Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GclwFguyQVcVzZZOF0IaPEdCRDs.roa
File:                     GclwFguyQVcVzZZOF0IaPEdCRDs.roa (raw, json)
Hash identifier:          Tao0Vp7iQQXxEzJRbBsgsd5xf56vSwiyQUX9AC5aL1g=
Subject key identifier:   19:C9:70:16:0B:B2:41:57:15:CD:96:4E:17:42:1A:3C:47:42:44:3B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E84DABF377F79BAC0FBC85A3C06E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GclwFguyQVcVzZZOF0IaPEdCRDs.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50385
IP address blocks:        89.213.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e8:4d:ab:f3:77:f7:9b:ac:0f:bc:85:a3:c0:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19c970160bb2415715cd964e17421a3c4742443b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6a:2c:72:8d:0a:a6:65:b0:dd:fc:3c:b1:e4:
                    c7:e6:3e:2c:e8:fd:dd:17:78:34:0f:4b:b1:b5:28:
                    3a:77:ef:17:3f:2b:45:a9:8e:c2:0e:28:f1:94:52:
                    91:0c:a4:76:46:e6:c1:49:db:50:9c:e2:56:57:38:
                    a0:ec:2f:8c:0a:c9:b8:cd:ea:ba:1f:1a:12:65:48:
                    64:43:75:b5:00:50:ad:c1:a6:2b:68:a2:fb:28:46:
                    91:38:86:2a:73:39:1e:a5:21:96:6c:ee:74:bc:db:
                    ec:ca:d4:d5:f9:8c:0c:bd:7b:8d:89:a3:d9:9d:79:
                    ce:4e:51:8a:e4:8d:f8:11:fd:19:1b:be:a8:95:5b:
                    f0:f6:39:1e:7e:ea:a0:57:fc:93:3b:7f:15:10:94:
                    1d:02:17:54:80:9c:93:37:8d:e6:f0:a9:51:31:8e:
                    d9:41:35:7f:f6:50:47:47:e2:2e:c0:53:97:3c:18:
                    9b:82:55:8b:bd:25:9f:c0:71:78:64:26:52:eb:f2:
                    f9:3b:23:a9:b3:0a:32:f2:76:01:35:90:29:8e:94:
                    d7:c7:73:ff:40:b9:02:e6:69:f9:b3:01:a1:2b:d9:
                    75:3f:a2:9b:93:21:de:d7:7e:62:f7:ec:af:c8:f9:
                    12:d8:c6:16:25:23:06:eb:da:58:55:95:00:a2:c7:
                    f4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:C9:70:16:0B:B2:41:57:15:CD:96:4E:17:42:1A:3C:47:42:44:3B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GclwFguyQVcVzZZOF0IaPEdCRDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:58:ff:72:4c:6c:f6:d0:fe:ef:b0:b1:c9:a4:98:8a:c8:2b:
         e7:96:6f:8f:03:e6:30:0e:84:02:8e:da:ee:74:e3:c9:e8:f7:
         5e:0f:b3:2f:3f:85:33:a3:f0:b0:fe:26:3d:c7:a5:b2:db:f5:
         59:c1:e1:8e:3a:a1:4b:ea:88:cc:26:5d:67:31:52:45:05:8d:
         a0:d8:6e:11:c5:6c:5d:11:21:14:82:7b:10:d1:06:0f:5e:a5:
         81:ba:2b:82:ba:71:1a:5f:89:b1:0f:f8:cb:cd:9b:5d:c5:87:
         9e:58:b7:0c:a5:16:06:c4:e7:84:bd:af:48:4b:0c:6a:37:ed:
         0e:6c:6a:ac:c5:f9:0f:b1:90:f3:76:3f:77:be:14:4b:97:66:
         23:bf:b2:3d:99:1a:99:65:21:80:a1:6b:56:6f:79:63:74:13:
         aa:99:87:3e:68:f7:e3:4e:a1:df:f7:1f:ce:de:97:f0:d6:73:
         19:be:2b:03:c3:d5:f7:78:ab:73:d2:35:b5:c1:a3:8e:fe:c3:
         9a:98:54:21:39:25:ca:d8:08:30:a0:3a:9d:f4:06:b4:13:47:
         75:b9:25:6f:0d:06:d4:dd:0b:56:d3:a2:a0:a0:cf:16:8a:b7:
         b8:88:9c:79:3c:f8:ba:4a:22:e4:1f:6b:cf:52:e7:f1:1b:af:
         77:67:56:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+hNq/N395usD7yFo8BuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWM5NzAxNjBiYjI0MTU3MTVjZDk2NGUxNzQyMWEzYzQ3NDI0NDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmosco0KpmWw3fw8seTH5j4s6P3d
F3g0D0uxtSg6d+8XPytFqY7CDijxlFKRDKR2RubBSdtQnOJWVzig7C+MCsm4zeq6
HxoSZUhkQ3W1AFCtwaYraKL7KEaROIYqczkepSGWbO50vNvsytTV+YwMvXuNiaPZ
nXnOTlGK5I34Ef0ZG76olVvw9jkefuqgV/yTO38VEJQdAhdUgJyTN43m8KlRMY7Z
QTV/9lBHR+IuwFOXPBibglWLvSWfwHF4ZCZS6/L5OyOpswoy8nYBNZApjpTXx3P/
QLkC5mn5swGhK9l1P6KbkyHe135i9+yvyPkS2MYWJSMG69pYVZUAosf0VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnJcBYLskFXFc2WThdCGjxHQkQ7MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvR2Nsd0ZndXlRVmNWelpaT0YwSWFQRWRDUkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXmMA0G
CSqGSIb3DQEBCwUAA4IBAQALWP9yTGz20P7vsLHJpJiKyCvnlm+PA+YwDoQCjtru
dOPJ6PdeD7MvP4Uzo/Cw/iY9x6Wy2/VZweGOOqFL6ojMJl1nMVJFBY2g2G4RxWxd
ESEUgnsQ0QYPXqWBuiuCunEaX4mxD/jLzZtdxYeeWLcMpRYGxOeEva9ISwxqN+0O
bGqsxfkPsZDzdj93vhRLl2Yjv7I9mRqZZSGAoWtWb3ljdBOqmYc+aPfjTqHf9x/O
3pfw1nMZvisDw9X3eKtz0jW1waOO/sOamFQhOSXK2AgwoDqd9Aa0E0d1uSVvDQbU
3QtW06KgoM8Wire4iJx5PPi6SiLkH2vPUufxG693Z1bG
-----END CERTIFICATE-----