Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PmU0iCMkwuHDZC3ptL-aVzAhYo4.roa
File:                     PmU0iCMkwuHDZC3ptL-aVzAhYo4.roa (raw, json)
Hash identifier:          qQ83LeXeWPgTJ39in97nvhMkrUAeKifOXrbcay6gPGo=
Subject key identifier:   3E:65:34:88:23:24:C2:E1:C3:64:2D:E9:B4:BF:9A:57:30:21:62:8E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143FE87B43BF9638707D51DE52D00B8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PmU0iCMkwuHDZC3ptL-aVzAhYo4.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198990
IP address blocks:        89.28.237.0/24 maxlen: 24
                          89.213.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fe:87:b4:3b:f9:63:87:07:d5:1d:e5:2d:00:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e6534882324c2e1c3642de9b4bf9a573021628e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:68:e1:c8:52:21:05:e6:43:aa:e7:ed:da:84:
                    91:02:34:7d:bd:3a:46:fc:c9:fa:af:09:d7:b3:57:
                    63:85:7b:62:73:c3:f8:7c:8c:f8:05:74:7d:40:1d:
                    f0:f9:cc:76:a8:26:11:dd:a5:a0:22:8a:41:e3:26:
                    3a:6c:f1:99:bc:8f:05:0c:11:15:54:6a:c8:57:83:
                    ab:da:c9:55:9b:e0:eb:f0:92:7c:10:94:aa:84:96:
                    16:b8:d8:a8:dd:c8:2e:08:15:dd:b6:2b:dd:a0:ff:
                    92:00:12:d4:96:d6:ca:35:b6:91:d4:ef:2e:5b:8b:
                    3a:28:a0:8d:22:89:e7:28:7d:3f:eb:75:ea:5f:df:
                    21:4f:e7:b3:9d:91:42:66:3c:9b:59:52:8e:15:ec:
                    8e:42:50:60:a8:87:5d:b5:88:9a:b1:b1:28:e4:a6:
                    5a:93:5d:f6:96:46:dc:97:99:91:02:f8:eb:e9:54:
                    74:c0:01:17:f8:be:e1:b2:71:2f:da:56:28:8d:33:
                    70:1d:c9:fe:f6:de:2a:c7:c6:b0:3a:a5:29:f1:ad:
                    08:50:f8:95:13:e3:30:ec:ce:ac:79:47:a3:4c:2c:
                    6d:1f:12:85:80:6a:91:a5:76:c9:4a:64:eb:4c:9d:
                    e0:d2:ee:28:2a:26:f3:92:11:9b:86:6b:da:23:84:
                    aa:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:65:34:88:23:24:C2:E1:C3:64:2D:E9:B4:BF:9A:57:30:21:62:8E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PmU0iCMkwuHDZC3ptL-aVzAhYo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.237.0/24
                  89.213.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e5:26:0f:a7:7c:ae:b5:97:34:7c:26:cb:16:47:a2:60:b7:
         94:84:5b:3d:59:bc:43:1a:1b:8e:0d:c3:3d:5a:4a:d1:d6:0e:
         e8:e3:7d:cb:0f:80:23:95:5e:98:b0:48:0c:53:04:7f:62:54:
         ac:56:5b:0d:16:82:db:43:1e:f9:cd:37:e7:87:e1:16:84:fa:
         dc:69:c3:a6:68:0c:68:b6:1d:69:df:13:66:c1:7f:ae:2b:00:
         9d:10:b5:e2:57:71:d6:62:e8:4f:26:96:c7:c8:8a:54:62:ec:
         ba:48:d2:27:4d:88:1f:58:19:56:09:ea:d7:5c:b6:fa:60:7f:
         d5:30:e0:bb:c7:b6:fa:9a:5f:49:5e:6f:c3:8b:7d:63:48:dd:
         23:ce:74:ac:bf:2d:32:cc:66:c5:57:29:99:de:17:c0:4f:00:
         50:8f:86:69:c0:fe:72:d6:42:ba:59:70:03:96:cc:a9:6d:f0:
         4b:3b:77:f6:56:46:30:2b:4d:73:6d:cb:a3:7b:ca:b5:7e:d4:
         8c:76:84:4f:2f:4a:6c:3a:ba:67:77:e1:04:c0:ae:31:aa:cc:
         c2:71:2d:43:be:57:cb:ca:39:0c:a1:0b:f1:e2:8d:b7:56:b8:
         a0:f3:82:f6:58:fb:67:f2:7a:73:dc:d7:12:30:6d:82:34:db:
         de:0b:b6:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ/6HtDv5Y4cH1R3lLQC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTY1MzQ4ODIzMjRjMmUxYzM2NDJkZTliNGJmOWE1NzMwMjE2MjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2jhyFIhBeZDquft2oSRAjR9vTpG
/Mn6rwnXs1djhXtic8P4fIz4BXR9QB3w+cx2qCYR3aWgIopB4yY6bPGZvI8FDBEV
VGrIV4Or2slVm+Dr8JJ8EJSqhJYWuNio3cguCBXdtivdoP+SABLUltbKNbaR1O8u
W4s6KKCNIonnKH0/63XqX98hT+eznZFCZjybWVKOFeyOQlBgqIddtYiasbEo5KZa
k132lkbcl5mRAvjr6VR0wAEX+L7hsnEv2lYojTNwHcn+9t4qx8awOqUp8a0IUPiV
E+Mw7M6seUejTCxtHxKFgGqRpXbJSmTrTJ3g0u4oKibzkhGbhmvaI4SqLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD5lNIgjJMLhw2Qt6bS/mlcwIWKOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUG1VMGlDTWt3dUhEWkMzcHRMLWFWekFoWW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRztAwQA
WdXWMA0GCSqGSIb3DQEBCwUAA4IBAQB15SYPp3yutZc0fCbLFkeiYLeUhFs9WbxD
GhuODcM9WkrR1g7o433LD4AjlV6YsEgMUwR/YlSsVlsNFoLbQx75zTfnh+EWhPrc
acOmaAxoth1p3xNmwX+uKwCdELXiV3HWYuhPJpbHyIpUYuy6SNInTYgfWBlWCerX
XLb6YH/VMOC7x7b6ml9JXm/Di31jSN0jznSsvy0yzGbFVymZ3hfATwBQj4ZpwP5y
1kK6WXADlsypbfBLO3f2VkYwK01zbcuje8q1ftSMdoRPL0psOrpnd+EEwK4xqszC
cS1DvlfLyjkMoQvx4o23Vrig84L2WPtn8npz3NcSMG2CNNveC7ZY
-----END CERTIFICATE-----