Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dp0PquXU3iZvXsEAqaU4aao2KGw.roa
File:                     dp0PquXU3iZvXsEAqaU4aao2KGw.roa (raw, json)
Hash identifier:          penPfQyCtbY/bg7ih5ewsAfvYY12Q+laDvbI2H2bzMk=
Subject key identifier:   76:9D:0F:AA:E5:D4:DE:26:6F:5E:C1:00:A9:A5:38:69:AA:36:28:6C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143DC2D880080D25D6B0EB82C97BB10
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dp0PquXU3iZvXsEAqaU4aao2KGw.roa
Signing time:             Wed 01 Jan 2025 09:48:02 +0000
ROA not before:           Wed 01 Jan 2025 09:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        89.213.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:dc:2d:88:00:80:d2:5d:6b:0e:b8:2c:97:bb:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=769d0faae5d4de266f5ec100a9a53869aa36286c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:04:b7:3e:a4:73:b6:50:10:7f:bf:b7:36:b5:
                    20:6e:97:4e:26:c6:bd:82:01:67:ac:b7:a7:91:31:
                    53:cf:d5:f6:f8:d4:0f:96:2d:52:65:15:f6:a3:af:
                    7c:da:a1:e0:99:1b:ba:87:a4:02:02:e9:e0:03:e1:
                    9e:e6:8a:e9:ca:d5:65:ee:c5:09:ce:dd:db:13:3b:
                    a1:fa:03:97:56:01:e2:6e:a8:da:89:a8:b5:1d:7b:
                    0f:15:5c:1f:46:31:3b:02:76:9b:8d:f0:3c:14:6c:
                    4f:d4:e6:e6:bd:94:41:04:6b:b3:09:ea:ca:1f:ca:
                    02:19:07:9d:f1:07:bd:c5:88:ba:b1:48:a2:1f:10:
                    b6:2a:ba:35:4c:1c:39:68:59:97:57:8e:33:19:6a:
                    f7:7d:ac:0f:c5:24:04:1b:35:35:75:f8:22:72:e6:
                    90:15:7f:dc:b4:c8:c4:56:7e:70:3d:d9:a2:b1:a6:
                    e4:e5:5c:f8:c7:db:b8:91:c9:91:59:61:d9:82:ec:
                    ad:02:d4:0f:0d:fe:01:16:27:dc:9e:95:0f:b9:46:
                    4c:98:32:92:b4:00:ad:f4:00:06:8d:61:b5:6d:08:
                    0a:50:45:7b:51:f7:da:d7:e8:19:2e:68:1d:65:da:
                    ae:dd:dd:55:2a:9d:3e:b5:3d:9d:b9:df:da:bb:cf:
                    5a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:9D:0F:AA:E5:D4:DE:26:6F:5E:C1:00:A9:A5:38:69:AA:36:28:6C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dp0PquXU3iZvXsEAqaU4aao2KGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:ee:4d:10:76:f9:0c:57:a7:21:0d:5d:3e:e4:f2:10:7e:2e:
         f7:32:a2:cb:5e:9b:58:b3:ce:b7:e2:ef:03:21:6e:8d:30:2b:
         dc:d8:f0:f8:65:f7:2c:1a:39:03:e4:c3:be:04:97:11:4e:bc:
         40:3b:db:94:77:a5:3f:7d:db:f1:6b:d1:e0:d0:16:f0:6c:92:
         3b:cb:86:36:4a:59:22:14:aa:4b:c2:f9:5e:ee:09:1a:2f:50:
         f2:92:6f:50:a3:c1:00:ca:bb:33:f2:69:ec:0b:1a:19:9d:0f:
         57:a4:53:3a:51:91:a7:12:5f:f0:eb:3b:6b:8f:f9:af:8d:7f:
         9e:1e:ad:d7:60:38:bc:60:dd:3a:d8:c2:f9:72:90:a5:c5:91:
         1a:52:93:3b:64:a1:47:06:22:f1:7f:1f:9e:ec:4a:34:c0:ae:
         76:15:10:ff:f0:94:d7:0b:59:35:3f:ce:d0:1d:2c:f6:53:31:
         04:53:2c:db:d7:3c:c4:2b:d5:77:68:bf:f5:83:f6:a0:9d:b1:
         87:6c:33:e1:d4:5c:0d:49:8a:20:af:34:c0:c6:7f:21:fe:1c:
         93:de:5a:ec:44:ea:67:48:d5:c8:95:1f:df:74:f0:2a:ff:63:
         28:67:de:47:a6:21:2e:41:aa:a1:c1:0b:b9:6a:04:9f:f3:68:
         1e:7f:e2:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9wtiACA0l1rDrgsl7sQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjlkMGZhYWU1ZDRkZTI2NmY1ZWMxMDBhOWE1Mzg2OWFhMzYyODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwS3PqRztlAQf7+3NrUgbpdOJsa9
ggFnrLenkTFTz9X2+NQPli1SZRX2o6982qHgmRu6h6QCAungA+Ge5orpytVl7sUJ
zt3bEzuh+gOXVgHibqjaiai1HXsPFVwfRjE7AnabjfA8FGxP1ObmvZRBBGuzCerK
H8oCGQed8Qe9xYi6sUiiHxC2Kro1TBw5aFmXV44zGWr3fawPxSQEGzU1dfgicuaQ
FX/ctMjEVn5wPdmisabk5Vz4x9u4kcmRWWHZguytAtQPDf4BFifcnpUPuUZMmDKS
tACt9AAGjWG1bQgKUEV7Uffa1+gZLmgdZdqu3d1VKp0+tT2dud/au89apQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHadD6rl1N4mb17BAKmlOGmqNihsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZHAwUHF1WFUzaVp2WHNFQXFhVTRhYW8yS0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdV2MA0G
CSqGSIb3DQEBCwUAA4IBAQBQ7k0QdvkMV6chDV0+5PIQfi73MqLLXptYs8634u8D
IW6NMCvc2PD4ZfcsGjkD5MO+BJcRTrxAO9uUd6U/fdvxa9Hg0BbwbJI7y4Y2Slki
FKpLwvle7gkaL1Dykm9Qo8EAyrsz8mnsCxoZnQ9XpFM6UZGnEl/w6ztrj/mvjX+e
Hq3XYDi8YN062ML5cpClxZEaUpM7ZKFHBiLxfx+e7Eo0wK52FRD/8JTXC1k1P87Q
HSz2UzEEUyzb1zzEK9V3aL/1g/agnbGHbDPh1FwNSYogrzTAxn8h/hyT3lrsROpn
SNXIlR/fdPAq/2MoZ95HpiEuQaqhwQu5agSf82gef+IZ
-----END CERTIFICATE-----