Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rzzw0NQ1I3ph0oXk_-2vIO2XykY.roa
File:                     rzzw0NQ1I3ph0oXk_-2vIO2XykY.roa (raw, json)
Hash identifier:          ZZEeEGL5i9RoXjoLADgJ0Q2yHByAjeu4Cnrp9TDDHYc=
Subject key identifier:   AF:3C:F0:D0:D4:35:23:7A:61:D2:85:E4:FF:ED:AF:20:ED:97:CA:46
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FA121441C4CDBBD647697190ABD2F8DA6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rzzw0NQ1I3ph0oXk_-2vIO2XykY.roa
Signing time:             Wed 22 May 2024 16:27:42 +0000
ROA not before:           Wed 22 May 2024 16:27:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215287
IP address blocks:        89.213.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 20:23:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a1:21:44:1c:4c:db:bd:64:76:97:19:0a:bd:2f:8d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 22 16:27:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af3cf0d0d435237a61d285e4ffedaf20ed97ca46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a0:7f:94:ba:ed:48:e0:73:36:c8:12:d6:ce:
                    ba:76:ed:bb:66:26:28:1c:f0:3f:67:4a:3e:40:13:
                    df:f1:6b:0a:31:08:1b:7f:35:67:04:f6:c8:61:36:
                    55:af:4d:02:f6:32:52:d2:2e:36:43:f1:a0:e4:eb:
                    21:0e:79:de:87:fd:67:f8:9c:4b:d4:2b:9d:2b:5c:
                    7e:74:42:d0:55:4c:f0:b5:b2:21:27:db:54:79:34:
                    02:46:d1:2d:b1:e6:34:a3:dd:ae:15:ed:09:6c:7f:
                    20:7d:dd:57:8a:ef:ea:91:fb:13:70:a9:45:cb:06:
                    7e:39:3b:01:f3:b1:cb:f8:08:91:29:b9:2c:f9:f0:
                    99:e1:2d:dc:96:5e:e0:5c:e2:03:72:a0:7f:20:26:
                    1c:d6:a4:f5:12:ae:05:cd:09:6b:4b:de:bb:96:b0:
                    35:b6:0c:da:b8:ff:7d:c6:db:03:fd:2a:d2:bd:4c:
                    ca:2c:46:a6:ee:57:3e:8c:c3:1f:fb:ab:c1:b1:72:
                    7c:f8:8f:f4:d1:c8:0e:81:1d:96:bb:7c:a2:6c:7d:
                    ee:7c:d4:13:32:61:67:0c:24:f0:78:f7:e8:41:be:
                    d7:7b:83:4d:ce:bc:c5:f6:d7:0c:c9:8d:f4:b9:12:
                    01:1b:2a:8c:67:50:4c:86:57:4f:49:58:78:2a:02:
                    ad:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:3C:F0:D0:D4:35:23:7A:61:D2:85:E4:FF:ED:AF:20:ED:97:CA:46
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rzzw0NQ1I3ph0oXk_-2vIO2XykY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c6:41:ea:89:3a:80:c2:49:88:48:0c:95:0c:69:f0:79:d8:
         bb:1c:22:3a:42:68:c4:fd:8e:27:3a:11:32:14:f3:d5:76:b0:
         6b:f9:b2:d0:0f:dd:da:57:e0:98:d1:55:ef:cb:18:d5:8d:b4:
         1e:19:42:e4:0a:da:24:56:e6:81:fe:81:04:9f:78:b1:f6:5a:
         de:20:68:37:2d:b7:ba:44:67:be:84:85:51:c4:fe:87:d9:6f:
         e0:ed:76:36:f1:ad:a0:9e:83:f3:f6:ec:b9:e1:ec:f4:3a:f0:
         d0:25:d3:7b:89:31:65:95:96:22:1b:5a:26:b7:3d:f6:4a:1d:
         9f:e0:7f:27:46:f0:7c:10:0c:76:30:cb:fb:12:96:25:16:40:
         b8:30:57:94:7d:63:33:d3:02:99:99:f5:9c:3b:c2:42:f4:73:
         e6:69:6f:a1:15:8b:d9:8a:b1:4d:9f:dc:3d:e1:74:6d:c5:06:
         26:dd:2a:7d:5e:55:a2:40:b0:de:00:08:52:4b:ad:79:6c:db:
         14:7f:03:25:6f:ef:a1:54:95:83:a4:bc:26:c7:aa:76:c4:a8:
         6c:f2:1d:e2:44:62:03:25:da:f4:0b:97:3c:c3:3b:1d:93:eb:
         e3:a7:a7:17:65:9f:76:1d:ef:7d:b6:b4:2e:68:60:93:ba:fe:
         74:c1:6a:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+hIUQcTNu9ZHaXGQq9L42mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIyMTYyNzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNjZjBkMGQ0MzUyMzdhNjFkMjg1ZTRmZmVkYWYyMGVkOTdjYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKB/lLrtSOBzNsgS1s66du27ZiYo
HPA/Z0o+QBPf8WsKMQgbfzVnBPbIYTZVr00C9jJS0i42Q/Gg5OshDnneh/1n+JxL
1CudK1x+dELQVUzwtbIhJ9tUeTQCRtEtseY0o92uFe0JbH8gfd1Xiu/qkfsTcKlF
ywZ+OTsB87HL+AiRKbks+fCZ4S3cll7gXOIDcqB/ICYc1qT1Eq4FzQlrS967lrA1
tgzauP99xtsD/SrSvUzKLEam7lc+jMMf+6vBsXJ8+I/00cgOgR2Wu3yibH3ufNQT
MmFnDCTwePfoQb7Xe4NNzrzF9tcMyY30uRIBGyqMZ1BMhldPSVh4KgKtBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK888NDUNSN6YdKF5P/tryDtl8pGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcnp6dzBOUTFJM3BoMG9Ya18tMnZJTzJYeWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXvMA0G
CSqGSIb3DQEBCwUAA4IBAQCaxkHqiTqAwkmISAyVDGnwedi7HCI6QmjE/Y4nOhEy
FPPVdrBr+bLQD93aV+CY0VXvyxjVjbQeGULkCtokVuaB/oEEn3ix9lreIGg3Lbe6
RGe+hIVRxP6H2W/g7XY28a2gnoPz9uy54ez0OvDQJdN7iTFllZYiG1omtz32Sh2f
4H8nRvB8EAx2MMv7EpYlFkC4MFeUfWMz0wKZmfWcO8JC9HPmaW+hFYvZirFNn9w9
4XRtxQYm3Sp9XlWiQLDeAAhSS615bNsUfwMlb++hVJWDpLwmx6p2xKhs8h3iRGID
Jdr0C5c8wzsdk+vjp6cXZZ92He99trQuaGCTuv50wWp8
-----END CERTIFICATE-----