Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8UKMWZ3ta_hxbM7cY2OCG2-xQwk.roa
File:                     8UKMWZ3ta_hxbM7cY2OCG2-xQwk.roa (raw, json)
Hash identifier:          r6aB1QJplZKlkgPSbJ3JD80MENv0xDB57kdE52nxQ28=
Subject key identifier:   F1:42:8C:59:9D:ED:6B:F8:71:6C:CE:DC:63:63:82:1B:6F:B1:43:09
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144181DB4318738C48E0CE8245ACC18
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8UKMWZ3ta_hxbM7cY2OCG2-xQwk.roa
Signing time:             Wed 01 Jan 2025 09:48:18 +0000
ROA not before:           Wed 01 Jan 2025 09:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        89.213.178.0/24 maxlen: 24
                          89.213.216.0/24 maxlen: 24
                          89.213.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:18:1d:b4:31:87:38:c4:8e:0c:e8:24:5a:cc:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1428c599ded6bf8716ccedc6363821b6fb14309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5b:58:96:70:46:01:8f:5e:84:06:4b:03:1d:
                    6a:bf:2d:18:1b:4a:45:6e:47:10:52:65:b8:e2:d2:
                    2a:91:18:2a:34:0c:e4:34:dd:86:4f:18:6f:10:48:
                    09:55:84:eb:4c:e9:1e:88:1c:16:dc:9d:ee:d7:ab:
                    24:ef:a3:ce:61:34:5b:ce:af:5d:3b:db:50:b8:d9:
                    47:04:fc:10:55:f5:b3:68:b2:e3:63:30:06:b2:b0:
                    bb:6f:7d:86:6a:21:91:21:25:8b:0c:4e:c4:88:01:
                    cb:1e:7f:a1:a5:c1:b5:c0:ad:a1:4d:f1:a2:ce:e5:
                    b9:57:42:08:b0:c0:65:da:a9:ac:a7:80:d1:b6:4a:
                    fd:a3:1b:6c:39:c9:03:e5:cc:a4:81:2f:35:5f:d4:
                    71:c7:b4:11:1b:5f:91:54:af:2b:52:35:13:95:c6:
                    8f:44:78:cb:71:7a:f7:3e:58:99:11:40:5a:bf:04:
                    c2:63:a8:09:91:1a:80:b1:5d:71:8f:7b:f9:e9:d3:
                    1a:bf:1d:22:b5:2f:32:ae:8c:b6:2b:15:3b:03:20:
                    8d:0a:95:0f:20:36:96:b0:85:40:e4:21:c9:d7:a6:
                    d8:74:07:5f:40:d4:a7:24:a5:f6:d6:db:27:2c:1a:
                    a2:2b:a1:aa:f4:ad:1d:75:c2:81:4b:33:47:61:4e:
                    99:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:42:8C:59:9D:ED:6B:F8:71:6C:CE:DC:63:63:82:1B:6F:B1:43:09
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8UKMWZ3ta_hxbM7cY2OCG2-xQwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.178.0/24
                  89.213.216.0/24
                  89.213.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:8d:65:3b:a5:16:5e:03:05:21:1b:bf:47:74:2c:69:82:c3:
         0d:3d:a6:06:cb:d7:31:12:2b:69:94:d1:49:0b:b5:42:be:fb:
         ff:2d:1a:cf:c5:26:8a:2f:0a:fe:09:33:dc:2a:0e:a7:24:c5:
         d8:86:33:ae:fa:74:ca:ad:1e:71:f1:4b:4e:ea:cf:56:11:8c:
         ba:86:4a:88:ee:e8:9c:ab:75:88:b5:de:30:16:f2:1f:98:74:
         18:ab:75:8d:5b:42:f3:55:29:b8:5f:d9:8f:7e:ea:c0:71:0e:
         a0:41:d7:df:6c:04:bf:c7:81:cd:6e:fc:d1:f6:62:91:19:5d:
         92:60:29:1f:e5:78:08:2b:01:60:47:b5:e6:e3:e8:c2:78:71:
         89:f3:9c:6d:8f:ac:47:e3:79:60:60:74:b2:0d:d2:5b:fb:95:
         59:88:50:49:c9:75:0c:7a:64:a7:4c:be:3c:a8:3f:64:7b:11:
         e8:39:e1:76:9e:97:6b:68:63:57:64:9e:a2:8d:60:f8:cc:f5:
         82:69:2d:f8:37:b5:cf:a1:ae:45:71:cc:fe:ac:c1:02:1a:8a:
         c3:da:67:1c:9f:54:ca:18:cd:99:68:09:b3:48:ea:03:bc:11:
         11:ba:85:c4:90:a0:ba:8e:f3:1b:5c:0e:79:de:04:15:e8:ff:
         14:8d:17:c9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhRBgdtDGHOMSODOgkWswYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQyOGM1OTlkZWQ2YmY4NzE2Y2NlZGM2MzYzODIxYjZmYjE0MzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFtYlnBGAY9ehAZLAx1qvy0YG0pF
bkcQUmW44tIqkRgqNAzkNN2GTxhvEEgJVYTrTOkeiBwW3J3u16sk76POYTRbzq9d
O9tQuNlHBPwQVfWzaLLjYzAGsrC7b32GaiGRISWLDE7EiAHLHn+hpcG1wK2hTfGi
zuW5V0IIsMBl2qmsp4DRtkr9oxtsOckD5cykgS81X9Rxx7QRG1+RVK8rUjUTlcaP
RHjLcXr3PliZEUBavwTCY6gJkRqAsV1xj3v56dMavx0itS8yroy2KxU7AyCNCpUP
IDaWsIVA5CHJ16bYdAdfQNSnJKX21tsnLBqiK6Gq9K0ddcKBSzNHYU6Z8QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPFCjFmd7Wv4cWzO3GNjghtvsUMJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOFVLTVdaM3RhX2h4Yk03Y1kyT0NHMi14UXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWdWyAwQA
WdXYAwQAWdXdMA0GCSqGSIb3DQEBCwUAA4IBAQBUjWU7pRZeAwUhG79HdCxpgsMN
PaYGy9cxEitplNFJC7VCvvv/LRrPxSaKLwr+CTPcKg6nJMXYhjOu+nTKrR5x8UtO
6s9WEYy6hkqI7uicq3WItd4wFvIfmHQYq3WNW0LzVSm4X9mPfurAcQ6gQdffbAS/
x4HNbvzR9mKRGV2SYCkf5XgIKwFgR7Xm4+jCeHGJ85xtj6xH43lgYHSyDdJb+5VZ
iFBJyXUMemSnTL48qD9kexHoOeF2npdraGNXZJ6ijWD4zPWCaS34N7XPoa5Fccz+
rMECGorD2mccn1TKGM2ZaAmzSOoDvBERuoXEkKC6jvMbXA553gQV6P8UjRfJ
-----END CERTIFICATE-----