Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NLBhkp3iW_es3sDOcAFsaY6JFFY.roa
File:                     NLBhkp3iW_es3sDOcAFsaY6JFFY.roa (raw, json)
Hash identifier:          Dp4BRSTQFa7v2oJW5bJt9qT3jdFtuTgr6qOJN5D3r6U=
Subject key identifier:   34:B0:61:92:9D:E2:5B:F7:AC:DE:C0:CE:70:01:6C:69:8E:89:14:56
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214422F67369BEACA93210E5D0F9A1EF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NLBhkp3iW_es3sDOcAFsaY6JFFY.roa
Signing time:             Wed 01 Jan 2025 09:48:20 +0000
ROA not before:           Wed 01 Jan 2025 09:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214584
IP address blocks:        89.213.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:22:f6:73:69:be:ac:a9:32:10:e5:d0:f9:a1:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34b061929de25bf7acdec0ce70016c698e891456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:67:2f:9c:c1:c3:bd:0c:87:19:a4:2d:43:81:
                    5b:4b:c5:c5:5e:aa:65:bc:c4:0b:be:e5:42:f5:45:
                    ea:80:df:22:6b:35:f1:05:e9:3f:15:06:af:48:d6:
                    97:b7:1c:ac:4d:c8:50:3d:72:26:05:2d:62:99:58:
                    ad:51:12:29:3a:e1:2d:41:7f:62:e4:45:2e:b1:19:
                    0c:af:6b:d7:d2:e9:cf:cb:92:a1:69:64:58:c6:72:
                    2a:53:1e:ae:9c:73:8d:f7:59:07:7f:b2:59:fe:e0:
                    8d:11:1a:07:22:a4:f2:da:8b:84:8f:f4:ab:c8:73:
                    f4:d7:9c:c5:69:0e:55:16:5a:c4:00:8c:ee:96:21:
                    c9:f6:24:a4:f1:8b:90:31:d8:a0:2b:16:bd:8b:65:
                    02:92:8f:4b:64:48:7d:08:56:5d:45:98:ff:03:71:
                    ca:5d:ad:e3:14:77:5d:4a:a8:ca:2e:8b:c9:94:af:
                    5c:63:a5:e9:d2:af:57:ec:62:dd:b1:d7:59:ba:07:
                    62:fa:33:05:9d:c2:99:dd:05:ab:06:f2:02:c1:16:
                    69:d7:be:17:e9:77:7c:97:ef:b1:bf:9b:df:7b:31:
                    50:47:7a:ed:6b:7c:e1:86:27:f2:cf:aa:74:31:8a:
                    63:55:68:3b:54:c8:a8:9e:f7:94:23:9d:e2:30:85:
                    08:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B0:61:92:9D:E2:5B:F7:AC:DE:C0:CE:70:01:6C:69:8E:89:14:56
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NLBhkp3iW_es3sDOcAFsaY6JFFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:ba:4b:93:bd:66:57:82:94:62:c5:dc:68:f3:ed:ee:b2:ac:
         1a:97:fd:5a:48:b1:dc:bc:6f:10:aa:ec:ca:ed:71:a5:11:d3:
         45:2a:b6:92:5c:aa:a4:66:4e:ac:24:57:e9:21:bd:08:79:4f:
         15:42:7a:8e:d2:04:91:7b:6f:68:22:e1:8f:ec:ba:64:b4:4c:
         57:f4:95:d7:28:f9:4a:a6:39:e3:9d:f8:fe:e9:6c:d7:df:58:
         04:99:44:11:fc:8e:01:e5:1b:de:39:1e:c0:47:c7:18:06:77:
         40:3a:ae:6f:61:77:b8:1d:66:00:2c:a6:ef:b2:75:03:ad:ec:
         c1:eb:a2:28:b9:b3:e4:16:3b:6f:74:76:ca:7f:91:6f:75:38:
         b8:bb:0c:d9:68:c3:6d:17:c5:b9:7a:e2:49:83:c5:3e:f6:30:
         63:ee:3a:16:5a:1d:8d:4a:37:15:b0:8d:03:46:12:08:8b:93:
         d6:ed:33:19:b2:55:c9:81:70:e8:f8:f5:dc:db:58:43:d8:61:
         36:73:54:32:6d:c5:74:0f:b9:32:58:c9:76:08:d5:08:12:ce:
         b2:a9:46:9f:e9:64:e6:95:cb:d4:00:e4:78:18:fa:9c:f1:5e:
         33:a8:b5:63:52:3f:24:de:04:45:8e:1c:5a:39:0c:09:6f:94:
         24:66:b3:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCL2c2m+rKkyEOXQ+aHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGIwNjE5MjlkZTI1YmY3YWNkZWMwY2U3MDAxNmM2OThlODkxNDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWcvnMHDvQyHGaQtQ4FbS8XFXqpl
vMQLvuVC9UXqgN8iazXxBek/FQavSNaXtxysTchQPXImBS1imVitURIpOuEtQX9i
5EUusRkMr2vX0unPy5KhaWRYxnIqUx6unHON91kHf7JZ/uCNERoHIqTy2ouEj/Sr
yHP015zFaQ5VFlrEAIzuliHJ9iSk8YuQMdigKxa9i2UCko9LZEh9CFZdRZj/A3HK
Xa3jFHddSqjKLovJlK9cY6Xp0q9X7GLdsddZugdi+jMFncKZ3QWrBvICwRZp174X
6Xd8l++xv5vfezFQR3rta3zhhifyz6p0MYpjVWg7VMionveUI53iMIUIVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSwYZKd4lv3rN7AznABbGmOiRRWMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTkxCaGtwM2lXX2VzM3NET2NBRnNhWTZKRkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdU7MA0G
CSqGSIb3DQEBCwUAA4IBAQBYukuTvWZXgpRixdxo8+3usqwal/1aSLHcvG8QquzK
7XGlEdNFKraSXKqkZk6sJFfpIb0IeU8VQnqO0gSRe29oIuGP7LpktExX9JXXKPlK
pjnjnfj+6WzX31gEmUQR/I4B5RveOR7AR8cYBndAOq5vYXe4HWYALKbvsnUDrezB
66IoubPkFjtvdHbKf5FvdTi4uwzZaMNtF8W5euJJg8U+9jBj7joWWh2NSjcVsI0D
RhIIi5PW7TMZslXJgXDo+PXc21hD2GE2c1QybcV0D7kyWMl2CNUIEs6yqUaf6WTm
lcvUAOR4GPqc8V4zqLVjUj8k3gRFjhxaOQwJb5QkZrP6
-----END CERTIFICATE-----