
Subject key identifier:   DA:53:5B:09:FC:2D:D2:BC:28:8A:A5:AA:C5:06:0E:F5:61:04:B3:48
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143D1736F1BEC44E5EDC25F167FEF91
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2lNbCfwt0rwoiqWqxQYO9WEEs0g.roa
Signing time:             Wed 01 Jan 2025 09:48:00 +0000
ROA not before:           Wed 01 Jan 2025 09:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7979
IP address blocks:        89.213.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d1:73:6f:1b:ec:44:e5:ed:c2:5f:16:7f:ef:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da535b09fc2dd2bc288aa5aac5060ef56104b348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:de:f2:4f:10:1d:92:42:e2:72:10:91:3b:8e:
                    7a:66:76:11:16:4c:76:5a:e2:15:cb:68:f8:53:f7:
                    b2:85:75:d5:59:43:c4:45:4e:ea:49:c9:12:37:0e:
                    4e:da:a8:78:02:5c:e3:03:56:71:55:30:54:34:cd:
                    5b:78:81:da:d9:06:5b:82:c8:c6:57:3a:a6:fc:a9:
                    1e:7f:a4:2e:85:d9:a2:56:1d:bf:61:7a:7b:14:f4:
                    2d:51:9c:1c:0c:bd:28:0f:c4:ae:34:ed:4a:66:eb:
                    f6:94:c8:65:9c:6b:50:0b:cf:8c:2b:6a:a5:19:47:
                    40:c8:64:33:71:28:95:b0:d1:1b:e0:2e:33:f3:33:
                    25:af:53:fe:42:3b:2b:e1:7c:4f:6d:1e:61:bc:17:
                    6f:75:db:e2:11:ac:2b:29:d5:54:d2:08:5a:c1:02:
                    5a:6f:a4:da:ca:9d:5c:b0:e6:ea:cc:69:be:30:f4:
                    31:4c:4c:23:b3:bc:cc:d5:ed:cf:59:19:15:33:51:
                    93:c7:a5:a1:85:28:c8:26:74:18:8c:67:8d:04:7b:
                    09:ac:85:a3:7e:20:cf:84:22:24:2e:21:bd:f3:f8:
                    0f:a4:93:6c:68:63:5e:2b:29:fc:d6:47:e2:d2:70:
                    4f:17:30:ff:db:c0:a8:5d:7b:8e:2d:0f:80:c1:ff:
                    20:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:53:5B:09:FC:2D:D2:BC:28:8A:A5:AA:C5:06:0E:F5:61:04:B3:48
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2lNbCfwt0rwoiqWqxQYO9WEEs0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:91:65:40:dc:c8:7c:e1:96:85:f5:7c:09:66:0b:7d:5b:9e:
         d7:f2:b3:10:1b:ac:03:6f:73:cf:2b:ea:03:3f:3c:9e:72:dc:
         ca:98:a0:7f:db:c5:b1:74:96:f9:30:41:78:87:bb:00:2f:e8:
         b2:8c:cf:ab:bc:62:7e:5e:0e:77:f0:e5:34:d2:44:30:e4:f6:
         c1:5c:87:05:ac:45:43:73:25:d2:0e:38:bc:45:d8:2d:f2:94:
         7c:27:7e:77:ec:55:50:ac:8c:44:29:05:f0:a1:35:43:f0:10:
         68:5f:da:43:b6:eb:89:98:a6:3c:7e:a1:89:7c:df:9f:56:86:
         e6:b7:d8:1e:3b:53:ea:b7:90:48:85:01:fe:5a:a2:59:c1:3b:
         a8:0b:07:6c:09:ef:0b:db:ab:49:37:2c:ec:13:43:dc:39:93:
         03:62:4e:5e:4a:a9:53:03:ee:d3:b5:5b:d8:48:e2:d8:1c:3b:
         41:4f:74:32:3d:34:ce:a3:96:a7:7c:28:fd:76:46:38:e6:b8:
         ce:35:3d:c4:80:cd:b0:d6:f4:b6:91:7d:f6:c0:d5:c5:b8:23:
         37:8a:91:e9:70:08:20:e5:c5:bb:d1:aa:d7:bc:4c:1d:48:b2:
         88:13:62:97:2a:a8:2e:35:5f:34:24:00:14:4b:f3:03:73:95:
         c3:80:16:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9FzbxvsROXtwl8Wf++RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTUzNWIwOWZjMmRkMmJjMjg4YWE1YWFjNTA2MGVmNTYxMDRiMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd7yTxAdkkLichCRO456ZnYRFkx2
WuIVy2j4U/eyhXXVWUPERU7qSckSNw5O2qh4AlzjA1ZxVTBUNM1beIHa2QZbgsjG
Vzqm/Kkef6QuhdmiVh2/YXp7FPQtUZwcDL0oD8SuNO1KZuv2lMhlnGtQC8+MK2ql
GUdAyGQzcSiVsNEb4C4z8zMlr1P+Qjsr4XxPbR5hvBdvddviEawrKdVU0ghawQJa
b6Tayp1csObqzGm+MPQxTEwjs7zM1e3PWRkVM1GTx6WhhSjIJnQYjGeNBHsJrIWj
fiDPhCIkLiG98/gPpJNsaGNeKyn81kfi0nBPFzD/28CoXXuOLQ+Awf8gmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpTWwn8LdK8KIqlqsUGDvVhBLNIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMmxOYkNmd3QwcndvaXFXcXhRWU85V0VFczBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWKMA0G
CSqGSIb3DQEBCwUAA4IBAQA+kWVA3Mh84ZaF9XwJZgt9W57X8rMQG6wDb3PPK+oD
PzyectzKmKB/28WxdJb5MEF4h7sAL+iyjM+rvGJ+Xg538OU00kQw5PbBXIcFrEVD
cyXSDji8Rdgt8pR8J3537FVQrIxEKQXwoTVD8BBoX9pDtuuJmKY8fqGJfN+fVobm
t9geO1Pqt5BIhQH+WqJZwTuoCwdsCe8L26tJNyzsE0PcOZMDYk5eSqlTA+7TtVvY
SOLYHDtBT3QyPTTOo5anfCj9dkY45rjONT3EgM2w1vS2kX32wNXFuCM3ipHpcAgg
5cW70arXvEwdSLKIE2KXKqguNV80JAAUS/MDc5XDgBYA
-----END CERTIFICATE-----