Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ILSAzAtl6X99ob4eU-0zTEIjoJU.roa
File:                     ILSAzAtl6X99ob4eU-0zTEIjoJU.roa (raw, json)
Hash identifier:          DIRwMeoKVXJ+WTU6JvqKKHvUandcztKPEM/fK8mgDqo=
Subject key identifier:   20:B4:80:CC:0B:65:E9:7F:7D:A1:BE:1E:53:ED:33:4C:42:23:A0:95
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214414E61F6D0CAB450FDFEF6DE77D78
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ILSAzAtl6X99ob4eU-0zTEIjoJU.roa
Signing time:             Wed 01 Jan 2025 09:48:17 +0000
ROA not before:           Wed 01 Jan 2025 09:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211750
IP address blocks:        89.213.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:14:e6:1f:6d:0c:ab:45:0f:df:ef:6d:e7:7d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20b480cc0b65e97f7da1be1e53ed334c4223a095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0c:ac:4f:66:fb:c3:22:e8:ef:b7:7d:0f:92:
                    df:0d:7a:c5:1a:0a:4e:25:a9:14:b1:c4:b4:ee:93:
                    fb:31:45:54:f7:a4:f1:6a:c0:c0:fe:69:26:99:a6:
                    da:67:b6:83:44:0f:63:c5:ed:d7:d5:e3:b6:51:aa:
                    61:fd:91:a7:40:49:68:4d:31:22:66:9b:06:6d:c3:
                    17:c2:f8:0b:e7:65:66:0a:89:ca:42:2d:ac:75:89:
                    72:27:64:cd:8e:a6:c7:cd:2c:1b:f2:e2:e0:4d:db:
                    d4:c1:b0:38:9f:89:e3:a2:36:91:62:3c:30:4a:6f:
                    12:5d:c6:19:67:b4:51:2a:6e:ad:25:0b:1e:c6:d0:
                    f2:de:79:da:9f:fb:24:8c:ff:da:df:c4:31:a4:d0:
                    8c:01:5f:ed:31:50:f8:09:35:2c:1a:a7:8e:e4:9c:
                    3c:f7:6a:99:a4:1c:54:e3:71:d8:35:1b:ae:0d:46:
                    ef:ac:56:2b:3c:cb:8a:c7:66:15:d3:12:8e:b6:9c:
                    52:95:e1:73:20:7c:e4:12:b6:5f:d1:eb:fe:77:52:
                    94:a9:6c:22:02:69:30:65:71:3f:7c:e0:44:9c:65:
                    3f:df:2d:14:98:30:17:0f:82:ff:f3:fe:e6:c1:7b:
                    6f:a7:41:3b:46:51:fc:94:ee:26:0e:80:be:c7:79:
                    54:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B4:80:CC:0B:65:E9:7F:7D:A1:BE:1E:53:ED:33:4C:42:23:A0:95
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ILSAzAtl6X99ob4eU-0zTEIjoJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:31:f2:b0:e8:0b:69:f5:a5:0c:c4:ad:e1:b8:92:65:e6:19:
         75:06:60:a3:65:4f:3d:d3:07:e1:5b:97:63:77:cd:ab:ee:db:
         aa:9b:f8:1c:dd:17:df:16:ec:1f:6a:27:53:7f:71:83:14:01:
         0d:06:a1:f0:f3:65:ec:30:2f:e6:42:97:f5:e0:fe:96:f3:1b:
         bb:4b:0e:72:da:56:c4:d0:26:30:ec:33:de:07:3e:45:5a:07:
         f8:39:5c:82:71:c9:e9:f4:dd:ff:df:d1:9e:aa:7c:ba:1c:04:
         36:5d:09:45:86:49:7a:14:b9:83:12:6d:c7:ea:96:ec:f8:4d:
         aa:24:2e:f5:40:6c:f5:81:64:c9:0d:e4:fc:71:b7:54:ce:b6:
         dc:d2:b2:74:4f:4e:b4:ef:09:9b:1e:93:00:61:a6:a8:6e:a8:
         6b:07:92:05:6b:f1:8d:e3:cf:52:ac:4c:75:fd:1b:94:c8:d7:
         4c:f4:ba:85:1d:76:c2:24:0d:24:1b:d3:f9:8a:20:e3:ae:53:
         59:27:f0:33:3d:6d:db:42:9c:91:0d:33:3d:44:bc:d1:dc:5b:
         ff:70:d2:78:a4:99:39:ba:97:51:f8:ba:2b:71:2d:2f:6d:e5:
         1d:b6:b2:9b:01:a7:f3:b1:d0:65:e8:f2:66:be:b8:a9:b4:fe:
         a9:10:b9:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBTmH20Mq0UP3+9t5314MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGI0ODBjYzBiNjVlOTdmN2RhMWJlMWU1M2VkMzM0YzQyMjNhMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAysT2b7wyLo77d9D5LfDXrFGgpO
JakUscS07pP7MUVU96TxasDA/mkmmabaZ7aDRA9jxe3X1eO2Uaph/ZGnQEloTTEi
ZpsGbcMXwvgL52VmConKQi2sdYlyJ2TNjqbHzSwb8uLgTdvUwbA4n4njojaRYjww
Sm8SXcYZZ7RRKm6tJQsextDy3nnan/skjP/a38QxpNCMAV/tMVD4CTUsGqeO5Jw8
92qZpBxU43HYNRuuDUbvrFYrPMuKx2YV0xKOtpxSleFzIHzkErZf0ev+d1KUqWwi
AmkwZXE/fOBEnGU/3y0UmDAXD4L/8/7mwXtvp0E7RlH8lO4mDoC+x3lUiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC0gMwLZel/faG+HlPtM0xCI6CVMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSUxTQXpBdGw2WDk5b2I0ZVUtMHpURUlqb0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXSMA0G
CSqGSIb3DQEBCwUAA4IBAQBlMfKw6Atp9aUMxK3huJJl5hl1BmCjZU890wfhW5dj
d82r7tuqm/gc3RffFuwfaidTf3GDFAENBqHw82XsMC/mQpf14P6W8xu7Sw5y2lbE
0CYw7DPeBz5FWgf4OVyCccnp9N3/39Geqny6HAQ2XQlFhkl6FLmDEm3H6pbs+E2q
JC71QGz1gWTJDeT8cbdUzrbc0rJ0T0607wmbHpMAYaaobqhrB5IFa/GN489SrEx1
/RuUyNdM9LqFHXbCJA0kG9P5iiDjrlNZJ/AzPW3bQpyRDTM9RLzR3Fv/cNJ4pJk5
updR+LorcS0vbeUdtrKbAafzsdBl6PJmvriptP6pELm6
-----END CERTIFICATE-----