Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvbHrqHMPriILCDVrb25G16PJBk.roa
File:                     mvbHrqHMPriILCDVrb25G16PJBk.roa (raw, json)
Hash identifier:          kHNoSeyvBSiZzsbUTCVSgXEnPG9yn8q96YOorcfmsV8=
Subject key identifier:   9A:F6:C7:AE:A1:CC:3E:B8:88:2C:20:D5:AD:BD:B9:1B:5E:8F:24:19
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144067049E68E2BC95B3FD30D3AC14F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvbHrqHMPriILCDVrb25G16PJBk.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205091
IP address blocks:        89.213.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:06:70:49:e6:8e:2b:c9:5b:3f:d3:0d:3a:c1:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9af6c7aea1cc3eb8882c20d5adbdb91b5e8f2419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9e:d4:45:14:0b:4f:52:43:b8:f4:66:82:df:
                    81:1b:c2:ad:45:f4:0b:ca:73:02:a7:ab:e9:e0:61:
                    f9:61:91:79:a2:33:88:43:93:8d:c7:f6:00:46:75:
                    cc:0f:3f:d1:86:12:4b:63:af:ec:4c:22:d1:d3:03:
                    ce:f9:eb:95:43:98:8d:72:8f:e6:c3:13:4c:a1:a6:
                    2a:53:14:77:19:ac:dc:85:b3:d7:a3:02:10:8d:e9:
                    72:44:03:e8:ce:2d:e9:5d:8e:4e:c5:ca:67:32:95:
                    a8:e9:4d:45:08:7f:4f:6e:b1:39:9d:90:e0:81:e4:
                    6e:d1:0e:4d:9c:d5:4e:31:46:fc:99:77:a5:31:ef:
                    b1:76:61:1f:d3:65:b4:9c:61:5c:df:7a:46:1b:06:
                    62:94:60:e6:d7:ea:c7:68:b8:4b:4b:01:c4:24:06:
                    5a:d9:8e:e7:43:08:a2:b2:12:e6:0d:15:82:f4:d2:
                    06:4e:e1:d1:8e:70:9d:59:ef:4e:25:c4:61:4a:0a:
                    88:48:c5:f6:47:1d:f1:28:ed:2f:82:20:a8:be:0a:
                    5a:52:ca:bf:19:08:75:51:da:84:34:a4:9f:0b:2a:
                    3b:9e:3d:4a:4c:05:4c:35:d6:01:8e:59:ef:b2:9c:
                    82:8b:8b:99:bb:4b:5a:19:c7:1d:37:80:08:3f:d7:
                    85:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F6:C7:AE:A1:CC:3E:B8:88:2C:20:D5:AD:BD:B9:1B:5E:8F:24:19
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvbHrqHMPriILCDVrb25G16PJBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:6f:11:68:c1:42:c6:4e:35:a5:4b:0c:d7:c9:ef:f4:f5:e0:
         c4:ab:88:02:87:0f:9f:72:da:61:7a:2c:14:60:71:b8:23:50:
         8e:12:42:9b:31:16:d9:d6:da:6c:40:53:1a:8d:48:0e:18:5d:
         70:a2:b8:22:df:9b:03:9b:a1:ef:1d:40:67:49:bb:ee:22:42:
         d6:d8:3f:3b:91:8e:f2:af:0e:32:e3:05:19:6c:13:4b:dd:89:
         a8:7d:31:0e:61:e5:c2:10:79:1c:d4:9c:a7:0e:8f:a0:a6:54:
         ca:7c:b3:eb:e9:65:25:d7:04:8d:7c:e5:0c:4d:58:89:b7:d4:
         80:a3:59:bf:db:d2:83:bb:76:d0:69:43:28:54:d9:83:a2:b8:
         7c:ef:6a:e5:be:34:25:de:3b:e1:23:75:d7:fe:44:e0:ee:4f:
         58:d0:81:5b:f5:87:e7:e4:7d:c8:e5:20:1b:e9:d9:7f:d3:2d:
         a0:9c:c5:44:d4:16:b5:ae:1a:85:c6:83:25:45:da:fe:15:97:
         b3:89:d9:8b:5d:22:51:76:16:b9:14:ac:eb:a5:d7:df:6b:cd:
         fa:1a:f9:e7:f9:65:4e:8e:f4:cb:68:cb:2b:07:38:5c:5c:49:
         92:50:64:7f:22:1b:d5:0f:f7:59:d5:f5:e8:f5:eb:e8:f5:e3:
         19:50:58:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAZwSeaOK8lbP9MNOsFPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY2YzdhZWExY2MzZWI4ODgyYzIwZDVhZGJkYjkxYjVlOGYyNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn57URRQLT1JDuPRmgt+BG8KtRfQL
ynMCp6vp4GH5YZF5ojOIQ5ONx/YARnXMDz/RhhJLY6/sTCLR0wPO+euVQ5iNco/m
wxNMoaYqUxR3GazchbPXowIQjelyRAPozi3pXY5OxcpnMpWo6U1FCH9PbrE5nZDg
geRu0Q5NnNVOMUb8mXelMe+xdmEf02W0nGFc33pGGwZilGDm1+rHaLhLSwHEJAZa
2Y7nQwiishLmDRWC9NIGTuHRjnCdWe9OJcRhSgqISMX2Rx3xKO0vgiCovgpaUsq/
GQh1UdqENKSfCyo7nj1KTAVMNdYBjlnvspyCi4uZu0taGccdN4AIP9eFLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJr2x66hzD64iCwg1a29uRtejyQZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbXZiSHJxSE1QcmlJTENEVnJiMjVHMTZQSkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXuMA0G
CSqGSIb3DQEBCwUAA4IBAQAmbxFowULGTjWlSwzXye/09eDEq4gChw+fctpheiwU
YHG4I1COEkKbMRbZ1tpsQFMajUgOGF1worgi35sDm6HvHUBnSbvuIkLW2D87kY7y
rw4y4wUZbBNL3YmofTEOYeXCEHkc1JynDo+gplTKfLPr6WUl1wSNfOUMTViJt9SA
o1m/29KDu3bQaUMoVNmDorh872rlvjQl3jvhI3XX/kTg7k9Y0IFb9Yfn5H3I5SAb
6dl/0y2gnMVE1Ba1rhqFxoMlRdr+FZezidmLXSJRdha5FKzrpdffa836Gvnn+WVO
jvTLaMsrBzhcXEmSUGR/IhvVD/dZ1fXo9evo9eMZUFii
-----END CERTIFICATE-----