Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/suYUiS2wBUSoIzv-f7E5V1-IFdc.roa
File:                     suYUiS2wBUSoIzv-f7E5V1-IFdc.roa (raw, json)
Hash identifier:          7bu5mjjCrtwR0st1pyQCWDZZ5WrVpfSuajm0QCZ8koU=
Subject key identifier:   B2:E6:14:89:2D:B0:05:44:A8:23:3B:FE:7F:B1:39:57:5F:88:15:D7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E1DA4700EF8C0F2212A926BA0736
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/suYUiS2wBUSoIzv-f7E5V1-IFdc.roa
Signing time:             Wed 01 Jan 2025 09:48:04 +0000
ROA not before:           Wed 01 Jan 2025 09:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44803
IP address blocks:        89.28.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e1:da:47:00:ef:8c:0f:22:12:a9:26:ba:07:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2e614892db00544a8233bfe7fb139575f8815d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5d:16:c7:59:43:fe:bd:03:91:88:e4:0e:de:
                    2c:a1:44:5a:eb:09:7d:c3:4d:64:f0:0e:f0:f8:4e:
                    1f:75:c1:a0:95:0e:00:ef:00:8d:95:c9:36:1d:33:
                    9d:17:89:25:4f:a9:91:c3:ae:31:20:af:b2:20:e8:
                    4c:30:92:06:d7:59:47:4a:df:3d:82:5c:4d:76:b9:
                    ef:8b:fb:1f:3e:74:23:8a:1a:9f:04:1d:88:18:17:
                    a0:25:85:22:23:da:41:53:3c:d9:00:d2:d9:0f:a5:
                    91:fe:e0:e4:59:ee:c3:56:91:a7:fb:20:cb:55:b9:
                    f5:85:4b:e7:c1:98:47:76:d9:58:ca:3a:df:02:78:
                    eb:b9:3d:99:61:8f:99:42:67:47:1d:f2:fb:af:b6:
                    a7:b4:40:51:5f:7b:55:5f:e7:b2:02:d3:b0:45:60:
                    64:02:51:0b:14:9a:3c:42:41:a8:f7:9c:20:8a:57:
                    0f:09:69:f7:28:02:65:5d:f3:60:68:c9:a5:0b:42:
                    a5:fd:60:0d:8d:7e:94:17:b8:d3:4a:db:74:b9:b1:
                    35:42:8c:8e:3d:95:77:56:f2:fc:05:9e:aa:12:76:
                    39:89:1c:a7:8a:62:67:56:d3:a1:c0:25:0e:3a:3e:
                    b1:76:7e:90:0b:78:2f:f4:b6:77:52:13:36:5e:df:
                    8c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E6:14:89:2D:B0:05:44:A8:23:3B:FE:7F:B1:39:57:5F:88:15:D7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/suYUiS2wBUSoIzv-f7E5V1-IFdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:a4:65:13:aa:e9:b2:02:5f:35:26:a0:26:ed:fe:88:51:c4:
         90:ae:2c:20:23:11:90:86:58:d9:8d:d4:06:ad:80:27:a3:fb:
         cf:ab:fe:bb:a9:88:ce:04:65:d2:29:dc:2b:0c:57:6c:4c:35:
         50:df:71:b4:53:f6:ae:a3:06:18:09:2f:6d:81:2b:97:cd:87:
         a6:2c:93:a7:0a:11:a7:85:d3:c5:af:04:03:94:5e:79:5c:4a:
         83:ca:b6:28:ec:a1:c4:9a:9b:b6:7f:86:46:12:f7:c6:80:9d:
         de:e9:31:16:27:0d:fc:53:60:04:a7:8c:d3:92:f3:68:69:37:
         1b:60:19:65:c7:85:d9:9f:33:20:c7:75:ba:87:71:a1:40:0a:
         fb:8b:1e:6a:3d:4b:bb:fc:eb:44:e1:d1:2a:f8:bf:ce:28:52:
         af:9e:74:dd:8d:85:46:20:29:77:37:55:2d:77:fe:2c:cf:89:
         ab:3c:40:af:6e:c2:1d:ad:8b:9e:50:e5:f0:1a:55:2b:1e:4c:
         49:ed:73:78:5c:01:9b:32:c4:f4:d2:7c:94:18:f9:5b:1f:b2:
         7a:11:c3:de:f3:4c:44:7f:38:4b:12:89:f3:43:72:61:21:a6:
         01:bc:17:21:6e:16:9c:59:49:54:98:89:61:5a:60:b3:72:de:
         a7:17:92:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+HaRwDvjA8iEqkmugc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmU2MTQ4OTJkYjAwNTQ0YTgyMzNiZmU3ZmIxMzk1NzVmODgxNWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF0Wx1lD/r0DkYjkDt4soURa6wl9
w01k8A7w+E4fdcGglQ4A7wCNlck2HTOdF4klT6mRw64xIK+yIOhMMJIG11lHSt89
glxNdrnvi/sfPnQjihqfBB2IGBegJYUiI9pBUzzZANLZD6WR/uDkWe7DVpGn+yDL
Vbn1hUvnwZhHdtlYyjrfAnjruT2ZYY+ZQmdHHfL7r7antEBRX3tVX+eyAtOwRWBk
AlELFJo8QkGo95wgilcPCWn3KAJlXfNgaMmlC0Kl/WANjX6UF7jTStt0ubE1QoyO
PZV3VvL8BZ6qEnY5iRynimJnVtOhwCUOOj6xdn6QC3gv9LZ3UhM2Xt+MqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLmFIktsAVEqCM7/n+xOVdfiBXXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc3VZVWlTMndCVVNvSXp2LWY3RTVWMS1JRmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzsMA0G
CSqGSIb3DQEBCwUAA4IBAQAIpGUTqumyAl81JqAm7f6IUcSQriwgIxGQhljZjdQG
rYAno/vPq/67qYjOBGXSKdwrDFdsTDVQ33G0U/auowYYCS9tgSuXzYemLJOnChGn
hdPFrwQDlF55XEqDyrYo7KHEmpu2f4ZGEvfGgJ3e6TEWJw38U2AEp4zTkvNoaTcb
YBllx4XZnzMgx3W6h3GhQAr7ix5qPUu7/OtE4dEq+L/OKFKvnnTdjYVGICl3N1Ut
d/4sz4mrPECvbsIdrYueUOXwGlUrHkxJ7XN4XAGbMsT00nyUGPlbH7J6EcPe80xE
fzhLEonzQ3JhIaYBvBchbhacWUlUmIlhWmCzct6nF5JT
-----END CERTIFICATE-----