Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ba54SkOby4Flz0gEbrFH6VcjMlo.roa
File:                     ba54SkOby4Flz0gEbrFH6VcjMlo.roa (raw, json)
Hash identifier:          sOPqhqw8+ZN5ID7gYUQXx0HC6i0qH1ZAbD0i+ApXu2w=
Subject key identifier:   6D:AE:78:4A:43:9B:CB:81:65:CF:48:04:6E:B1:47:E9:57:23:32:5A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E2DE7BBDA9847BCF4BB0D661C743BDD36
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ba54SkOby4Flz0gEbrFH6VcjMlo.roa
Signing time:             Mon 11 Mar 2024 14:25:45 +0000
ROA not before:           Mon 11 Mar 2024 14:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        89.213.132.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:04:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:e7:bb:da:98:47:bc:f4:bb:0d:66:1c:74:3b:dd:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 11 14:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dae784a439bcb8165cf48046eb147e95723325a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:44:fb:da:09:7d:7b:3a:54:d9:3f:27:24:7e:
                    74:37:ac:f8:34:a7:76:80:62:03:63:f6:b9:b0:a3:
                    75:56:e9:0d:e7:d8:e5:24:67:9a:67:67:cf:19:f6:
                    7e:f1:65:26:e9:e9:00:62:fd:f2:1a:9e:75:b1:9f:
                    b2:2e:a1:b8:96:b3:0a:8e:7e:d3:51:64:1b:4f:b0:
                    b1:e8:7e:d7:a9:da:b4:53:26:21:90:8d:58:c2:6e:
                    af:62:25:49:9c:5a:2e:53:8e:fd:d4:35:af:e0:46:
                    fc:8e:72:f5:c7:e8:78:8f:9f:76:a9:a9:56:20:80:
                    f6:f1:58:56:e3:80:4a:36:bc:bf:a1:d3:96:ed:c1:
                    36:be:62:68:df:cc:cf:01:28:56:d0:12:9d:4d:df:
                    3b:48:ae:a4:e2:c7:2b:1f:76:bf:fe:02:82:d9:2b:
                    ad:21:95:0d:20:9e:f7:54:61:f4:f5:ce:90:e5:45:
                    00:0f:b6:07:d7:ab:2c:93:8c:5c:3c:50:0e:ad:e0:
                    23:2b:d2:f3:ef:7b:98:5d:ca:70:d0:09:c0:58:df:
                    f0:18:ee:95:7e:8d:79:55:fb:9d:ab:0a:82:08:b7:
                    3f:7b:f2:b5:c0:56:0f:3f:55:23:7a:0f:d4:72:03:
                    01:bb:22:38:1d:ce:4b:fd:39:e3:cf:60:ac:83:8a:
                    72:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:AE:78:4A:43:9B:CB:81:65:CF:48:04:6E:B1:47:E9:57:23:32:5A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ba54SkOby4Flz0gEbrFH6VcjMlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.132.0/24
                  89.213.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:94:74:65:fb:4e:64:b9:98:a3:42:bd:1e:b7:e1:e1:50:22:
         26:7d:56:40:03:95:f0:08:50:63:46:5e:37:b0:de:65:4f:fc:
         64:39:08:0f:ce:0e:13:cd:23:a9:ef:30:e6:23:97:b3:59:4e:
         87:fc:cc:e6:f3:c0:75:62:2f:5b:f6:b1:eb:22:c2:d4:bc:16:
         ed:44:f1:bb:03:7c:f0:32:56:68:ef:70:85:e1:b0:54:e4:b8:
         57:77:d7:d0:77:6d:72:43:d3:2d:ba:c9:26:2b:8f:d3:24:80:
         6e:c9:d5:8f:47:20:5e:c9:ce:e6:b2:a4:0b:c6:11:91:61:7f:
         52:3d:62:ba:5a:e3:19:8c:36:bc:86:97:72:a4:c8:e2:5e:40:
         b4:2b:6b:7f:74:44:8b:b0:12:9f:cf:57:88:59:5f:64:71:5d:
         65:1b:77:9e:e6:f6:a5:63:41:9d:f0:ec:83:a0:a3:51:bb:36:
         9a:50:5d:7e:4b:97:1d:2f:00:11:5e:ed:b5:ef:51:7a:3f:42:
         39:88:df:b6:98:79:70:5d:09:6b:37:81:05:a7:ad:8d:63:86:
         d7:ae:17:c2:49:5e:8e:5a:35:95:93:8e:af:f5:94:2f:df:be:
         f5:b7:7d:f4:00:a7:c9:b1:4b:fb:d2:23:b0:06:20:d8:1b:fa:
         ef:7e:ad:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4t57vamEe89LsNZhx0O902MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzExMTQyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGFlNzg0YTQzOWJjYjgxNjVjZjQ4MDQ2ZWIxNDdlOTU3MjMzMjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokT72gl9ezpU2T8nJH50N6z4NKd2
gGIDY/a5sKN1VukN59jlJGeaZ2fPGfZ+8WUm6ekAYv3yGp51sZ+yLqG4lrMKjn7T
UWQbT7Cx6H7Xqdq0UyYhkI1Ywm6vYiVJnFouU4791DWv4Eb8jnL1x+h4j592qalW
IID28VhW44BKNry/odOW7cE2vmJo38zPAShW0BKdTd87SK6k4scrH3a//gKC2Sut
IZUNIJ73VGH09c6Q5UUAD7YH16ssk4xcPFAOreAjK9Lz73uYXcpw0AnAWN/wGO6V
fo15VfudqwqCCLc/e/K1wFYPP1Ujeg/UcgMBuyI4Hc5L/Tnjz2Csg4pyxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG2ueEpDm8uBZc9IBG6xR+lXIzJaMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYmE1NFNrT2J5NEZsejBnRWJyRkg2VmNqTWxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdWEAwQA
WdWtMA0GCSqGSIb3DQEBCwUAA4IBAQBXlHRl+05kuZijQr0et+HhUCImfVZAA5Xw
CFBjRl43sN5lT/xkOQgPzg4TzSOp7zDmI5ezWU6H/Mzm88B1Yi9b9rHrIsLUvBbt
RPG7A3zwMlZo73CF4bBU5LhXd9fQd21yQ9MtuskmK4/TJIBuydWPRyBeyc7msqQL
xhGRYX9SPWK6WuMZjDa8hpdypMjiXkC0K2t/dESLsBKfz1eIWV9kcV1lG3ee5val
Y0Gd8OyDoKNRuzaaUF1+S5cdLwARXu2171F6P0I5iN+2mHlwXQlrN4EFp62NY4bX
rhfCSV6OWjWVk46v9ZQv3771t330AKfJsUv70iOwBiDYG/rvfq1M
-----END CERTIFICATE-----