Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GzYS9qU2uTaYdpsivgcgyUxGWWA.roa
File:                     GzYS9qU2uTaYdpsivgcgyUxGWWA.roa (raw, json)
Hash identifier:          zsxoFfFbUlWTr7Nv+2FN0x/vH4UOJXROA1t2BycnQtE=
Subject key identifier:   1B:36:12:F6:A5:36:B9:36:98:76:9B:22:BE:07:20:C9:4C:46:59:60
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421442719CA0B37C9D2B452B1BC435F56
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GzYS9qU2uTaYdpsivgcgyUxGWWA.roa
Signing time:             Wed 01 Jan 2025 09:48:21 +0000
ROA not before:           Wed 01 Jan 2025 09:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214882
IP address blocks:        89.213.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:27:19:ca:0b:37:c9:d2:b4:52:b1:bc:43:5f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b3612f6a536b93698769b22be0720c94c465960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:33:3b:7c:33:ea:4f:ec:cd:d9:c8:c8:55:5b:
                    b6:57:2d:b8:26:44:74:5e:54:42:22:02:a9:73:c7:
                    48:28:29:fc:0c:e0:2b:bb:67:d5:c7:79:d7:94:3d:
                    95:34:59:d6:e6:13:57:eb:df:24:22:23:42:c9:55:
                    50:3d:ba:d8:9a:42:87:be:a6:5b:34:f1:ad:55:9e:
                    d1:32:99:66:b3:c7:40:08:e2:33:a5:16:3d:fa:2f:
                    0c:05:38:80:20:0a:6a:aa:14:3e:96:55:1a:ad:12:
                    82:fe:5c:e4:4a:25:ca:d7:69:fd:3e:76:0b:79:df:
                    4a:c3:0e:8b:5d:5d:3f:61:85:5d:a8:a0:b0:12:ef:
                    3f:69:86:95:0f:f5:e0:91:cb:88:63:9b:8d:91:39:
                    c7:fa:c0:76:3c:bf:7e:99:8a:76:33:ae:82:a8:bf:
                    d8:ae:7b:51:ab:0e:d2:32:ac:35:5b:e8:a8:51:ef:
                    da:3c:0e:d1:4f:3e:eb:7f:c7:39:80:b5:ba:cf:7d:
                    3a:be:0f:f0:73:4f:a3:76:eb:21:0a:85:52:a3:ac:
                    20:bb:6c:0c:e2:9b:6f:bb:20:d3:8c:f5:31:b3:2b:
                    18:16:48:8f:ff:f4:96:15:97:d2:e2:57:2f:a2:b5:
                    a4:7f:db:ea:a3:89:9f:14:e2:d3:ca:f0:86:c3:9a:
                    3b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:36:12:F6:A5:36:B9:36:98:76:9B:22:BE:07:20:C9:4C:46:59:60
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GzYS9qU2uTaYdpsivgcgyUxGWWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:20:d3:33:da:4b:af:75:59:b6:d4:36:4c:57:e6:44:d7:ac:
         d3:7d:2d:80:b1:92:cb:15:18:52:f3:71:d0:55:c1:f5:0b:e3:
         e6:6b:6c:23:72:bb:88:02:ac:b0:a1:2b:37:d8:c1:d1:f1:ca:
         6f:d8:4c:06:93:11:29:1e:6f:93:48:d8:19:77:96:92:77:18:
         43:75:29:e4:70:39:2a:d2:a8:87:09:99:98:ae:98:b0:7c:dd:
         ae:73:e2:8b:58:d8:4c:b5:99:b6:4e:5b:b0:f5:53:33:e9:0e:
         89:6f:1b:42:71:77:ed:a5:af:c2:c2:58:a9:d8:ce:35:09:b2:
         55:97:59:02:b3:82:44:ed:6e:6f:c8:41:c7:62:45:76:db:59:
         27:df:48:35:f5:4b:72:f9:7c:43:b1:09:39:40:6e:33:b7:46:
         e9:a6:63:b4:49:ae:ad:85:06:74:95:8f:ac:99:53:53:6d:54:
         a9:7a:79:20:6d:21:92:87:b3:60:ce:be:b5:52:ed:e4:06:c9:
         06:c1:98:32:16:1a:a6:b5:8b:83:2f:fc:8d:83:09:4a:80:70:
         cf:8e:58:0f:03:85:d4:c6:cd:5d:75:46:80:be:cd:d5:22:a9:
         aa:79:57:92:59:09:36:2b:f2:ae:02:e1:8e:c6:47:52:d4:86:
         94:29:d5:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCcZygs3ydK0UrG8Q19WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjM2MTJmNmE1MzZiOTM2OTg3NjliMjJiZTA3MjBjOTRjNDY1OTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzM7fDPqT+zN2cjIVVu2Vy24JkR0
XlRCIgKpc8dIKCn8DOAru2fVx3nXlD2VNFnW5hNX698kIiNCyVVQPbrYmkKHvqZb
NPGtVZ7RMplms8dACOIzpRY9+i8MBTiAIApqqhQ+llUarRKC/lzkSiXK12n9PnYL
ed9Kww6LXV0/YYVdqKCwEu8/aYaVD/XgkcuIY5uNkTnH+sB2PL9+mYp2M66CqL/Y
rntRqw7SMqw1W+ioUe/aPA7RTz7rf8c5gLW6z306vg/wc0+jdushCoVSo6wgu2wM
4ptvuyDTjPUxsysYFkiP//SWFZfS4lcvorWkf9vqo4mfFOLTyvCGw5o7OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBs2EvalNrk2mHabIr4HIMlMRllgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvR3pZUzlxVTJ1VGFZZHBzaXZnY2d5VXhHV1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXTMA0G
CSqGSIb3DQEBCwUAA4IBAQCbINMz2kuvdVm21DZMV+ZE16zTfS2AsZLLFRhS83HQ
VcH1C+Pma2wjcruIAqywoSs32MHR8cpv2EwGkxEpHm+TSNgZd5aSdxhDdSnkcDkq
0qiHCZmYrpiwfN2uc+KLWNhMtZm2Tluw9VMz6Q6JbxtCcXftpa/Cwlip2M41CbJV
l1kCs4JE7W5vyEHHYkV221kn30g19Uty+XxDsQk5QG4zt0bppmO0Sa6thQZ0lY+s
mVNTbVSpenkgbSGSh7Ngzr61Uu3kBskGwZgyFhqmtYuDL/yNgwlKgHDPjlgPA4XU
xs1ddUaAvs3VIqmqeVeSWQk2K/KuAuGOxkdS1IaUKdW5
-----END CERTIFICATE-----