Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sTXguplcOmFFpqVNwkj3m19O4ag.roa
File:                     sTXguplcOmFFpqVNwkj3m19O4ag.roa (raw, json)
Hash identifier:          ujq9svJvi15hGmJmx4mUFkkQZOOu6saIgzbXTtU4iSQ=
Subject key identifier:   B1:35:E0:BA:99:5C:3A:61:45:A6:A5:4D:C2:48:F7:9B:5F:4E:E1:A8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421443A59E81A489D8D17CFA119CC7784
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sTXguplcOmFFpqVNwkj3m19O4ag.roa
Signing time:             Wed 01 Jan 2025 09:48:27 +0000
ROA not before:           Wed 01 Jan 2025 09:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     270176
IP address blocks:        89.213.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3a:59:e8:1a:48:9d:8d:17:cf:a1:19:cc:77:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b135e0ba995c3a6145a6a54dc248f79b5f4ee1a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:6a:ba:81:e2:28:81:d4:eb:b1:0e:46:13:fa:
                    35:f4:fa:20:31:85:31:1f:66:23:b1:5c:62:46:cd:
                    36:92:88:79:e6:f5:e5:5e:50:2d:72:1c:8c:3e:02:
                    c0:e2:19:51:97:29:a7:ad:30:b6:01:57:40:c4:a6:
                    75:62:27:e4:e2:e7:35:69:b7:4d:29:73:37:33:b8:
                    ef:af:79:af:83:ec:7d:c5:54:91:34:6c:ef:fc:61:
                    bc:a2:ba:40:fa:1c:06:d8:b0:4f:fc:87:1d:1b:06:
                    d7:53:3f:04:42:e8:1e:9d:37:da:bf:93:f3:4a:86:
                    0d:5c:a9:43:14:a8:dd:dc:04:35:5d:68:dd:eb:0c:
                    47:ef:b4:aa:22:76:97:d1:c7:f3:3e:1b:5c:23:95:
                    0e:c5:a7:fd:d5:0a:02:eb:44:91:be:f5:62:de:1e:
                    88:98:13:77:bb:da:e6:9a:3c:fc:25:66:62:0f:c9:
                    80:11:f1:7b:58:22:c1:07:90:24:c5:0c:cb:29:8d:
                    2d:c7:9d:bb:5b:2a:23:78:c1:96:0a:29:1f:28:e4:
                    a7:82:08:a5:fe:79:0e:a0:18:57:b3:3c:71:fb:33:
                    eb:a5:03:1f:0f:a3:99:0a:b5:e2:15:9e:d6:cd:98:
                    fc:78:e4:ea:43:31:c9:63:cf:f9:bb:61:c7:3f:18:
                    81:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:35:E0:BA:99:5C:3A:61:45:A6:A5:4D:C2:48:F7:9B:5F:4E:E1:A8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sTXguplcOmFFpqVNwkj3m19O4ag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:42:6f:5b:4b:b6:e0:a1:50:ed:38:07:ff:78:b5:14:41:99:
         91:e3:d6:2b:95:9c:6b:6b:06:2c:ad:1d:93:f3:16:9c:af:61:
         1e:e8:67:10:f6:f8:e8:f8:90:8d:57:0d:a7:a4:58:06:7a:04:
         22:79:87:61:28:62:6e:7f:47:85:b3:97:cf:91:9c:39:84:0e:
         5a:be:e4:e2:eb:b0:75:2d:79:61:8e:58:19:31:e7:71:b9:e7:
         ff:f8:43:f4:ca:68:c4:54:24:70:c3:92:8c:6f:b0:c8:fa:f6:
         81:61:62:b7:b6:66:17:1a:a8:ba:44:0e:21:04:e4:4a:21:4e:
         f9:23:4f:19:30:7f:a5:2a:4c:62:05:dd:47:aa:cc:ad:b8:69:
         16:16:c8:e9:e1:7f:40:6c:f8:7c:38:25:cb:44:5c:d7:10:99:
         ae:e4:d3:91:65:70:99:9c:81:c6:91:48:79:05:4c:c5:85:b4:
         5a:03:6e:8c:bc:c2:3a:6f:31:1c:a3:a5:cc:d1:de:5e:45:5d:
         35:df:82:39:92:a7:60:8e:44:cc:cd:f6:9b:39:d0:47:70:22:
         46:bd:a4:4a:69:1d:f0:45:7b:1c:c4:bc:f6:45:44:c8:8b:0c:
         c0:80:fc:9b:71:9a:d0:02:fb:13:a7:46:8d:b4:56:8a:e1:d5:
         fb:63:77:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDpZ6BpInY0Xz6EZzHeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTM1ZTBiYTk5NWMzYTYxNDVhNmE1NGRjMjQ4Zjc5YjVmNGVlMWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12q6geIogdTrsQ5GE/o19PogMYUx
H2YjsVxiRs02koh55vXlXlAtchyMPgLA4hlRlymnrTC2AVdAxKZ1Yifk4uc1abdN
KXM3M7jvr3mvg+x9xVSRNGzv/GG8orpA+hwG2LBP/IcdGwbXUz8EQugenTfav5Pz
SoYNXKlDFKjd3AQ1XWjd6wxH77SqInaX0cfzPhtcI5UOxaf91QoC60SRvvVi3h6I
mBN3u9rmmjz8JWZiD8mAEfF7WCLBB5AkxQzLKY0tx527WyojeMGWCikfKOSnggil
/nkOoBhXszxx+zPrpQMfD6OZCrXiFZ7WzZj8eOTqQzHJY8/5u2HHPxiBYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLE14LqZXDphRaalTcJI95tfTuGoMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc1RYZ3VwbGNPbUZGcHFWTndrajNtMTlPNGFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdVqMA0G
CSqGSIb3DQEBCwUAA4IBAQCpQm9bS7bgoVDtOAf/eLUUQZmR49YrlZxrawYsrR2T
8xacr2Ee6GcQ9vjo+JCNVw2npFgGegQieYdhKGJuf0eFs5fPkZw5hA5avuTi67B1
LXlhjlgZMedxuef/+EP0ymjEVCRww5KMb7DI+vaBYWK3tmYXGqi6RA4hBORKIU75
I08ZMH+lKkxiBd1HqsytuGkWFsjp4X9AbPh8OCXLRFzXEJmu5NORZXCZnIHGkUh5
BUzFhbRaA26MvMI6bzEco6XM0d5eRV0134I5kqdgjkTMzfabOdBHcCJGvaRKaR3w
RXscxLz2RUTIiwzAgPybcZrQAvsTp0aNtFaK4dX7Y3cG
-----END CERTIFICATE-----