Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EYT1uOuZvboMzPJLsRNJOdP0Lbc.roa
File:                     EYT1uOuZvboMzPJLsRNJOdP0Lbc.roa (raw, json)
Hash identifier:          kRuJcYawogz16W19QKFiQ3fYVGALT8T7k06mkBGj6qY=
Subject key identifier:   11:84:F5:B8:EB:99:BD:BA:0C:CC:F2:4B:B1:13:49:39:D3:F4:2D:B7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01921DE9D141836A563A1237FDE374257175
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EYT1uOuZvboMzPJLsRNJOdP0Lbc.roa
Signing time:             Mon 23 Sep 2024 08:05:15 +0000
ROA not before:           Mon 23 Sep 2024 08:05:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213200
IP address blocks:        89.213.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1d:e9:d1:41:83:6a:56:3a:12:37:fd:e3:74:25:71:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 23 08:05:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1184f5b8eb99bdba0cccf24bb1134939d3f42db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0f:a4:c0:71:14:de:88:5e:fb:db:68:2d:b1:
                    56:fa:b9:2c:9e:65:67:60:51:51:8f:a6:a7:26:2b:
                    55:c3:be:4a:3e:72:73:fc:a8:6e:a2:f8:6d:9a:b6:
                    9e:f9:70:1e:b8:4a:b6:fc:c4:19:d3:da:1e:8e:be:
                    38:00:c7:7e:8e:34:a2:cf:84:8e:f4:59:fb:5a:f0:
                    57:9c:05:6b:d6:85:4a:ae:ce:0d:36:c3:b5:6c:e9:
                    c2:a1:95:1f:cb:f3:09:7a:48:ac:61:78:e9:02:d8:
                    d5:cb:08:31:19:35:3e:5e:bd:08:a6:d5:c1:d2:cc:
                    f9:13:ff:8e:9b:5e:04:e5:bc:4f:c8:01:9b:07:4e:
                    62:2c:fe:a9:da:15:3a:b3:91:c6:71:25:9e:d0:67:
                    87:1f:50:16:9e:16:a7:06:8d:77:21:b4:57:a0:d7:
                    12:89:fa:64:70:b5:27:89:21:e7:b7:7c:72:33:f2:
                    64:3a:e8:d6:17:d8:4c:45:4f:5b:9d:81:25:30:cf:
                    0d:fc:2f:72:e5:f7:6b:26:0f:30:c7:dd:c2:26:74:
                    85:02:e0:6a:49:fd:7f:f0:9c:7f:f9:97:c3:17:d4:
                    f3:bb:6b:81:3a:13:fc:06:d8:26:da:e8:51:00:a0:
                    17:89:92:4d:09:e6:c7:57:79:57:f5:42:b8:48:d6:
                    40:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:84:F5:B8:EB:99:BD:BA:0C:CC:F2:4B:B1:13:49:39:D3:F4:2D:B7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EYT1uOuZvboMzPJLsRNJOdP0Lbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:17:2f:84:e3:06:a6:99:11:9b:9d:d0:9a:fb:83:90:c7:c4:
         ec:7a:72:e2:d6:7f:c0:d0:bc:77:20:bd:65:16:12:c3:d7:40:
         45:b2:46:0f:3f:d6:cc:1e:61:98:5a:5a:31:62:c3:70:4b:25:
         8f:07:22:09:5a:c2:64:9c:90:a3:b3:4d:94:b2:08:ef:3a:47:
         4b:4c:7a:d0:cb:bb:43:75:dc:62:f9:8f:78:26:19:89:7c:c5:
         19:0f:32:2e:89:f0:9c:ce:61:6e:40:f9:86:c1:6b:e1:21:1b:
         b3:aa:90:05:36:c2:30:17:1b:7a:26:b4:d4:69:07:2f:eb:df:
         f8:cb:6c:4c:9c:f6:84:91:c0:55:fe:d0:56:1d:9d:fb:2d:43:
         8a:03:c1:fa:3b:9a:fa:71:a0:fc:e3:bb:65:96:58:7f:22:c6:
         82:13:cb:d0:fc:9b:c1:30:58:95:5c:0b:00:b7:22:85:96:40:
         12:50:8e:0a:a7:16:d3:de:57:30:aa:28:a3:59:12:82:d9:ca:
         12:78:c2:ec:b1:9f:3d:0a:0c:44:6a:51:8b:14:2d:84:72:2e:
         fe:89:72:f2:d5:ae:dd:4c:d4:b6:58:58:f9:9b:9f:19:dc:a5:
         a0:5b:05:63:06:98:85:51:19:fe:47:4d:06:d3:58:9a:c5:b6:
         ca:8e:2d:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZId6dFBg2pWOhI3/eN0JXF1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTIzMDgwNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTg0ZjViOGViOTliZGJhMGNjY2YyNGJiMTEzNDkzOWQzZjQyZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw+kwHEU3ohe+9toLbFW+rksnmVn
YFFRj6anJitVw75KPnJz/Khuovhtmrae+XAeuEq2/MQZ09oejr44AMd+jjSiz4SO
9Fn7WvBXnAVr1oVKrs4NNsO1bOnCoZUfy/MJekisYXjpAtjVywgxGTU+Xr0IptXB
0sz5E/+Om14E5bxPyAGbB05iLP6p2hU6s5HGcSWe0GeHH1AWnhanBo13IbRXoNcS
ifpkcLUniSHnt3xyM/JkOujWF9hMRU9bnYElMM8N/C9y5fdrJg8wx93CJnSFAuBq
Sf1/8Jx/+ZfDF9Tzu2uBOhP8Btgm2uhRAKAXiZJNCebHV3lX9UK4SNZA8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGE9bjrmb26DMzyS7ETSTnT9C23MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRVlUMXVPdVp2Ym9NelBKTHNSTkpPZFAwTGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWDMA0G
CSqGSIb3DQEBCwUAA4IBAQCCFy+E4wammRGbndCa+4OQx8TsenLi1n/A0Lx3IL1l
FhLD10BFskYPP9bMHmGYWloxYsNwSyWPByIJWsJknJCjs02UsgjvOkdLTHrQy7tD
ddxi+Y94JhmJfMUZDzIuifCczmFuQPmGwWvhIRuzqpAFNsIwFxt6JrTUaQcv69/4
y2xMnPaEkcBV/tBWHZ37LUOKA8H6O5r6caD847tlllh/IsaCE8vQ/JvBMFiVXAsA
tyKFlkASUI4KpxbT3lcwqiijWRKC2coSeMLssZ89CgxEalGLFC2Eci7+iXLy1a7d
TNS2WFj5m58Z3KWgWwVjBpiFURn+R00G01iaxbbKji1k
-----END CERTIFICATE-----