Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZlhB75Bq-WdPS8VnV0Yr_pCID8A.roa
File:                     ZlhB75Bq-WdPS8VnV0Yr_pCID8A.roa (raw, json)
Hash identifier:          P34NmO06nv+Z6kWN8+Kvvxk6+W498Yef8SR6AmBVAJY=
Subject key identifier:   66:58:41:EF:90:6A:F9:67:4F:4B:C5:67:57:46:2B:FE:90:88:0F:C0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E75701CE311DEC5BE3B0369AB8276C554
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZlhB75Bq-WdPS8VnV0Yr_pCID8A.roa
Signing time:             Mon 25 Mar 2024 11:47:45 +0000
ROA not before:           Mon 25 Mar 2024 11:47:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        89.213.178.0/24 maxlen: 24
                          89.213.216.0/24 maxlen: 24
                          89.213.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:70:1c:e3:11:de:c5:be:3b:03:69:ab:82:76:c5:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 11:47:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=665841ef906af9674f4bc56757462bfe90880fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e2:ba:53:4b:f0:1a:b9:e5:1a:10:57:e0:57:
                    35:88:89:ba:20:8a:48:1c:3c:31:5c:9e:15:06:20:
                    c4:8c:e3:69:f1:c7:1d:40:3c:9d:06:ce:aa:53:14:
                    3c:6d:b9:56:36:b4:a5:2a:7d:4c:f1:fa:ba:ac:e6:
                    21:fd:b5:18:49:54:08:5a:cf:c6:df:b3:19:1b:ff:
                    36:ec:d4:33:61:e2:f3:57:04:48:ad:58:63:0e:72:
                    23:a7:52:7a:65:7e:28:3a:cb:b7:81:6a:1b:69:82:
                    c4:f5:1b:5d:cf:90:a5:79:7a:2c:b5:a5:79:38:78:
                    88:ae:89:ab:c1:b6:05:e7:da:56:70:b0:5b:30:08:
                    59:8c:94:b4:f9:f4:90:e2:6a:29:5d:bc:da:39:99:
                    69:af:98:28:a6:16:f8:4f:1a:a3:25:fb:f6:40:a2:
                    80:96:43:67:bd:fe:23:7e:98:7c:7e:85:6d:3c:9d:
                    81:ac:cf:fc:31:78:59:51:ef:e4:4f:fb:21:f9:19:
                    1b:35:a4:2c:7c:76:73:a0:5e:34:67:36:d8:ad:ae:
                    dd:2d:77:dc:2b:ad:f0:65:1d:2e:ab:33:0e:2f:80:
                    83:7f:2e:b6:d7:86:60:90:b7:5b:a9:1e:b4:57:23:
                    ce:58:98:db:82:dd:7c:b4:93:bf:05:b3:67:a8:5c:
                    1f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:58:41:EF:90:6A:F9:67:4F:4B:C5:67:57:46:2B:FE:90:88:0F:C0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZlhB75Bq-WdPS8VnV0Yr_pCID8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.178.0/24
                  89.213.216.0/24
                  89.213.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:fe:c5:c3:c7:f4:68:37:e4:97:cf:03:29:54:96:54:b6:70:
         60:ba:32:57:64:d7:8d:e0:56:cc:c3:4c:8f:60:0b:1f:37:0a:
         d2:2a:55:e7:dc:f4:0a:9d:98:4b:79:dc:d8:31:15:7f:9b:42:
         b3:02:5b:7c:49:83:46:49:f1:eb:6a:99:65:d6:1e:66:9d:8e:
         9e:2e:c3:a6:e5:bb:05:68:30:7d:6e:ae:a6:66:32:9a:75:a1:
         32:74:b5:42:1c:0a:3d:71:ef:3b:28:c3:98:91:5f:b6:72:bb:
         2f:78:97:9a:ce:b3:7c:e3:c9:a1:4a:ed:29:81:bb:87:ba:93:
         39:33:22:b8:c3:94:7e:0e:d8:d2:c5:92:4f:ec:ac:ac:f4:4b:
         5f:cf:2a:ee:d6:86:85:a1:f4:bf:8c:76:8c:b7:b7:07:c0:43:
         f8:78:53:55:4f:5f:cd:9c:a3:c2:81:56:e1:76:5e:2f:21:d6:
         60:1a:66:77:ed:c3:44:8c:1d:9c:9b:59:f7:7f:78:f9:0d:3b:
         84:03:d9:d3:37:e8:3c:8d:1e:72:56:ba:37:60:67:d4:2a:32:
         6b:c5:d4:b8:fc:8f:98:44:bc:67:2c:08:59:a5:51:e0:d4:06:
         e6:ea:ed:4b:33:6c:8d:dd:58:71:b3:76:a1:58:95:9c:d9:7c:
         65:fb:dd:8e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY51cBzjEd7FvjsDaauCdsVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI1MTE0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjU4NDFlZjkwNmFmOTY3NGY0YmM1Njc1NzQ2MmJmZTkwODgwZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuK6U0vwGrnlGhBX4Fc1iIm6IIpI
HDwxXJ4VBiDEjONp8ccdQDydBs6qUxQ8bblWNrSlKn1M8fq6rOYh/bUYSVQIWs/G
37MZG/827NQzYeLzVwRIrVhjDnIjp1J6ZX4oOsu3gWobaYLE9Rtdz5CleXostaV5
OHiIromrwbYF59pWcLBbMAhZjJS0+fSQ4mopXbzaOZlpr5gophb4TxqjJfv2QKKA
lkNnvf4jfph8foVtPJ2BrM/8MXhZUe/kT/sh+RkbNaQsfHZzoF40ZzbYra7dLXfc
K63wZR0uqzMOL4CDfy6214ZgkLdbqR60VyPOWJjbgt18tJO/BbNnqFwf0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGZYQe+QavlnT0vFZ1dGK/6QiA/AMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWmxoQjc1QnEtV2RQUzhWblYwWXJfcENJRDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWdWyAwQA
WdXYAwQAWdXdMA0GCSqGSIb3DQEBCwUAA4IBAQCJ/sXDx/RoN+SXzwMpVJZUtnBg
ujJXZNeN4FbMw0yPYAsfNwrSKlXn3PQKnZhLedzYMRV/m0KzAlt8SYNGSfHrapll
1h5mnY6eLsOm5bsFaDB9bq6mZjKadaEydLVCHAo9ce87KMOYkV+2crsveJeazrN8
48mhSu0pgbuHupM5MyK4w5R+DtjSxZJP7Kys9Etfzyru1oaFofS/jHaMt7cHwEP4
eFNVT1/NnKPCgVbhdl4vIdZgGmZ37cNEjB2cm1n3f3j5DTuEA9nTN+g8jR5yVro3
YGfUKjJrxdS4/I+YRLxnLAhZpVHg1Abm6u1LM2yN3Vhxs3ahWJWc2Xxl+92O
-----END CERTIFICATE-----