Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9XmXO1RiqQ6XM4OCbdsGXOHKl-s.roa
File:                     9XmXO1RiqQ6XM4OCbdsGXOHKl-s.roa (raw, json)
Hash identifier:          /DWUYRjl3jiTjXS2n1LISJ6ESA4v5xh0k3HqFkOPN4g=
Subject key identifier:   F5:79:97:3B:54:62:A9:0E:97:33:83:82:6D:DB:06:5C:E1:CA:97:EB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E6D8BF46AB56430CA9FB3C6EF447
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9XmXO1RiqQ6XM4OCbdsGXOHKl-s.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50124
IP address blocks:        89.213.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e6:d8:bf:46:ab:56:43:0c:a9:fb:3c:6e:f4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f579973b5462a90e973383826ddb065ce1ca97eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b5:c7:2d:20:c3:ee:b5:6d:99:eb:9f:c6:50:
                    b1:ae:f6:4f:25:81:1d:e1:bf:02:55:33:ea:84:1e:
                    32:c2:5c:52:6a:f1:79:e9:5d:87:aa:bd:a6:ba:8d:
                    28:26:2f:66:ac:59:a6:b6:48:29:4d:c0:4f:72:f5:
                    8b:08:0b:84:fa:07:02:43:f0:7f:75:b6:2a:5b:a5:
                    5b:04:e4:88:f9:99:a6:62:0c:ca:33:31:9c:f9:56:
                    7a:5f:a4:cb:31:bc:c8:14:5c:36:e7:ef:30:ca:69:
                    34:c8:bc:37:5f:79:c9:5d:bc:3b:9e:80:2e:51:fa:
                    36:80:c2:0f:58:ac:19:55:a7:7c:3e:5a:70:f9:03:
                    28:3d:02:96:5b:a2:ac:b9:73:57:36:a3:00:26:20:
                    2f:e0:82:19:e1:5c:e9:af:e4:1a:87:c2:4a:b8:2c:
                    bf:28:64:8f:0c:7c:86:39:07:10:fd:66:63:b0:7d:
                    16:70:5f:44:f3:bb:90:3e:0f:06:1d:9f:5d:da:b7:
                    ee:42:a4:24:1f:bc:48:25:8e:30:48:ca:b0:59:62:
                    1f:7e:49:dc:30:66:f3:31:29:f3:43:4d:c4:29:1d:
                    e0:e3:f5:98:71:9c:09:c4:9c:63:05:81:6f:c3:bb:
                    9c:40:ae:57:af:56:5e:57:af:50:47:11:9a:17:4e:
                    51:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:79:97:3B:54:62:A9:0E:97:33:83:82:6D:DB:06:5C:E1:CA:97:EB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9XmXO1RiqQ6XM4OCbdsGXOHKl-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:96:a3:7d:2c:f3:0a:d1:d3:4e:fc:10:8e:00:24:0e:08:a5:
         3a:4f:c7:da:0b:ac:92:4c:89:2b:66:ec:e1:f1:50:21:cb:45:
         79:3d:c2:92:f2:9d:84:78:6e:1b:de:a1:ca:dd:83:c6:61:fe:
         d1:29:de:71:ee:bc:dd:a0:e7:9e:6a:f3:4c:c6:63:1b:ab:92:
         79:5f:5f:75:49:d0:bc:e6:ee:16:a9:7d:87:f5:6f:21:04:db:
         df:37:e7:c7:8c:7d:93:a7:fd:1a:20:45:8f:85:8f:3f:0a:a4:
         8b:ce:d1:72:06:3f:37:4c:97:27:26:e2:27:8b:cd:06:a4:47:
         1f:a6:d7:7b:5e:81:85:11:70:78:13:b8:f5:67:a5:c7:2b:2d:
         74:cc:1c:6f:c4:96:8f:45:84:78:f0:0b:b3:1b:31:5c:ea:e8:
         44:50:9b:69:6a:a4:3d:bb:8e:e5:5f:a3:e1:2c:7c:35:ac:68:
         51:67:1b:44:cd:ad:d1:85:7a:2a:e2:9d:34:92:76:15:1c:97:
         7e:24:60:c2:92:7d:3b:f8:fc:cb:12:a4:ca:4a:02:67:2c:b3:
         c3:7f:31:45:9a:2e:28:1f:ca:7d:ab:f0:81:ef:66:fa:7c:48:
         87:75:f3:ab:c3:8a:f4:35:22:8e:e1:e1:58:2c:7b:90:47:18:
         49:45:f9:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+bYv0arVkMMqfs8bvRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTc5OTczYjU0NjJhOTBlOTczMzgzODI2ZGRiMDY1Y2UxY2E5N2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bXHLSDD7rVtmeufxlCxrvZPJYEd
4b8CVTPqhB4ywlxSavF56V2Hqr2muo0oJi9mrFmmtkgpTcBPcvWLCAuE+gcCQ/B/
dbYqW6VbBOSI+ZmmYgzKMzGc+VZ6X6TLMbzIFFw25+8wymk0yLw3X3nJXbw7noAu
Ufo2gMIPWKwZVad8Plpw+QMoPQKWW6KsuXNXNqMAJiAv4IIZ4Vzpr+Qah8JKuCy/
KGSPDHyGOQcQ/WZjsH0WcF9E87uQPg8GHZ9d2rfuQqQkH7xIJY4wSMqwWWIffknc
MGbzMSnzQ03EKR3g4/WYcZwJxJxjBYFvw7ucQK5Xr1ZeV69QRxGaF05RyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPV5lztUYqkOlzODgm3bBlzhypfrMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOVhtWE8xUmlxUTZYTTRPQ2Jkc0dYT0hLbC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWDMA0G
CSqGSIb3DQEBCwUAA4IBAQBNlqN9LPMK0dNO/BCOACQOCKU6T8faC6ySTIkrZuzh
8VAhy0V5PcKS8p2EeG4b3qHK3YPGYf7RKd5x7rzdoOeeavNMxmMbq5J5X191SdC8
5u4WqX2H9W8hBNvfN+fHjH2Tp/0aIEWPhY8/CqSLztFyBj83TJcnJuIni80GpEcf
ptd7XoGFEXB4E7j1Z6XHKy10zBxvxJaPRYR48AuzGzFc6uhEUJtpaqQ9u47lX6Ph
LHw1rGhRZxtEza3RhXoq4p00knYVHJd+JGDCkn07+PzLEqTKSgJnLLPDfzFFmi4o
H8p9q/CB72b6fEiHdfOrw4r0NSKO4eFYLHuQRxhJRfmp
-----END CERTIFICATE-----