Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7-UC3PpcPIp-0vAufPtAWZStRWY.roa
File:                     7-UC3PpcPIp-0vAufPtAWZStRWY.roa (raw, json)
Hash identifier:          oVwwdDP5wMvPayCVqFGHmw4hJyZ3HrL9xouXT+yTGB0=
Subject key identifier:   EF:E5:02:DC:FA:5C:3C:8A:7E:D2:F0:2E:7C:FB:40:59:94:AD:45:66
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143DBB7C6BA8CB0031BD045928CCB9D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7-UC3PpcPIp-0vAufPtAWZStRWY.roa
Signing time:             Wed 01 Jan 2025 09:48:02 +0000
ROA not before:           Wed 01 Jan 2025 09:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28459
IP address blocks:        89.213.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:db:b7:c6:ba:8c:b0:03:1b:d0:45:92:8c:cb:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efe502dcfa5c3c8a7ed2f02e7cfb405994ad4566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:32:c2:a7:0f:05:ba:bd:e7:8b:21:51:d8:a3:
                    e2:a1:26:fc:64:2b:42:c6:ac:bd:21:a8:a2:54:75:
                    fe:dc:7b:c9:01:b0:9f:60:94:95:98:61:35:6f:5e:
                    f0:bb:cb:03:bb:17:33:71:f3:59:95:5f:a9:59:d7:
                    6b:27:ed:f9:8e:77:d1:a2:ae:f1:3f:de:f7:4f:19:
                    64:a2:b7:56:7f:fd:9a:3d:b5:e7:e7:1a:66:a1:b5:
                    b7:a9:f7:87:95:d7:6d:16:13:b0:55:0e:0a:1b:98:
                    7a:eb:5a:cc:26:47:6c:a7:63:ae:01:3a:45:92:f2:
                    58:10:9d:bd:33:04:7b:b4:8c:c9:cc:5d:3f:34:e6:
                    c4:c4:a4:ed:ec:9a:18:98:31:cb:ab:50:bc:7a:8b:
                    c4:d0:de:3a:b1:69:5d:d7:3b:e7:af:f6:f3:da:14:
                    2f:c9:59:6b:a0:16:85:a0:6b:22:94:e9:11:6b:ca:
                    c4:e4:53:ea:47:42:67:19:de:54:97:52:3e:92:8b:
                    7c:13:06:8c:4c:50:e7:54:fa:a8:65:3e:9b:ce:cb:
                    25:eb:b5:02:41:94:2a:93:84:41:da:68:53:9f:7f:
                    04:03:58:c6:c6:78:4b:4e:75:5d:fa:59:00:1a:2e:
                    b3:0f:b3:28:78:dd:6a:fd:63:77:e0:02:a1:2b:9a:
                    27:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E5:02:DC:FA:5C:3C:8A:7E:D2:F0:2E:7C:FB:40:59:94:AD:45:66
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7-UC3PpcPIp-0vAufPtAWZStRWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:90:4c:2a:2e:83:33:bb:be:3f:74:ef:33:1a:e0:1d:e6:39:
         73:a7:c9:f0:52:c8:7d:86:a9:f8:cf:ec:2e:4b:b2:da:d9:37:
         84:b1:da:d3:c5:d8:94:b7:77:93:9a:38:83:e7:7f:2f:6e:ad:
         3d:34:7a:b2:9e:68:c5:76:c1:cc:98:18:e5:78:e4:b1:13:4e:
         46:f9:2d:95:e4:78:3e:33:3a:9e:17:e1:62:17:1e:54:e6:2f:
         71:27:1b:e9:62:a3:d8:df:7e:e0:da:22:11:2d:59:b7:0c:0b:
         0b:6e:dc:de:94:bd:ba:fb:ae:af:24:04:2a:b8:5e:61:c2:ec:
         4f:19:36:e6:65:6b:09:ab:77:1f:bc:83:6f:8e:e4:0e:d6:88:
         36:04:26:97:b2:4b:7b:d2:45:12:76:d2:32:cd:a8:92:c5:cb:
         a8:56:26:c7:3b:60:18:b1:d4:05:28:67:bd:e0:f4:6d:23:83:
         e1:4c:e4:d5:2c:ee:ed:2e:d9:d7:00:c9:c7:26:4e:da:35:e4:
         e4:26:9d:ea:9a:2a:b9:ba:e5:1b:b0:2c:ee:6f:58:74:06:f8:
         ec:9b:b8:7e:e9:11:6b:ef:87:a6:f4:1d:a2:df:6c:3d:4a:b4:
         77:8b:c3:3e:55:a7:a1:10:70:41:3c:81:f5:c2:39:7d:39:26:
         78:53:1d:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9u3xrqMsAMb0EWSjMudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmU1MDJkY2ZhNWMzYzhhN2VkMmYwMmU3Y2ZiNDA1OTk0YWQ0NTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TLCpw8Fur3niyFR2KPioSb8ZCtC
xqy9IaiiVHX+3HvJAbCfYJSVmGE1b17wu8sDuxczcfNZlV+pWddrJ+35jnfRoq7x
P973TxlkordWf/2aPbXn5xpmobW3qfeHlddtFhOwVQ4KG5h661rMJkdsp2OuATpF
kvJYEJ29MwR7tIzJzF0/NObExKTt7JoYmDHLq1C8eovE0N46sWld1zvnr/bz2hQv
yVlroBaFoGsilOkRa8rE5FPqR0JnGd5Ul1I+kot8EwaMTFDnVPqoZT6bzssl67UC
QZQqk4RB2mhTn38EA1jGxnhLTnVd+lkAGi6zD7MoeN1q/WN34AKhK5onZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/lAtz6XDyKftLwLnz7QFmUrUVmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNy1VQzNQcGNQSXAtMHZBdWZQdEFXWlN0UldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWsMA0G
CSqGSIb3DQEBCwUAA4IBAQBBkEwqLoMzu74/dO8zGuAd5jlzp8nwUsh9hqn4z+wu
S7La2TeEsdrTxdiUt3eTmjiD538vbq09NHqynmjFdsHMmBjleOSxE05G+S2V5Hg+
MzqeF+FiFx5U5i9xJxvpYqPY337g2iIRLVm3DAsLbtzelL26+66vJAQquF5hwuxP
GTbmZWsJq3cfvINvjuQO1og2BCaXskt70kUSdtIyzaiSxcuoVibHO2AYsdQFKGe9
4PRtI4PhTOTVLO7tLtnXAMnHJk7aNeTkJp3qmiq5uuUbsCzub1h0Bvjsm7h+6RFr
74em9B2i32w9SrR3i8M+VaehEHBBPIH1wjl9OSZ4Ux3E
-----END CERTIFICATE-----