Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/W04NvVQw25JzuPkHxuXokV5jRWA.roa
File:                     W04NvVQw25JzuPkHxuXokV5jRWA.roa (raw, json)
Hash identifier:          nfYKeHH9wnglclCtAvuT2I5wIJ5ofKaE2rv/WEuKO14=
Subject key identifier:   5B:4E:0D:BD:54:30:DB:92:73:B8:F9:07:C6:E5:E8:91:5E:63:45:60
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144354082C0D3F1F9C9001BE44ABEA2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/W04NvVQw25JzuPkHxuXokV5jRWA.roa
Signing time:             Wed 01 Jan 2025 09:48:25 +0000
ROA not before:           Wed 01 Jan 2025 09:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216075
IP address blocks:        89.213.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:35:40:82:c0:d3:f1:f9:c9:00:1b:e4:4a:be:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b4e0dbd5430db9273b8f907c6e5e8915e634560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:da:dd:1b:b3:d7:eb:f1:f8:a8:d7:06:7f:f2:
                    6f:51:88:10:3e:f2:b1:cb:ea:7e:a8:f1:5d:8b:1c:
                    2f:be:d2:2f:24:f8:e2:d4:40:4c:00:71:dd:4b:4a:
                    90:d1:23:06:00:32:57:59:b2:af:42:ce:57:47:30:
                    dd:b0:f5:b3:89:d6:c5:3a:71:7a:c1:13:de:31:6c:
                    d0:bd:ae:f1:04:da:b3:5d:81:c3:37:28:f6:53:0b:
                    6c:a8:37:c8:1e:5b:1f:79:99:0b:9b:6d:79:36:95:
                    e8:19:b0:ae:98:86:36:b9:18:f9:75:ac:5b:c6:e2:
                    ca:00:14:7b:b7:41:77:dd:d1:eb:fc:d4:ef:cf:0b:
                    8e:60:c1:60:83:02:c6:3e:9b:fa:71:d7:55:ec:e3:
                    a5:be:06:99:c3:5f:57:3a:19:51:6c:b3:b9:20:3c:
                    28:7d:36:56:9f:9d:94:9d:e3:b7:00:c3:48:3a:d1:
                    da:42:bf:1f:96:19:9e:a8:1c:6a:6f:38:7e:88:ac:
                    0e:fd:00:59:23:d7:2a:78:8d:b4:29:eb:6c:8f:4c:
                    9f:2b:c2:e1:4f:fc:93:4e:42:23:0d:ab:8f:42:3e:
                    81:5a:40:b1:51:e2:96:d3:23:c8:9c:0c:83:b0:59:
                    5e:32:7e:2f:47:36:8e:3f:11:70:81:7e:7f:8f:16:
                    58:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:4E:0D:BD:54:30:DB:92:73:B8:F9:07:C6:E5:E8:91:5E:63:45:60
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/W04NvVQw25JzuPkHxuXokV5jRWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:10:ad:ff:b7:de:1f:57:50:d9:c3:c8:09:f6:47:cf:28:8f:
         93:f0:ed:a0:7b:db:85:a4:08:96:f6:ae:e6:33:56:ef:14:bd:
         b9:f7:b1:bc:e8:74:ca:a1:eb:a2:22:f2:e8:1b:ab:7f:4d:9d:
         2c:96:bc:86:7f:12:e4:9e:37:d3:70:40:79:2c:45:cd:57:62:
         d6:8c:c4:3d:bf:e5:f6:11:02:5b:1d:af:38:84:e5:b5:93:36:
         44:36:ed:40:02:b0:55:72:d9:14:b7:c2:48:f1:3a:5f:77:6e:
         99:ce:bd:21:ce:99:a5:43:c6:4b:fe:51:5b:65:90:a3:61:14:
         48:08:f7:56:9f:af:dd:6c:41:20:2d:31:ca:2c:ae:50:53:e0:
         a3:f6:75:0a:4a:7c:51:3b:7f:28:c6:02:fa:5c:e5:cf:c2:01:
         60:b5:a9:b7:54:41:64:6a:8a:a0:89:cd:cf:44:d8:a5:d5:ca:
         72:1d:2b:4f:8b:0a:69:96:5c:b8:ce:58:e6:e0:ef:32:19:dc:
         95:18:ed:9f:cb:7d:b3:b2:66:0b:01:87:f6:35:be:d2:65:43:
         b0:b2:82:16:bb:5c:a4:0e:d4:bf:46:67:41:a4:dd:0a:f3:c8:
         a3:fc:88:78:27:81:f1:84:d1:c5:d3:2e:7d:ee:2d:a9:4f:bd:
         21:ff:a7:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDVAgsDT8fnJABvkSr6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjRlMGRiZDU0MzBkYjkyNzNiOGY5MDdjNmU1ZTg5MTVlNjM0NTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9rdG7PX6/H4qNcGf/JvUYgQPvKx
y+p+qPFdixwvvtIvJPji1EBMAHHdS0qQ0SMGADJXWbKvQs5XRzDdsPWzidbFOnF6
wRPeMWzQva7xBNqzXYHDNyj2UwtsqDfIHlsfeZkLm215NpXoGbCumIY2uRj5daxb
xuLKABR7t0F33dHr/NTvzwuOYMFggwLGPpv6cddV7OOlvgaZw19XOhlRbLO5IDwo
fTZWn52UneO3AMNIOtHaQr8flhmeqBxqbzh+iKwO/QBZI9cqeI20Ketsj0yfK8Lh
T/yTTkIjDauPQj6BWkCxUeKW0yPInAyDsFleMn4vRzaOPxFwgX5/jxZYJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtODb1UMNuSc7j5B8bl6JFeY0VgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVzA0TnZWUXcyNUp6dVBrSHh1WG9rVjVqUldBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWMMA0G
CSqGSIb3DQEBCwUAA4IBAQB0EK3/t94fV1DZw8gJ9kfPKI+T8O2ge9uFpAiW9q7m
M1bvFL2597G86HTKoeuiIvLoG6t/TZ0slryGfxLknjfTcEB5LEXNV2LWjMQ9v+X2
EQJbHa84hOW1kzZENu1AArBVctkUt8JI8Tpfd26Zzr0hzpmlQ8ZL/lFbZZCjYRRI
CPdWn6/dbEEgLTHKLK5QU+Cj9nUKSnxRO38oxgL6XOXPwgFgtam3VEFkaoqgic3P
RNil1cpyHStPiwpplly4zljm4O8yGdyVGO2fy32zsmYLAYf2Nb7SZUOwsoIWu1yk
DtS/RmdBpN0K88ij/Ih4J4HxhNHF0y597i2pT70h/6cw
-----END CERTIFICATE-----