Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvRY63-uAvz-cWpkdE_uKxYZNqk.roa
File:                     mvRY63-uAvz-cWpkdE_uKxYZNqk.roa (raw, json)
Hash identifier:          1cVSB66HwbFv7CeKp92nkwDVzhqRtBXqf3ZhP0aBKNk=
Subject key identifier:   9A:F4:58:EB:7F:AE:02:FC:FE:71:6A:64:74:4F:EE:2B:16:19:36:A9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E7479BBB6D3C910AD2A235D051A1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvRY63-uAvz-cWpkdE_uKxYZNqk.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50321
IP address blocks:        89.213.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e7:47:9b:bb:6d:3c:91:0a:d2:a2:35:d0:51:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9af458eb7fae02fcfe716a64744fee2b161936a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d0:5e:d1:75:0a:08:3f:62:0d:3a:cf:43:e2:
                    16:19:8b:81:eb:35:89:9e:aa:7e:36:4c:06:39:68:
                    0a:d2:7a:58:1a:46:7f:2c:45:a0:f9:62:03:f4:75:
                    be:60:56:b3:cd:0c:df:35:b0:f6:55:22:ad:33:c9:
                    89:c0:32:a7:53:d3:c5:41:aa:4c:b8:0a:b2:97:98:
                    3a:60:dd:3c:22:76:a7:cc:bb:94:3f:89:fc:c7:88:
                    b2:a2:9d:a2:ef:1a:eb:d5:64:d2:5d:64:b9:ce:8e:
                    75:51:40:68:9f:45:42:db:00:0d:c1:b7:74:5e:6a:
                    55:da:30:24:3c:45:dc:45:25:8d:b2:8f:32:21:bd:
                    14:6f:1b:6b:97:38:91:0c:a9:20:e6:2b:17:8f:db:
                    64:74:55:14:a2:b1:31:16:fc:a9:1b:67:10:86:fe:
                    5b:19:b3:6a:e0:4f:92:8c:9b:01:47:19:63:40:d4:
                    c1:33:83:48:c7:83:2f:f0:c1:c6:32:0e:51:50:6a:
                    92:74:15:88:92:14:d7:ae:55:9e:cb:a9:4d:bd:33:
                    64:17:24:9b:7e:46:c5:b8:75:b4:0e:ba:f5:be:11:
                    e3:a4:18:86:0d:e8:5b:bf:d6:93:12:9d:a1:c9:6e:
                    8a:f9:c6:c9:0e:c1:ac:59:01:e9:b3:54:53:ee:07:
                    fd:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F4:58:EB:7F:AE:02:FC:FE:71:6A:64:74:4F:EE:2B:16:19:36:A9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvRY63-uAvz-cWpkdE_uKxYZNqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:f4:37:95:cf:05:3a:e6:18:37:d8:a1:5e:58:4b:b6:1c:0f:
         9c:be:26:3a:59:f2:50:d9:26:d4:01:44:5a:11:2b:d3:bf:93:
         56:76:8d:2c:9d:5f:49:92:23:0b:bc:5d:76:aa:bc:1b:79:ce:
         d1:81:94:65:19:5c:7b:9f:eb:61:5d:38:84:ff:eb:10:f3:eb:
         c9:e9:3a:b5:e2:0c:ff:08:b1:99:5a:ff:a2:8a:cd:6d:03:f9:
         38:01:3f:0b:c2:c2:77:07:d2:14:b0:f8:43:73:ce:cb:a1:db:
         6c:03:b9:5a:ea:53:b0:6e:eb:40:24:95:b1:68:59:0d:13:fa:
         8e:97:61:c5:04:88:ba:1d:06:e6:9c:57:84:84:e8:2f:fd:63:
         1d:55:9b:3b:00:cf:0d:b2:0f:10:37:4f:71:46:72:88:9c:a4:
         07:37:d5:04:a5:28:b6:d3:a5:69:14:50:36:0c:da:d4:5f:dc:
         20:11:2c:d7:70:5c:2d:d8:49:5a:9a:fa:1d:61:41:24:de:72:
         b0:c2:2e:5d:d5:0c:c4:fd:4f:d0:6f:da:9b:d5:92:4c:5e:aa:
         b7:e2:69:83:37:60:7e:07:ff:34:ed:8e:09:11:b8:d4:3e:69:
         aa:fa:47:aa:15:9c:bd:8d:1b:48:0d:4b:04:22:09:3f:8c:b8:
         4d:99:a0:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+dHm7ttPJEK0qI10FGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY0NThlYjdmYWUwMmZjZmU3MTZhNjQ3NDRmZWUyYjE2MTkzNmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09Be0XUKCD9iDTrPQ+IWGYuB6zWJ
nqp+NkwGOWgK0npYGkZ/LEWg+WID9HW+YFazzQzfNbD2VSKtM8mJwDKnU9PFQapM
uAqyl5g6YN08InanzLuUP4n8x4iyop2i7xrr1WTSXWS5zo51UUBon0VC2wANwbd0
XmpV2jAkPEXcRSWNso8yIb0UbxtrlziRDKkg5isXj9tkdFUUorExFvypG2cQhv5b
GbNq4E+SjJsBRxljQNTBM4NIx4Mv8MHGMg5RUGqSdBWIkhTXrlWey6lNvTNkFySb
fkbFuHW0Drr1vhHjpBiGDehbv9aTEp2hyW6K+cbJDsGsWQHps1RT7gf9RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJr0WOt/rgL8/nFqZHRP7isWGTapMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbXZSWTYzLXVBdnotY1dwa2RFX3VLeFlaTnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdVyMA0G
CSqGSIb3DQEBCwUAA4IBAQAD9DeVzwU65hg32KFeWEu2HA+cviY6WfJQ2SbUAURa
ESvTv5NWdo0snV9JkiMLvF12qrwbec7RgZRlGVx7n+thXTiE/+sQ8+vJ6Tq14gz/
CLGZWv+iis1tA/k4AT8LwsJ3B9IUsPhDc87LodtsA7la6lOwbutAJJWxaFkNE/qO
l2HFBIi6HQbmnFeEhOgv/WMdVZs7AM8Nsg8QN09xRnKInKQHN9UEpSi206VpFFA2
DNrUX9wgESzXcFwt2ElamvodYUEk3nKwwi5d1QzE/U/Qb9qb1ZJMXqq34mmDN2B+
B/807Y4JEbjUPmmq+keqFZy9jRtIDUsEIgk/jLhNmaAL
-----END CERTIFICATE-----