Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iHH4D-SoyX7JXcBTk5yh6ZX0V3k.roa
File:                     iHH4D-SoyX7JXcBTk5yh6ZX0V3k.roa (raw, json)
Hash identifier:          Dym+xRgjxFa/b5ZrUQ8tADonlroUxpxivmXtcjMerRE=
Subject key identifier:   88:71:F8:0F:E4:A8:C9:7E:C9:5D:C0:53:93:9C:A1:E9:95:F4:57:79
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC34965FDA71B14DD6FC1B324633D7CC1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iHH4D-SoyX7JXcBTk5yh6ZX0V3k.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216414
IP address blocks:        89.213.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:65:fd:a7:1b:14:dd:6f:c1:b3:24:63:3d:7c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8871f80fe4a8c97ec95dc053939ca1e995f45779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:37:cd:1b:1b:1d:a1:ca:e7:b3:63:17:09:a7:
                    81:6b:7f:95:c6:dd:e1:0f:b0:04:ae:84:23:36:01:
                    ad:77:6a:93:cb:42:fc:87:cb:7b:3c:d4:07:64:59:
                    b2:25:1b:c9:52:48:8a:34:8e:2d:51:64:fa:34:e8:
                    4d:f0:d5:78:d4:27:50:67:49:8b:93:80:02:9c:19:
                    bf:0e:c4:28:ef:86:c4:47:f4:c9:80:29:e7:f3:08:
                    76:a3:8f:cf:57:92:81:07:51:ba:41:1b:73:01:e5:
                    96:23:f4:fc:c9:d2:e7:4d:c2:02:0c:0f:5e:ab:26:
                    83:0b:a8:55:4a:6a:7e:54:c2:ea:b7:9d:58:92:fe:
                    01:ac:0f:a5:1d:64:8b:cb:77:22:ea:4f:39:86:4c:
                    19:35:c9:94:dc:e9:3b:28:a2:b3:2d:f1:cf:4e:11:
                    fe:b6:e0:29:84:e1:71:9b:31:61:b5:b6:28:d0:38:
                    0e:5c:db:ac:a8:67:71:13:19:c8:6d:a6:9e:b5:ce:
                    28:14:ca:3c:0f:e4:22:ea:28:e4:54:72:8f:53:72:
                    b1:74:a6:1e:0a:3d:4f:32:d1:b7:39:e3:1e:5e:83:
                    62:0c:0f:8f:1f:b0:fc:ea:85:98:84:17:b6:6e:3b:
                    07:b5:dc:c2:cd:07:f3:1f:ce:3c:ed:40:f0:4c:fc:
                    1f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:71:F8:0F:E4:A8:C9:7E:C9:5D:C0:53:93:9C:A1:E9:95:F4:57:79
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iHH4D-SoyX7JXcBTk5yh6ZX0V3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:34:87:78:9d:57:c3:23:46:21:5f:77:b0:5b:0b:6e:c6:58:
         c5:10:f3:09:33:77:ce:74:d0:c6:22:19:55:14:ce:75:cb:fd:
         01:02:e6:42:b3:9e:7a:24:ec:6f:0d:30:52:7a:37:fa:2f:1b:
         85:0c:33:c7:df:6d:18:d9:48:ee:be:6c:a8:fb:f3:8c:1c:4c:
         b3:15:c1:e5:eb:5c:68:d5:be:fb:cd:7c:8d:0e:27:0c:0b:c9:
         b1:c8:9d:33:b1:ef:be:50:c1:3e:3f:9f:3e:47:06:68:d8:e5:
         e6:76:b8:d9:13:29:27:6c:ff:99:d4:35:59:7a:cd:85:7a:bf:
         ca:24:ee:0e:2b:50:68:43:6f:63:ec:71:be:5e:d4:b2:6b:71:
         c4:84:35:f3:d7:23:7b:b5:3f:2b:47:cc:eb:c2:74:fd:42:50:
         fc:74:8c:a9:4f:71:86:27:34:de:0a:2a:a4:b9:9a:af:eb:34:
         be:c2:05:0c:3d:6c:40:96:e0:a2:8c:09:65:50:55:ae:8b:ba:
         75:30:e6:54:35:fe:c1:98:34:d0:39:e3:04:5f:23:b8:39:3c:
         6c:19:f4:2f:9e:b5:c9:a5:22:68:d1:92:1d:71:91:26:83:93:
         27:51:b8:5a:dc:e2:2c:ce:d3:d6:5a:b2:8e:a3:93:11:97:af:
         20:43:a0:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWX9pxsU3W/BsyRjPXzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODcxZjgwZmU0YThjOTdlYzk1ZGMwNTM5MzljYTFlOTk1ZjQ1Nzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjfNGxsdocrns2MXCaeBa3+Vxt3h
D7AEroQjNgGtd2qTy0L8h8t7PNQHZFmyJRvJUkiKNI4tUWT6NOhN8NV41CdQZ0mL
k4ACnBm/DsQo74bER/TJgCnn8wh2o4/PV5KBB1G6QRtzAeWWI/T8ydLnTcICDA9e
qyaDC6hVSmp+VMLqt51Ykv4BrA+lHWSLy3ci6k85hkwZNcmU3Ok7KKKzLfHPThH+
tuAphOFxmzFhtbYo0DgOXNusqGdxExnIbaaetc4oFMo8D+Qi6ijkVHKPU3KxdKYe
Cj1PMtG3OeMeXoNiDA+PH7D86oWYhBe2bjsHtdzCzQfzH8487UDwTPwfBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhx+A/kqMl+yV3AU5OcoemV9Fd5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaUhINEQtU295WDdKWGNCVGs1eWg2WlgwVjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWEMA0G
CSqGSIb3DQEBCwUAA4IBAQAjNId4nVfDI0YhX3ewWwtuxljFEPMJM3fOdNDGIhlV
FM51y/0BAuZCs556JOxvDTBSejf6LxuFDDPH320Y2Ujuvmyo+/OMHEyzFcHl61xo
1b77zXyNDicMC8mxyJ0zse++UME+P58+RwZo2OXmdrjZEyknbP+Z1DVZes2Fer/K
JO4OK1BoQ29j7HG+XtSya3HEhDXz1yN7tT8rR8zrwnT9QlD8dIypT3GGJzTeCiqk
uZqv6zS+wgUMPWxAluCijAllUFWui7p1MOZUNf7BmDTQOeMEXyO4OTxsGfQvnrXJ
pSJo0ZIdcZEmg5MnUbha3OIsztPWWrKOo5MRl68gQ6Ar
-----END CERTIFICATE-----