Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aTW221K4tKwSxNjbMQaxn6npsN8.roa
File:                     aTW221K4tKwSxNjbMQaxn6npsN8.roa (raw, json)
Hash identifier:          9VF/BEOrASwL96c1OxbLgK/0To/rDsifOao+7klYhRo=
Subject key identifier:   69:35:B6:DB:52:B8:B4:AC:12:C4:D8:DB:31:06:B1:9F:A9:E9:B0:DF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144304788A17B7AADEE954A15CF2A9B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aTW221K4tKwSxNjbMQaxn6npsN8.roa
Signing time:             Wed 01 Jan 2025 09:48:24 +0000
ROA not before:           Wed 01 Jan 2025 09:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215638
IP address blocks:        89.213.96.0/24 maxlen: 24
                          213.218.252.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:30:47:88:a1:7b:7a:ad:ee:95:4a:15:cf:2a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6935b6db52b8b4ac12c4d8db3106b19fa9e9b0df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:45:5a:14:88:9a:8d:66:ef:1d:b3:08:ff:f0:
                    08:64:e2:e8:06:bd:2a:f5:c0:a6:58:96:7c:70:98:
                    64:9a:65:6e:92:8a:6a:29:fe:bc:1b:0c:3f:c0:da:
                    8d:60:81:72:56:a4:e1:24:d3:36:c7:68:b7:7e:98:
                    78:eb:02:01:d7:3a:a9:c0:7b:c7:90:5f:5b:86:54:
                    8b:b9:c6:60:48:34:3a:f5:1c:02:3f:df:10:4a:be:
                    c5:36:bb:10:67:e7:9b:d9:ec:2b:c3:3b:88:91:22:
                    5d:34:cf:ce:65:99:f1:e6:c0:a8:3c:76:31:ae:1d:
                    7a:63:84:46:16:54:2f:8c:f5:6f:b5:1c:c4:2f:ec:
                    42:77:c0:89:74:ba:d5:79:84:51:86:de:de:73:63:
                    1c:58:66:44:df:7a:9a:cc:fe:94:b1:e0:fd:af:f1:
                    f7:14:b3:e0:d0:33:38:c3:39:71:e3:ab:96:0c:f9:
                    08:ac:18:6f:a6:0c:46:25:a8:9c:dd:1c:10:4f:ca:
                    ac:e9:b8:c5:0b:9b:20:73:2e:ac:d7:e1:ab:f5:25:
                    5e:f2:f6:c9:ae:e4:63:17:38:19:83:c1:20:00:a2:
                    5b:70:a7:cd:a5:95:3c:8d:33:41:bd:d5:5e:57:a4:
                    26:1a:3a:4a:91:70:c8:3b:66:52:5d:fe:e5:eb:9c:
                    e2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:35:B6:DB:52:B8:B4:AC:12:C4:D8:DB:31:06:B1:9F:A9:E9:B0:DF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aTW221K4tKwSxNjbMQaxn6npsN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.96.0/24
                  213.218.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:58:5e:f7:3b:6e:f5:02:0d:61:03:b4:20:0d:da:45:7a:16:
         b7:c6:88:e8:ad:20:83:ad:f4:e2:7b:dc:8c:c5:1c:73:42:db:
         6a:89:8d:10:a5:08:03:41:dc:0a:bd:6f:fc:06:b1:2b:96:c0:
         a1:87:db:c5:85:48:28:c3:91:fe:7a:dc:38:e7:1e:d4:10:70:
         b5:a6:56:73:2f:3e:bb:d4:b8:ad:8f:3c:14:51:e5:72:a1:ff:
         23:a9:fd:e7:54:e1:fb:6b:af:a6:f1:cb:41:fb:30:90:f4:e8:
         94:e9:89:09:71:29:9d:d9:7d:14:57:61:e1:18:fe:09:1f:85:
         dc:84:d3:61:c6:d7:bd:b2:8b:17:4e:82:db:b0:97:e2:c9:41:
         72:55:21:7f:bf:81:78:36:00:a4:36:08:e7:9d:9e:95:96:91:
         c1:55:81:1b:51:ff:55:ea:da:9e:25:78:d5:4b:02:f3:29:f1:
         77:19:81:63:ff:6e:69:1f:d1:07:fa:da:2c:8c:15:b2:7a:cf:
         05:9a:23:4e:fd:37:a3:8e:0f:5d:78:1a:fe:ee:f0:63:67:67:
         67:a0:a7:93:fb:95:10:0d:b0:01:ff:0a:31:11:ba:4c:84:43:
         77:34:aa:bc:18:29:93:5c:61:f3:94:8d:ed:81:bb:32:c1:e1:
         06:5b:23:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRDBHiKF7eq3ulUoVzyqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTM1YjZkYjUyYjhiNGFjMTJjNGQ4ZGIzMTA2YjE5ZmE5ZTliMGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVaFIiajWbvHbMI//AIZOLoBr0q
9cCmWJZ8cJhkmmVukopqKf68Gww/wNqNYIFyVqThJNM2x2i3fph46wIB1zqpwHvH
kF9bhlSLucZgSDQ69RwCP98QSr7FNrsQZ+eb2ewrwzuIkSJdNM/OZZnx5sCoPHYx
rh16Y4RGFlQvjPVvtRzEL+xCd8CJdLrVeYRRht7ec2McWGZE33qazP6UseD9r/H3
FLPg0DM4wzlx46uWDPkIrBhvpgxGJaic3RwQT8qs6bjFC5sgcy6s1+Gr9SVe8vbJ
ruRjFzgZg8EgAKJbcKfNpZU8jTNBvdVeV6QmGjpKkXDIO2ZSXf7l65zi6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGk1tttSuLSsEsTY2zEGsZ+p6bDfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYVRXMjIxSzR0S3dTeE5qYk1RYXhuNm5wc044LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdVgAwQB
1dr8MA0GCSqGSIb3DQEBCwUAA4IBAQCmWF73O271Ag1hA7QgDdpFeha3xojorSCD
rfTie9yMxRxzQttqiY0QpQgDQdwKvW/8BrErlsChh9vFhUgow5H+etw45x7UEHC1
plZzLz671LitjzwUUeVyof8jqf3nVOH7a6+m8ctB+zCQ9OiU6YkJcSmd2X0UV2Hh
GP4JH4XchNNhxte9sosXToLbsJfiyUFyVSF/v4F4NgCkNgjnnZ6VlpHBVYEbUf9V
6tqeJXjVSwLzKfF3GYFj/25pH9EH+tosjBWyes8FmiNO/Tejjg9deBr+7vBjZ2dn
oKeT+5UQDbAB/woxEbpMhEN3NKq8GCmTXGHzlI3tgbsyweEGWyNj
-----END CERTIFICATE-----