Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a_yu7jVKoliLcMs-upkUvIWf62w.roa
File:                     a_yu7jVKoliLcMs-upkUvIWf62w.roa (raw, json)
Hash identifier:          fi+9EpIJXg0iTvvdM1XPYzNTZfPmZa/wEts4ETmMYUo=
Subject key identifier:   6B:FC:AE:EE:35:4A:A2:58:8B:70:CB:3E:BA:99:14:BC:85:9F:EB:6C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214438E055A9EC7934120EA6EB792AA7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a_yu7jVKoliLcMs-upkUvIWf62w.roa
Signing time:             Wed 01 Jan 2025 09:48:26 +0000
ROA not before:           Wed 01 Jan 2025 09:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264409
IP address blocks:        89.213.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:38:e0:55:a9:ec:79:34:12:0e:a6:eb:79:2a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bfcaeee354aa2588b70cb3eba9914bc859feb6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:de:60:01:47:39:16:1f:77:7b:2b:f5:9e:6d:
                    f7:78:25:9c:f5:a0:7f:bb:08:fb:42:fa:79:55:5e:
                    5e:42:0a:dd:62:25:25:48:52:5f:b9:ed:17:6e:08:
                    02:3f:d7:2e:f9:5e:da:df:79:80:93:8d:3a:0c:e2:
                    72:a5:d8:3d:46:5c:a9:7c:b9:1e:08:e1:32:73:29:
                    f8:b6:e3:8e:8d:1d:10:6f:8e:16:80:e9:8c:d4:09:
                    ce:a4:36:26:fd:9a:ac:aa:6c:15:cd:be:0d:11:48:
                    86:18:76:df:90:df:65:c9:dd:fa:fd:dc:f1:1f:7d:
                    60:9d:81:62:1e:97:e0:75:2f:dc:68:89:18:bc:01:
                    72:ad:8c:f3:47:22:62:a6:c5:d6:2d:f6:ab:9c:bf:
                    6a:40:a6:6d:7e:51:9b:0a:03:b6:8b:27:dc:ff:71:
                    7a:6d:bb:bc:fb:ff:55:09:b2:ef:8f:3a:28:11:a5:
                    d4:28:5c:c8:16:2e:9c:ee:a0:fe:70:74:71:93:cc:
                    4a:e0:47:63:cf:91:6a:9d:c3:1c:68:48:67:74:48:
                    da:1e:e8:d3:f9:57:de:3a:7f:81:5b:92:db:52:16:
                    63:d9:32:bb:48:0c:c8:a9:cf:62:3f:43:40:72:90:
                    0f:65:06:6a:d1:65:1d:57:aa:cc:f9:dd:28:6e:76:
                    f5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:FC:AE:EE:35:4A:A2:58:8B:70:CB:3E:BA:99:14:BC:85:9F:EB:6C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a_yu7jVKoliLcMs-upkUvIWf62w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:6c:29:6a:11:10:8e:36:c2:1f:63:cd:16:b1:65:12:c0:00:
         9b:a3:2d:5d:03:a0:c7:24:7e:bf:00:5b:34:62:9e:3d:f1:3b:
         5c:23:35:3e:1b:9e:f4:4e:9f:b5:b4:f5:10:1d:49:85:88:63:
         8e:50:79:22:26:b2:66:67:b9:ec:6e:b2:2a:87:97:23:b9:f1:
         79:b1:63:8e:c4:67:cb:a2:d0:76:8c:ab:fd:ab:9e:b3:51:69:
         f2:87:55:c1:31:51:71:f7:7f:b8:ae:ab:f9:dd:89:b1:b0:cf:
         21:c0:f7:ed:bc:94:f1:35:41:f5:3b:01:a3:ea:f0:9e:d4:3e:
         4b:9e:ae:e3:da:10:d1:f9:5e:2b:fd:1b:73:8a:33:ff:5d:c0:
         89:46:b9:3c:b7:98:eb:29:cc:94:ba:88:b2:6a:8c:af:10:42:
         6c:0b:21:80:c9:f4:84:aa:1c:f2:3f:06:2d:79:84:02:eb:04:
         18:c9:26:a6:3d:d1:1a:f7:66:8c:ce:b5:2b:3f:d1:59:91:e1:
         f0:d3:67:fc:dc:d0:be:08:86:e8:0f:0b:23:ae:eb:c4:d3:ef:
         55:9b:3d:c9:02:3a:3d:9a:b7:a9:ee:45:de:e1:d1:23:b8:c7:
         e9:1b:c7:bf:07:1f:ea:50:7d:06:26:8d:07:13:14:d8:b2:09:
         0a:af:4a:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDjgVanseTQSDqbreSqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmZjYWVlZTM1NGFhMjU4OGI3MGNiM2ViYTk5MTRiYzg1OWZlYjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud5gAUc5Fh93eyv1nm33eCWc9aB/
uwj7Qvp5VV5eQgrdYiUlSFJfue0XbggCP9cu+V7a33mAk406DOJypdg9RlypfLke
COEycyn4tuOOjR0Qb44WgOmM1AnOpDYm/ZqsqmwVzb4NEUiGGHbfkN9lyd36/dzx
H31gnYFiHpfgdS/caIkYvAFyrYzzRyJipsXWLfarnL9qQKZtflGbCgO2iyfc/3F6
bbu8+/9VCbLvjzooEaXUKFzIFi6c7qD+cHRxk8xK4Edjz5FqncMcaEhndEjaHujT
+VfeOn+BW5LbUhZj2TK7SAzIqc9iP0NAcpAPZQZq0WUdV6rM+d0obnb1XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGv8ru41SqJYi3DLPrqZFLyFn+tsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYV95dTdqVktvbGlMY01zLXVwa1V2SVdmNjJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXaMA0G
CSqGSIb3DQEBCwUAA4IBAQBKbClqERCONsIfY80WsWUSwACboy1dA6DHJH6/AFs0
Yp498TtcIzU+G570Tp+1tPUQHUmFiGOOUHkiJrJmZ7nsbrIqh5cjufF5sWOOxGfL
otB2jKv9q56zUWnyh1XBMVFx93+4rqv53YmxsM8hwPftvJTxNUH1OwGj6vCe1D5L
nq7j2hDR+V4r/RtzijP/XcCJRrk8t5jrKcyUuoiyaoyvEEJsCyGAyfSEqhzyPwYt
eYQC6wQYySamPdEa92aMzrUrP9FZkeHw02f83NC+CIboDwsjruvE0+9Vmz3JAjo9
mrep7kXe4dEjuMfpG8e/Bx/qUH0GJo0HExTYsgkKr0oX
-----END CERTIFICATE-----