Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F4vwyJyY6u-kDV90QnFTgy_Nu_E.roa
File:                     F4vwyJyY6u-kDV90QnFTgy_Nu_E.roa (raw, json)
Hash identifier:          edV4n34U2+QwPKuY4GJrKOOJDocjOHi6AMXc8DMsPho=
Subject key identifier:   17:8B:F0:C8:9C:98:EA:EF:A4:0D:5F:74:42:71:53:83:2F:CD:BB:F1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143DEE9DD43405614198950B8A12152
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F4vwyJyY6u-kDV90QnFTgy_Nu_E.roa
Signing time:             Wed 01 Jan 2025 09:48:03 +0000
ROA not before:           Wed 01 Jan 2025 09:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39421
IP address blocks:        89.213.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:de:e9:dd:43:40:56:14:19:89:50:b8:a1:21:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=178bf0c89c98eaefa40d5f74427153832fcdbbf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4e:d2:b9:6e:78:9c:e3:54:62:d9:40:fb:17:
                    13:c5:7a:cb:9b:b7:76:60:43:db:48:7a:13:37:5f:
                    aa:04:03:42:b5:58:a8:59:f2:3e:4d:d8:fd:ab:d2:
                    5a:d4:24:35:c2:02:86:c6:a3:07:4a:a7:15:6b:2b:
                    82:b8:a0:be:94:62:a7:06:10:d8:aa:0e:e9:d8:7e:
                    ac:e2:b4:a3:2b:99:53:2a:e5:87:7f:d4:92:35:f5:
                    54:15:69:c3:22:78:8a:e2:f4:a1:75:8c:8a:05:20:
                    73:20:e6:25:bb:d4:d7:9a:89:14:18:cb:b5:10:b7:
                    bd:86:02:43:21:58:94:c8:02:b6:1c:e9:a8:2c:a2:
                    b3:4f:4f:de:17:dd:a1:ce:aa:ad:7f:9a:61:fe:69:
                    f5:db:76:20:de:ce:7c:77:9d:02:8b:54:9d:5f:df:
                    b9:b7:8b:fd:6e:d3:8a:dd:ce:1f:d9:7b:a2:4d:53:
                    01:ce:cc:33:df:60:30:fd:43:21:37:e1:f0:e8:51:
                    f7:7e:4d:a5:00:c0:24:4e:70:ed:1b:ed:5c:6d:4f:
                    c5:1b:96:ef:7b:6f:0f:f6:6a:13:ac:74:73:96:72:
                    58:2f:1b:67:fd:a1:ef:57:90:35:ab:54:fa:87:c0:
                    73:73:55:23:90:26:98:d6:15:05:9a:35:89:2a:bd:
                    c8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:8B:F0:C8:9C:98:EA:EF:A4:0D:5F:74:42:71:53:83:2F:CD:BB:F1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F4vwyJyY6u-kDV90QnFTgy_Nu_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:0c:e6:46:9c:0f:04:94:0c:3c:7d:a7:91:5c:59:13:f8:3d:
         1f:86:5e:87:4f:21:84:60:60:a2:c4:fa:bd:8a:75:4a:be:4f:
         04:2d:3d:fb:10:fa:84:32:0d:61:42:45:16:e0:3a:e4:03:f6:
         cd:72:74:8a:80:39:2e:97:e6:4f:82:21:6e:0e:ce:51:58:6b:
         a6:89:65:04:3d:a4:57:5e:7d:cf:ac:33:e6:aa:fa:55:fe:cc:
         83:29:4a:d8:55:02:04:6f:d8:eb:97:b8:07:4b:39:cc:ab:b6:
         6c:89:ad:ed:8e:5a:9d:bd:3a:36:4b:b3:67:1a:99:c9:65:e9:
         64:db:99:e8:dc:cc:6d:0b:37:bb:5f:b1:02:7d:b8:06:0e:d6:
         bc:cb:20:0a:6d:2f:4a:d1:47:4e:91:e2:27:41:d0:f5:b7:f4:
         34:56:dd:93:0c:f9:a5:cc:3d:e0:53:40:04:2b:db:21:37:02:
         0f:27:b6:d4:47:c6:dc:28:95:a5:13:24:c5:82:82:10:c2:d9:
         d6:20:01:cc:9f:60:74:80:f8:f9:07:e4:a1:4b:73:74:d9:cc:
         21:ea:77:43:9f:0a:27:e4:61:85:63:af:58:b4:ee:77:63:49:
         d1:23:1f:1f:01:ec:76:e1:aa:3f:5f:ee:09:93:11:7e:f6:67:
         b7:0a:13:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ97p3UNAVhQZiVC4oSFSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzhiZjBjODljOThlYWVmYTQwZDVmNzQ0MjcxNTM4MzJmY2RiYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjk7SuW54nONUYtlA+xcTxXrLm7d2
YEPbSHoTN1+qBANCtVioWfI+Tdj9q9Ja1CQ1wgKGxqMHSqcVayuCuKC+lGKnBhDY
qg7p2H6s4rSjK5lTKuWHf9SSNfVUFWnDIniK4vShdYyKBSBzIOYlu9TXmokUGMu1
ELe9hgJDIViUyAK2HOmoLKKzT0/eF92hzqqtf5ph/mn123Yg3s58d50Ci1SdX9+5
t4v9btOK3c4f2XuiTVMBzswz32Aw/UMhN+Hw6FH3fk2lAMAkTnDtG+1cbU/FG5bv
e28P9moTrHRzlnJYLxtn/aHvV5A1q1T6h8Bzc1UjkCaY1hUFmjWJKr3IMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeL8MicmOrvpA1fdEJxU4MvzbvxMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRjR2d3lKeVk2dS1rRFY5MFFuRlRneV9OdV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWVMA0G
CSqGSIb3DQEBCwUAA4IBAQCfDOZGnA8ElAw8faeRXFkT+D0fhl6HTyGEYGCixPq9
inVKvk8ELT37EPqEMg1hQkUW4DrkA/bNcnSKgDkul+ZPgiFuDs5RWGumiWUEPaRX
Xn3PrDPmqvpV/syDKUrYVQIEb9jrl7gHSznMq7Zsia3tjlqdvTo2S7NnGpnJZelk
25no3MxtCze7X7ECfbgGDta8yyAKbS9K0UdOkeInQdD1t/Q0Vt2TDPmlzD3gU0AE
K9shNwIPJ7bUR8bcKJWlEyTFgoIQwtnWIAHMn2B0gPj5B+ShS3N02cwh6ndDnwon
5GGFY69YtO53Y0nRIx8fAex24ao/X+4JkxF+9me3ChOc
-----END CERTIFICATE-----