Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U8Jlh5Uf91gSAFHBEu9hNntSMf4.roa
File:                     U8Jlh5Uf91gSAFHBEu9hNntSMf4.roa (raw, json)
Hash identifier:          Q2uQM5MusFu3GdmnufFjwg1xrOMQgnLn7Xcpx8oLrfY=
Subject key identifier:   53:C2:65:87:95:1F:F7:58:12:00:51:C1:12:EF:61:36:7B:52:31:FE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421440D832E20CDFAB0C4BF50C56C9B6C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U8Jlh5Uf91gSAFHBEu9hNntSMf4.roa
Signing time:             Wed 01 Jan 2025 09:48:15 +0000
ROA not before:           Wed 01 Jan 2025 09:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209861
IP address blocks:        89.213.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:0d:83:2e:20:cd:fa:b0:c4:bf:50:c5:6c:9b:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53c26587951ff758120051c112ef61367b5231fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:47:05:36:b8:66:a7:1f:24:e2:25:28:37:66:
                    fb:63:74:12:b7:53:53:87:23:a4:ed:79:b2:21:e9:
                    cd:15:1e:6a:e3:ba:b6:57:3e:61:86:bf:4b:a0:8b:
                    3f:40:60:f8:bf:c9:e0:51:2c:17:b9:69:4f:4e:73:
                    83:c9:f8:74:b1:23:0e:e6:76:05:0f:fc:81:61:c9:
                    53:c4:f3:cf:20:86:87:30:82:94:84:e8:cb:ad:ff:
                    c2:0a:9b:6a:03:d8:d1:34:68:d2:c3:dc:fa:cf:58:
                    60:4e:85:3f:d7:be:87:11:f0:c9:0e:16:ef:88:b4:
                    5a:d7:ce:e5:12:58:10:33:5e:ef:22:09:10:bd:0e:
                    a0:fc:1f:2a:7d:64:f6:db:f3:d5:89:4d:be:26:fd:
                    13:bf:9c:f7:40:6e:30:75:7b:1c:b8:45:ae:fa:71:
                    e7:e9:3f:8b:3f:5e:b2:bb:db:7b:bf:30:36:b6:1a:
                    42:49:63:04:c0:34:95:5b:de:69:eb:e6:a4:96:55:
                    ac:ba:80:0e:ad:a1:e6:e0:dd:43:1e:6c:c2:e2:a1:
                    da:2b:18:ce:d1:25:ee:bb:1d:18:9a:c2:b7:4c:31:
                    2f:a4:28:a4:85:eb:e2:fa:64:ed:72:4a:85:82:79:
                    80:c1:0b:10:5f:30:b1:dd:cc:f7:69:34:f3:d0:98:
                    31:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C2:65:87:95:1F:F7:58:12:00:51:C1:12:EF:61:36:7B:52:31:FE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U8Jlh5Uf91gSAFHBEu9hNntSMf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:d4:7b:60:06:bb:59:5b:92:32:a0:a7:61:ec:eb:9b:ff:28:
         84:30:40:fd:ba:fc:65:17:03:c4:dd:69:2f:06:1b:e4:37:08:
         ba:38:b7:b2:9f:ad:5c:21:45:39:35:56:65:f1:9e:85:67:2e:
         60:49:45:af:00:43:25:19:80:1c:3b:54:22:d5:d0:44:e8:e6:
         5b:30:cf:7a:46:42:6b:1e:48:c8:29:d2:1a:6b:90:c1:33:85:
         ac:d8:06:e7:39:dd:ae:15:0a:ea:a0:d1:9b:d9:1f:82:a0:68:
         fd:31:e5:cd:8f:73:ef:b1:84:c1:37:03:54:25:04:ce:46:00:
         a7:ad:72:46:25:9e:e7:30:00:f8:38:19:fd:1e:b8:2f:72:87:
         42:04:da:0d:d8:5f:f7:ad:0d:a3:10:a4:24:cc:10:a0:83:43:
         d3:95:b0:81:8b:73:fb:21:10:d7:76:46:c8:36:ec:29:fc:7b:
         19:c4:19:e9:63:61:cf:e7:f9:cf:ac:5a:b3:29:c0:98:d0:b2:
         4f:7e:de:b4:f1:bb:e1:b6:a1:58:53:b7:55:b7:7a:e9:ed:7a:
         2a:d9:3c:d3:60:e6:9c:8e:3b:39:e4:42:2f:2d:fa:3d:ac:b3:
         d7:5d:7e:48:01:42:d6:66:82:08:a9:6d:d5:16:2a:a0:25:9c:
         31:c2:5b:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRA2DLiDN+rDEv1DFbJtsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2MyNjU4Nzk1MWZmNzU4MTIwMDUxYzExMmVmNjEzNjdiNTIzMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkcFNrhmpx8k4iUoN2b7Y3QSt1NT
hyOk7XmyIenNFR5q47q2Vz5hhr9LoIs/QGD4v8ngUSwXuWlPTnODyfh0sSMO5nYF
D/yBYclTxPPPIIaHMIKUhOjLrf/CCptqA9jRNGjSw9z6z1hgToU/176HEfDJDhbv
iLRa187lElgQM17vIgkQvQ6g/B8qfWT22/PViU2+Jv0Tv5z3QG4wdXscuEWu+nHn
6T+LP16yu9t7vzA2thpCSWMEwDSVW95p6+akllWsuoAOraHm4N1DHmzC4qHaKxjO
0SXuux0YmsK3TDEvpCikhevi+mTtckqFgnmAwQsQXzCx3cz3aTTz0JgxTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPCZYeVH/dYEgBRwRLvYTZ7UjH+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVThKbGg1VWY5MWdTQUZIQkV1OWhObnRTTWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWUMA0G
CSqGSIb3DQEBCwUAA4IBAQAA1HtgBrtZW5IyoKdh7Oub/yiEMED9uvxlFwPE3Wkv
BhvkNwi6OLeyn61cIUU5NVZl8Z6FZy5gSUWvAEMlGYAcO1Qi1dBE6OZbMM96RkJr
HkjIKdIaa5DBM4Ws2AbnOd2uFQrqoNGb2R+CoGj9MeXNj3PvsYTBNwNUJQTORgCn
rXJGJZ7nMAD4OBn9HrgvcodCBNoN2F/3rQ2jEKQkzBCgg0PTlbCBi3P7IRDXdkbI
Nuwp/HsZxBnpY2HP5/nPrFqzKcCY0LJPft608bvhtqFYU7dVt3rp7Xoq2TzTYOac
jjs55EIvLfo9rLPXXX5IAULWZoIIqW3VFiqgJZwxwltx
-----END CERTIFICATE-----