Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qSJVGMUAqwZgOUGBBbC8SbtMa-g.roa
File:                     qSJVGMUAqwZgOUGBBbC8SbtMa-g.roa (raw, json)
Hash identifier:          NwQuDHx/UK0wUMGUJSHkaH5zf9+K9jZBieKI+5b3oEE=
Subject key identifier:   A9:22:55:18:C5:00:AB:06:60:39:41:81:05:B0:BC:49:BB:4C:6B:E8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143FCAF83FA7AD36C2F3EE0EB5F6391
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qSJVGMUAqwZgOUGBBbC8SbtMa-g.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198100
IP address blocks:        89.213.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Feb 2025 12:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fc:af:83:fa:7a:d3:6c:2f:3e:e0:eb:5f:63:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9225518c500ab066039418105b0bc49bb4c6be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7e:1a:d2:75:60:e6:d4:26:e8:97:5b:f7:d5:
                    08:64:eb:ec:51:64:d7:35:c5:73:71:eb:81:7a:04:
                    1b:bd:39:0b:37:6b:ed:ae:39:74:a7:45:de:43:7f:
                    ee:24:11:fe:7d:cf:ed:97:aa:15:60:92:5a:7a:73:
                    51:18:59:a9:86:4d:1e:61:02:88:64:94:03:9d:92:
                    06:87:fc:b2:84:c2:ec:13:8d:49:bb:17:69:ff:42:
                    15:c4:67:24:7f:91:5e:f5:4d:ee:1a:39:be:82:67:
                    e4:f1:e9:61:67:7b:91:ac:e7:56:b6:f7:98:e3:43:
                    85:f4:78:52:95:fd:a5:f3:82:ea:e6:db:1f:f6:61:
                    c3:56:1f:49:6a:d0:dd:20:77:0f:13:e7:16:4c:31:
                    ac:11:60:c0:e6:18:33:20:0c:6a:20:d8:46:ff:a5:
                    f1:9c:24:52:b2:f6:8b:1c:c4:df:84:35:bc:81:b0:
                    74:1f:23:c4:69:96:ed:1b:f8:a9:91:35:45:1d:4c:
                    05:a5:d6:24:eb:42:34:75:d5:ee:71:08:ec:6b:17:
                    00:7f:46:2d:2f:99:9f:a5:e3:97:d4:dd:9d:7c:b3:
                    cb:29:b6:d8:be:dc:ad:20:17:a8:1c:9b:bb:50:3b:
                    94:46:30:d1:4c:7f:f1:d6:e4:93:5d:c0:3c:8f:a9:
                    df:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:22:55:18:C5:00:AB:06:60:39:41:81:05:B0:BC:49:BB:4C:6B:E8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qSJVGMUAqwZgOUGBBbC8SbtMa-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:d3:d0:55:c1:0c:9c:0b:88:96:ec:a2:e2:61:b8:fe:5f:e2:
         dc:68:59:ef:b5:20:86:17:8f:4d:be:38:9d:e0:60:17:44:69:
         50:a4:5c:99:76:e4:85:3f:f3:c2:9b:49:12:b2:70:fc:1e:38:
         87:6a:41:59:ca:36:77:fe:16:ad:9d:cc:6d:f8:f9:ab:f7:0e:
         53:7d:7d:dd:e6:d8:c9:cb:9f:b7:f3:b1:37:96:a2:40:24:87:
         9c:72:f1:50:ab:c4:47:5c:02:13:c5:09:dd:fb:71:55:2d:4e:
         09:6f:e1:31:cd:3e:e4:36:6b:bd:f9:d7:52:8f:22:6a:bc:75:
         27:fa:9e:b0:fa:43:95:e5:71:6a:a4:87:37:20:6e:fd:2f:66:
         07:c3:a6:74:29:a4:8a:b7:d0:0c:3d:8d:8f:03:85:25:08:b8:
         1e:be:5e:d1:cc:f2:79:1b:69:58:52:26:3d:d1:8e:45:c3:d6:
         d7:61:e6:8a:8f:2d:d3:f0:df:93:84:81:3e:14:3d:ae:b2:2c:
         6c:93:75:02:55:7d:32:7e:fe:05:ab:46:a8:75:88:2b:27:88:
         11:f7:db:f5:f8:d0:a2:41:1d:3e:ba:3a:bb:6d:8b:e3:57:cf:
         bf:79:10:4a:88:9c:93:fb:81:98:bb:9c:75:c7:a0:39:d0:db:
         b5:17:9c:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/yvg/p602wvPuDrX2ORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIyNTUxOGM1MDBhYjA2NjAzOTQxODEwNWIwYmM0OWJiNGM2YmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3n4a0nVg5tQm6Jdb99UIZOvsUWTX
NcVzceuBegQbvTkLN2vtrjl0p0XeQ3/uJBH+fc/tl6oVYJJaenNRGFmphk0eYQKI
ZJQDnZIGh/yyhMLsE41Juxdp/0IVxGckf5Fe9U3uGjm+gmfk8elhZ3uRrOdWtveY
40OF9HhSlf2l84Lq5tsf9mHDVh9JatDdIHcPE+cWTDGsEWDA5hgzIAxqINhG/6Xx
nCRSsvaLHMTfhDW8gbB0HyPEaZbtG/ipkTVFHUwFpdYk60I0ddXucQjsaxcAf0Yt
L5mfpeOX1N2dfLPLKbbYvtytIBeoHJu7UDuURjDRTH/x1uSTXcA8j6nfuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkiVRjFAKsGYDlBgQWwvEm7TGvoMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcVNKVkdNVUFxd1pnT1VHQkJiQzhTYnRNYS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWcMA0G
CSqGSIb3DQEBCwUAA4IBAQCj09BVwQycC4iW7KLiYbj+X+LcaFnvtSCGF49Nvjid
4GAXRGlQpFyZduSFP/PCm0kSsnD8HjiHakFZyjZ3/hatncxt+Pmr9w5TfX3d5tjJ
y5+387E3lqJAJIeccvFQq8RHXAITxQnd+3FVLU4Jb+ExzT7kNmu9+ddSjyJqvHUn
+p6w+kOV5XFqpIc3IG79L2YHw6Z0KaSKt9AMPY2PA4UlCLgevl7RzPJ5G2lYUiY9
0Y5Fw9bXYeaKjy3T8N+ThIE+FD2usixsk3UCVX0yfv4Fq0aodYgrJ4gR99v1+NCi
QR0+ujq7bYvjV8+/eRBKiJyT+4GYu5x1x6A50Nu1F5xY
-----END CERTIFICATE-----
Generated at Thu Feb 13 16:38:22 2025 by rpki-client