Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KGPlK6qkMSMsyas1iSQuUrjDViw.roa
File:                     KGPlK6qkMSMsyas1iSQuUrjDViw.roa (raw, json)
Hash identifier:          6PUk4l2wvc2NXs2sCNwCWI6NdRmWGZcuNqySHlMLiDc=
Subject key identifier:   28:63:E5:2B:AA:A4:31:23:2C:C9:AB:35:89:24:2E:52:B8:C3:56:2C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01919E1552FB3877B03DD51036EADA94D7CD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KGPlK6qkMSMsyas1iSQuUrjDViw.roa
Signing time:             Thu 29 Aug 2024 12:21:23 +0000
ROA not before:           Thu 29 Aug 2024 12:21:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        89.213.155.0/24 maxlen: 24
                          89.213.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9e:15:52:fb:38:77:b0:3d:d5:10:36:ea:da:94:d7:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 29 12:21:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2863e52baaa431232cc9ab3589242e52b8c3562c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:10:21:35:7a:1b:cf:9d:4e:7a:61:38:b1:0a:
                    89:4f:aa:e3:ad:c2:47:cf:f1:3e:0f:b0:97:3f:40:
                    26:e9:e3:6e:c3:51:f4:d5:55:51:73:64:8d:d2:78:
                    45:39:80:86:14:2b:bd:91:07:4d:26:7b:a7:d0:7f:
                    3a:8c:1e:cc:f1:0d:6a:60:f0:93:1d:a4:da:28:f6:
                    d2:6b:78:30:ab:0a:46:a8:a3:5e:5c:f7:db:bd:15:
                    5b:19:cc:de:eb:da:e6:78:88:e2:df:b4:78:6f:53:
                    79:ee:04:7c:fb:6c:5d:e0:de:f5:39:7a:e0:31:0c:
                    92:dd:d3:6c:50:db:7b:41:c5:8a:12:4c:44:46:ba:
                    83:bb:0e:08:e2:66:5a:3b:82:3e:ce:a0:b9:ae:0f:
                    9e:40:a1:9a:59:45:e3:45:95:73:42:7a:2d:ae:de:
                    79:39:75:16:ea:83:c3:da:d9:65:20:3c:3c:12:f8:
                    48:a7:2d:fb:3b:5e:cb:56:4d:63:32:1b:03:f9:fa:
                    39:24:ec:cd:51:43:3e:57:dd:81:c6:6e:5b:fb:0c:
                    ff:f3:33:44:c0:ee:cf:53:e5:09:cb:ee:bc:37:5f:
                    81:5c:32:fc:c0:1e:cd:44:b3:5f:68:09:3b:71:99:
                    66:68:60:e1:65:d4:e7:84:d8:33:7c:b5:c5:66:8b:
                    7a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:63:E5:2B:AA:A4:31:23:2C:C9:AB:35:89:24:2E:52:B8:C3:56:2C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KGPlK6qkMSMsyas1iSQuUrjDViw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.155.0/24
                  89.213.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:79:1c:fb:ff:ae:87:74:a4:68:09:48:ee:65:85:68:24:e0:
         86:34:67:3f:7b:dd:65:df:cd:85:83:78:3b:ab:9d:05:66:c0:
         44:dd:ee:d7:18:82:86:e8:c7:c2:f9:45:6e:0f:e5:09:1e:6b:
         41:2f:ca:88:b2:09:a5:72:3f:64:2f:b5:1a:fc:41:c3:4c:d5:
         34:ac:38:37:af:87:09:3f:92:fe:3f:3d:f2:96:1b:2e:43:30:
         81:b2:3f:07:31:c3:90:a4:0e:04:6f:ff:67:fa:fd:94:3b:70:
         01:30:52:03:9d:01:65:ad:37:94:4a:15:fe:8b:bf:98:6a:f4:
         06:27:ea:73:0b:00:1a:c2:0b:e0:ef:ba:1e:25:06:2b:12:dc:
         c8:84:96:3b:f9:e4:db:db:1f:c3:92:5c:15:05:64:04:81:8f:
         fd:ae:43:e6:95:dd:51:1c:a6:fb:84:7d:c1:10:9e:7d:b0:da:
         fe:e0:af:19:7e:22:58:77:29:5d:c3:ab:dd:59:c9:fc:bb:94:
         ce:a2:b2:49:da:4f:37:b0:87:b9:d9:9d:e1:18:c1:48:70:1f:
         65:32:fe:2d:04:60:06:bc:59:41:51:83:f7:d6:73:04:77:b5:
         ff:3d:3e:cd:45:9a:1c:69:ec:5d:ea:3c:13:7b:49:db:ed:21:
         f7:64:77:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGeFVL7OHewPdUQNuralNfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODI5MTIyMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODYzZTUyYmFhYTQzMTIzMmNjOWFiMzU4OTI0MmU1MmI4YzM1NjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxAhNXobz51OemE4sQqJT6rjrcJH
z/E+D7CXP0Am6eNuw1H01VVRc2SN0nhFOYCGFCu9kQdNJnun0H86jB7M8Q1qYPCT
HaTaKPbSa3gwqwpGqKNeXPfbvRVbGcze69rmeIji37R4b1N57gR8+2xd4N71OXrg
MQyS3dNsUNt7QcWKEkxERrqDuw4I4mZaO4I+zqC5rg+eQKGaWUXjRZVzQnotrt55
OXUW6oPD2tllIDw8EvhIpy37O17LVk1jMhsD+fo5JOzNUUM+V92Bxm5b+wz/8zNE
wO7PU+UJy+68N1+BXDL8wB7NRLNfaAk7cZlmaGDhZdTnhNgzfLXFZot6FQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFChj5SuqpDEjLMmrNYkkLlK4w1YsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS0dQbEs2cWtNU01zeWFzMWlTUXVVcmpEVml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdWbAwQA
WdX4MA0GCSqGSIb3DQEBCwUAA4IBAQBLeRz7/66HdKRoCUjuZYVoJOCGNGc/e91l
382Fg3g7q50FZsBE3e7XGIKG6MfC+UVuD+UJHmtBL8qIsgmlcj9kL7Ua/EHDTNU0
rDg3r4cJP5L+Pz3ylhsuQzCBsj8HMcOQpA4Eb/9n+v2UO3ABMFIDnQFlrTeUShX+
i7+YavQGJ+pzCwAawgvg77oeJQYrEtzIhJY7+eTb2x/DklwVBWQEgY/9rkPmld1R
HKb7hH3BEJ59sNr+4K8ZfiJYdyldw6vdWcn8u5TOorJJ2k83sIe52Z3hGMFIcB9l
Mv4tBGAGvFlBUYP31nMEd7X/PT7NRZocaexd6jwTe0nb7SH3ZHdv
-----END CERTIFICATE-----