Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Imsu5TQL1Fgh5BX2ijftNSON7NI.roa
File:                     Imsu5TQL1Fgh5BX2ijftNSON7NI.roa (raw, json)
Hash identifier:          V4W/hDtK4utsFZv348n+bQgrJnQCamqs43/Eu6qDPSc=
Subject key identifier:   22:6B:2E:E5:34:0B:D4:58:21:E4:15:F6:8A:37:ED:35:23:8D:EC:D2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019460F148B4AF7D89041FFE4F536BA5EEB2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Imsu5TQL1Fgh5BX2ijftNSON7NI.roa
Signing time:             Mon 13 Jan 2025 18:33:32 +0000
ROA not before:           Mon 13 Jan 2025 18:33:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30860
IP address blocks:        89.213.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:60:f1:48:b4:af:7d:89:04:1f:fe:4f:53:6b:a5:ee:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 13 18:33:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=226b2ee5340bd45821e415f68a37ed35238decd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:99:92:05:86:53:12:49:bc:b4:08:22:fc:df:
                    88:11:95:fe:b1:3c:75:a2:db:ff:0e:24:3d:e0:b8:
                    91:c5:ff:1e:73:c9:20:b9:e2:88:26:bc:dd:24:6e:
                    c4:13:33:9b:99:0e:85:01:62:58:12:ed:96:3f:da:
                    1c:49:bc:95:84:46:c6:5b:29:08:f4:2a:de:12:4d:
                    00:06:2f:f9:77:0e:4b:bb:90:5f:ee:77:c6:ff:8b:
                    2d:0c:98:12:77:cd:c5:38:e3:23:e2:9c:13:61:0b:
                    a4:21:a8:7d:27:21:ad:fc:23:f5:79:de:2c:ec:6e:
                    8d:31:d3:95:f3:98:52:dc:4e:22:b1:c1:9a:ec:72:
                    17:78:1e:74:5f:6a:39:63:ce:8d:14:9f:35:2f:ee:
                    3f:70:7c:ed:0a:f9:0c:96:55:a8:68:36:50:81:7b:
                    65:ea:64:20:91:3b:c0:7e:63:60:9d:e6:52:11:61:
                    e9:d3:ea:df:f3:43:01:bf:b9:6b:50:29:50:0c:dd:
                    c9:cc:90:7f:ce:3a:40:bb:ee:95:74:4d:19:2a:66:
                    db:ec:db:a5:ea:4d:61:72:dd:ed:34:e0:8e:8f:79:
                    97:d9:1c:3d:d7:46:26:8a:bf:69:c7:72:5e:58:22:
                    fa:1c:da:a3:ce:60:f9:59:02:76:8f:f1:72:78:b2:
                    f0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:6B:2E:E5:34:0B:D4:58:21:E4:15:F6:8A:37:ED:35:23:8D:EC:D2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Imsu5TQL1Fgh5BX2ijftNSON7NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:61:a1:c1:b2:4a:9e:ea:c4:de:b9:e9:45:8f:0e:94:47:cb:
         3a:c8:51:1d:72:89:71:0c:af:0d:c3:5e:dc:35:8a:09:2c:61:
         37:d3:84:1d:96:88:93:69:3c:84:b6:56:bf:9a:d4:12:88:10:
         25:60:ac:ea:46:84:80:73:c3:ee:98:ae:ef:f1:8e:28:72:f0:
         28:c7:d2:50:6e:a3:39:e7:6e:74:30:be:c3:35:13:5e:e8:95:
         77:c5:c5:01:e1:23:f1:ff:26:ea:0b:81:68:92:9d:31:3b:76:
         ed:65:48:97:6e:66:63:91:ed:07:e1:55:84:57:e8:7c:4a:26:
         c1:d6:15:fd:27:a8:13:10:02:50:d1:f8:c8:60:f8:8f:2b:4a:
         5f:be:20:9e:20:94:3a:19:f8:0c:b0:5b:7a:09:ea:56:5e:74:
         b8:63:29:7a:16:c7:85:e1:9c:24:87:a8:ff:15:98:7a:f1:83:
         7b:b3:4f:7c:ef:b1:2a:ea:70:89:e2:67:72:37:84:e3:fc:21:
         a8:08:5e:c8:0b:49:67:94:92:6a:5f:1b:e7:0e:34:2f:ca:4c:
         f1:14:60:52:4e:91:b5:5d:f8:e3:bd:6b:05:9c:d4:70:f6:34:
         6e:97:4d:b1:5d:21:bc:df:8b:34:e3:61:c7:41:0e:76:f0:1a:
         f6:bf:45:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRg8Ui0r32JBB/+T1Nrpe6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTEzMTgzMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjZiMmVlNTM0MGJkNDU4MjFlNDE1ZjY4YTM3ZWQzNTIzOGRlY2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpmSBYZTEkm8tAgi/N+IEZX+sTx1
otv/DiQ94LiRxf8ec8kgueKIJrzdJG7EEzObmQ6FAWJYEu2WP9ocSbyVhEbGWykI
9CreEk0ABi/5dw5Lu5Bf7nfG/4stDJgSd83FOOMj4pwTYQukIah9JyGt/CP1ed4s
7G6NMdOV85hS3E4iscGa7HIXeB50X2o5Y86NFJ81L+4/cHztCvkMllWoaDZQgXtl
6mQgkTvAfmNgneZSEWHp0+rf80MBv7lrUClQDN3JzJB/zjpAu+6VdE0ZKmbb7Nul
6k1hct3tNOCOj3mX2Rw910Ymir9px3JeWCL6HNqjzmD5WQJ2j/FyeLLwVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJrLuU0C9RYIeQV9oo37TUjjezSMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSW1zdTVUUUwxRmdoNUJYMmlqZnROU09ON05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdW5MA0G
CSqGSIb3DQEBCwUAA4IBAQABYaHBskqe6sTeuelFjw6UR8s6yFEdcolxDK8Nw17c
NYoJLGE304QdloiTaTyEtla/mtQSiBAlYKzqRoSAc8PumK7v8Y4ocvAox9JQbqM5
5250ML7DNRNe6JV3xcUB4SPx/ybqC4Fokp0xO3btZUiXbmZjke0H4VWEV+h8SibB
1hX9J6gTEAJQ0fjIYPiPK0pfviCeIJQ6GfgMsFt6CepWXnS4Yyl6FseF4Zwkh6j/
FZh68YN7s09877Eq6nCJ4mdyN4Tj/CGoCF7IC0lnlJJqXxvnDjQvykzxFGBSTpG1
XfjjvWsFnNRw9jRul02xXSG834s042HHQQ528Br2v0WS
-----END CERTIFICATE-----