Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y-fd1rXvGJIMi2qSpo4bc5l8yBk.roa
File:                     Y-fd1rXvGJIMi2qSpo4bc5l8yBk.roa (raw, json)
Hash identifier:          cMhoek5v9GL8rUQQgrUWGWNErpl9URWNQXVTMpA54yg=
Subject key identifier:   63:E7:DD:D6:B5:EF:18:92:0C:8B:6A:92:A6:8E:1B:73:99:7C:C8:19
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E9824BDFDC9440D488D1EEF80792
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y-fd1rXvGJIMi2qSpo4bc5l8yBk.roa
Signing time:             Wed 01 Jan 2025 09:48:06 +0000
ROA not before:           Wed 01 Jan 2025 09:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53107
IP address blocks:        89.213.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e9:82:4b:df:dc:94:40:d4:88:d1:ee:f8:07:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63e7ddd6b5ef18920c8b6a92a68e1b73997cc819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c4:72:3f:e1:4c:a4:ca:02:dd:cc:a7:11:fa:
                    01:a3:a7:5f:5d:f5:77:b0:26:be:f6:a2:d0:5f:83:
                    1d:36:32:76:3f:db:bd:20:82:f8:c7:2e:16:ab:f2:
                    34:31:87:c6:70:8d:00:b2:d3:47:c5:6e:8b:bf:99:
                    96:60:f7:c6:89:be:bd:61:f1:e4:b0:c0:e6:8a:44:
                    a2:11:77:6b:df:5d:83:e8:c9:88:3c:a6:b5:72:2d:
                    fe:a4:10:cd:7b:ef:c7:e8:5f:05:f3:8f:5a:10:63:
                    84:df:18:a2:24:c9:89:46:39:a4:d3:75:55:de:a6:
                    74:92:bb:ee:41:47:ba:fa:28:9c:3c:92:54:a8:c8:
                    6d:fc:74:bf:22:15:99:f9:29:9f:0a:fe:51:f2:9c:
                    39:10:b2:c5:c1:85:92:05:73:50:ff:83:7c:fe:86:
                    78:91:de:b4:1b:6e:de:ca:22:d6:51:c0:2a:89:83:
                    e1:07:ca:37:a3:92:8d:58:8d:1e:5d:ca:89:1b:5b:
                    c9:2e:3e:dd:76:d1:f9:a4:97:2c:c4:e6:50:4c:b0:
                    14:0c:00:fc:2b:bc:83:9e:00:56:34:8f:ea:f2:87:
                    a1:f9:76:ad:33:31:b8:51:8f:58:f2:fd:0e:95:0c:
                    28:bb:65:52:1a:72:31:61:d6:34:1f:ee:bf:04:76:
                    1a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E7:DD:D6:B5:EF:18:92:0C:8B:6A:92:A6:8E:1B:73:99:7C:C8:19
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y-fd1rXvGJIMi2qSpo4bc5l8yBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:d2:a5:31:58:ef:d1:60:9f:ae:8f:2b:e9:14:b9:79:f5:dd:
         70:40:a9:70:80:99:cb:08:b9:d0:5c:7e:b3:7b:2e:2a:ba:c4:
         5c:0b:ab:86:01:a7:2d:5d:78:a8:89:4b:99:35:2b:db:4d:77:
         f3:f9:46:66:e6:41:b2:2f:1a:56:33:8e:87:40:2d:71:ac:13:
         2d:9e:1e:ad:f2:87:2f:52:fd:26:d4:52:d9:b6:34:e0:a9:e5:
         b8:70:88:0f:ce:ce:68:7e:09:63:a1:a0:25:ba:b2:b6:3a:0b:
         1e:c0:40:ef:84:7c:7f:2f:b3:1e:7c:bd:65:0e:e1:8c:e2:6e:
         a0:3a:95:03:aa:be:da:34:d3:b4:5e:40:8d:0b:d2:98:99:70:
         83:cb:1e:2f:e0:9b:50:ad:92:b2:de:dc:58:54:a2:da:87:05:
         7a:45:d0:4f:ea:4b:1c:59:5c:01:be:de:1f:ab:de:f9:ae:c5:
         03:3a:94:c5:e6:63:f1:b3:6d:22:e9:0f:24:1e:fe:a2:73:95:
         04:41:a5:b0:54:9b:b3:20:7a:9e:58:7b:2e:58:96:c4:3f:44:
         36:03:f6:c6:58:32:05:57:db:b5:fc:a8:fc:91:ff:a9:99:d1:
         b8:15:3d:bb:7c:39:4c:1e:4e:03:66:e2:30:fb:b1:e5:11:96:
         93:1b:54:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+mCS9/clEDUiNHu+AeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2U3ZGRkNmI1ZWYxODkyMGM4YjZhOTJhNjhlMWI3Mzk5N2NjODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8RyP+FMpMoC3cynEfoBo6dfXfV3
sCa+9qLQX4MdNjJ2P9u9IIL4xy4Wq/I0MYfGcI0AstNHxW6Lv5mWYPfGib69YfHk
sMDmikSiEXdr312D6MmIPKa1ci3+pBDNe+/H6F8F849aEGOE3xiiJMmJRjmk03VV
3qZ0krvuQUe6+iicPJJUqMht/HS/IhWZ+SmfCv5R8pw5ELLFwYWSBXNQ/4N8/oZ4
kd60G27eyiLWUcAqiYPhB8o3o5KNWI0eXcqJG1vJLj7ddtH5pJcsxOZQTLAUDAD8
K7yDngBWNI/q8oeh+XatMzG4UY9Y8v0OlQwou2VSGnIxYdY0H+6/BHYaZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPn3da17xiSDItqkqaOG3OZfMgZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWS1mZDFyWHZHSklNaTJxU3BvNGJjNWw4eUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWGMA0G
CSqGSIb3DQEBCwUAA4IBAQBP0qUxWO/RYJ+ujyvpFLl59d1wQKlwgJnLCLnQXH6z
ey4qusRcC6uGAactXXioiUuZNSvbTXfz+UZm5kGyLxpWM46HQC1xrBMtnh6t8ocv
Uv0m1FLZtjTgqeW4cIgPzs5ofgljoaAlurK2OgsewEDvhHx/L7MefL1lDuGM4m6g
OpUDqr7aNNO0XkCNC9KYmXCDyx4v4JtQrZKy3txYVKLahwV6RdBP6kscWVwBvt4f
q975rsUDOpTF5mPxs20i6Q8kHv6ic5UEQaWwVJuzIHqeWHsuWJbEP0Q2A/bGWDIF
V9u1/Kj8kf+pmdG4FT27fDlMHk4DZuIw+7HlEZaTG1RP
-----END CERTIFICATE-----