Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hbf3G-L31cEMfq8zWhVNjzlz6yE.roa
File:                     hbf3G-L31cEMfq8zWhVNjzlz6yE.roa (raw, json)
Hash identifier:          z0vvbt5ltaM7EFzZkndnljcD+AgJJymp1H6XykoPnnU=
Subject key identifier:   85:B7:F7:1B:E2:F7:D5:C1:0C:7E:AF:33:5A:15:4D:8F:39:73:EB:21
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E376E9F4C216A4FB238FA1CE63D0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hbf3G-L31cEMfq8zWhVNjzlz6yE.roa
Signing time:             Wed 01 Jan 2025 09:48:04 +0000
ROA not before:           Wed 01 Jan 2025 09:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47869
IP address blocks:        89.213.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e3:76:e9:f4:c2:16:a4:fb:23:8f:a1:ce:63:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85b7f71be2f7d5c10c7eaf335a154d8f3973eb21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:90:ef:fb:20:c3:ed:ca:eb:bc:39:d7:d8:03:
                    cf:ba:e1:4c:97:7d:76:c5:11:da:03:6d:50:aa:97:
                    7d:0c:cf:2a:32:49:cc:36:2c:e2:6a:56:27:2a:1d:
                    2b:a8:36:57:0a:b3:3d:4f:eb:98:17:fa:7c:82:77:
                    05:bd:37:7d:8f:ac:7a:70:82:d5:b5:75:37:10:17:
                    4e:c5:fa:a8:63:aa:b4:eb:55:ef:0a:aa:73:e0:1f:
                    fd:e9:ad:2a:f6:ca:5f:c3:31:e1:b6:da:92:5d:e8:
                    4e:31:6c:76:dc:8a:77:b3:b7:b5:18:f8:fe:e3:e9:
                    a5:24:46:21:85:a4:9f:38:b3:bc:af:2b:97:0f:f6:
                    fa:8a:33:fb:f8:5b:52:04:0c:66:2e:48:22:cf:9f:
                    cd:be:4e:bd:12:5b:bd:88:bb:53:e9:f7:69:43:9e:
                    a2:53:f6:7d:e9:9a:85:ba:38:c4:e6:cd:46:1f:83:
                    e6:83:91:ec:36:7f:41:33:40:7d:b5:7f:70:35:0c:
                    18:88:6f:16:c2:01:b5:1a:49:2e:8b:ad:c0:00:78:
                    be:33:77:27:1f:98:f4:78:93:e5:45:5f:d2:db:36:
                    cb:ba:bb:2c:df:68:55:02:b1:e4:bb:48:ce:b3:4c:
                    24:ac:ef:c0:9f:34:d9:8b:29:ca:37:1e:18:56:52:
                    7a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B7:F7:1B:E2:F7:D5:C1:0C:7E:AF:33:5A:15:4D:8F:39:73:EB:21
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hbf3G-L31cEMfq8zWhVNjzlz6yE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:98:02:c6:db:fb:6a:af:52:64:4c:00:03:c6:84:c8:b6:2a:
         26:45:31:86:f3:66:e9:84:75:76:a4:3f:28:a8:ae:ec:c6:67:
         43:72:bd:92:16:93:69:5e:6d:4e:a6:e8:ae:1d:e0:6b:10:33:
         fd:81:05:19:3f:2c:3b:99:10:ae:f3:a2:d1:43:6a:2e:bc:64:
         5e:2b:4b:16:7f:fa:de:95:24:7a:7c:ed:57:2d:d8:23:fa:b8:
         9f:8d:9d:f1:ea:21:19:c8:ba:95:85:ee:f2:d1:38:23:4f:a0:
         bc:f5:5a:58:4b:0c:65:cf:84:c8:b3:5a:9c:0f:a6:f6:19:79:
         f1:5f:9d:76:15:f3:21:f6:72:8e:9d:a8:b9:4b:28:56:e4:58:
         b9:01:07:3e:a1:8a:db:ad:10:48:56:52:63:79:19:cb:f9:b9:
         07:43:8a:c8:ac:3e:0b:e4:c5:4f:4d:10:9d:9f:ec:d8:ba:6e:
         84:ad:c6:d6:b1:f5:f6:d2:a1:43:e4:b0:44:c9:00:12:36:e3:
         b8:89:be:61:e5:87:ac:9a:7c:9c:7f:8b:b6:cf:5b:a3:be:5f:
         15:35:c8:ee:78:46:c3:7c:a0:67:52:99:a1:29:2b:82:09:59:
         19:00:b4:41:17:c5:9e:f2:ee:8e:8d:8b:85:c6:de:18:14:78:
         8e:c7:1a:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+N26fTCFqT7I4+hzmPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI3ZjcxYmUyZjdkNWMxMGM3ZWFmMzM1YTE1NGQ4ZjM5NzNlYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJDv+yDD7crrvDnX2APPuuFMl312
xRHaA21Qqpd9DM8qMknMNizialYnKh0rqDZXCrM9T+uYF/p8gncFvTd9j6x6cILV
tXU3EBdOxfqoY6q061XvCqpz4B/96a0q9spfwzHhttqSXehOMWx23Ip3s7e1GPj+
4+mlJEYhhaSfOLO8ryuXD/b6ijP7+FtSBAxmLkgiz5/Nvk69Elu9iLtT6fdpQ56i
U/Z96ZqFujjE5s1GH4Pmg5HsNn9BM0B9tX9wNQwYiG8WwgG1Gkkui63AAHi+M3cn
H5j0eJPlRV/S2zbLurss32hVArHku0jOs0wkrO/AnzTZiynKNx4YVlJ6FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW39xvi99XBDH6vM1oVTY85c+shMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaGJmM0ctTDMxY0VNZnE4eldoVk5qemx6NnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWlMA0G
CSqGSIb3DQEBCwUAA4IBAQAHmALG2/tqr1JkTAADxoTItiomRTGG82bphHV2pD8o
qK7sxmdDcr2SFpNpXm1OpuiuHeBrEDP9gQUZPyw7mRCu86LRQ2ouvGReK0sWf/re
lSR6fO1XLdgj+rifjZ3x6iEZyLqVhe7y0TgjT6C89VpYSwxlz4TIs1qcD6b2GXnx
X512FfMh9nKOnai5SyhW5Fi5AQc+oYrbrRBIVlJjeRnL+bkHQ4rIrD4L5MVPTRCd
n+zYum6ErcbWsfX20qFD5LBEyQASNuO4ib5h5Yesmnycf4u2z1ujvl8VNcjueEbD
fKBnUpmhKSuCCVkZALRBF8We8u6OjYuFxt4YFHiOxxrm
-----END CERTIFICATE-----