Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tMtRIn7ltQxFT19WlUS7dDRMNAI.roa
File:                     tMtRIn7ltQxFT19WlUS7dDRMNAI.roa (raw, json)
Hash identifier:          EtyNseow40eWBwKxQ5epqmGF+X3L+ExDYk5OeseMT0M=
Subject key identifier:   B4:CB:51:22:7E:E5:B5:0C:45:4F:5F:56:95:44:BB:74:34:4C:34:02
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143D5140CCEDDB4DA6D02A5492AD9A4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tMtRIn7ltQxFT19WlUS7dDRMNAI.roa
Signing time:             Wed 01 Jan 2025 09:48:01 +0000
ROA not before:           Wed 01 Jan 2025 09:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16125
IP address blocks:        89.213.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d5:14:0c:ce:dd:b4:da:6d:02:a5:49:2a:d9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4cb51227ee5b50c454f5f569544bb74344c3402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:36:45:fc:74:cc:7c:8c:f2:eb:d3:c9:63:
                    af:9c:0e:3c:6c:c0:be:c2:de:4e:b9:c7:8b:80:dd:
                    e1:a0:f2:68:ca:f3:d2:3f:f0:3d:af:bb:6f:28:6c:
                    30:77:eb:d3:05:9d:01:d9:04:75:7d:ab:f1:d8:85:
                    29:55:79:40:94:f1:27:ba:54:be:43:e9:fa:99:51:
                    41:b6:f5:43:66:b9:3c:8d:9c:bd:bb:71:c2:c9:4b:
                    38:71:3e:19:b4:b5:a8:b8:9c:e4:58:fc:5c:06:60:
                    d1:0e:76:2b:2c:0b:5a:80:38:6e:9e:cc:0e:9f:45:
                    d1:f5:c1:91:f0:52:ec:bf:6c:26:9d:dd:30:0a:15:
                    96:d6:52:c6:94:1f:3e:cc:82:7a:f7:47:02:3c:1f:
                    18:b2:46:e5:69:8a:ad:de:7a:0f:af:f3:96:64:5d:
                    d9:e0:44:fa:4d:31:dd:32:51:dc:86:6c:01:ba:70:
                    88:c3:2d:db:f5:db:c4:5d:cb:37:12:9d:5c:3a:39:
                    17:12:8c:db:14:05:c5:94:84:0b:8d:86:ff:1c:6a:
                    07:e7:d7:9e:9f:6f:e5:92:98:d3:2d:e5:4d:3b:fe:
                    e6:36:bb:49:33:de:60:97:79:a2:a7:8b:21:ad:7b:
                    3e:3a:89:c5:14:d4:fd:97:19:61:f7:d6:39:3a:7d:
                    92:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:CB:51:22:7E:E5:B5:0C:45:4F:5F:56:95:44:BB:74:34:4C:34:02
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tMtRIn7ltQxFT19WlUS7dDRMNAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:de:ed:ab:cc:fc:a3:6e:86:b6:5a:c8:2f:d3:17:c2:51:5c:
         5c:28:df:71:3e:2e:fe:ef:43:c2:3c:18:f8:02:6b:d4:0e:7d:
         82:f3:78:53:9e:c9:51:4a:15:08:34:e2:28:4e:06:26:82:c3:
         b2:fd:b1:26:78:91:d7:b2:99:76:07:b4:fb:7f:74:06:d7:e9:
         4d:0f:76:56:d9:d3:c2:1d:34:c9:28:43:7d:fc:4f:4c:4b:81:
         61:14:59:f2:ef:c8:92:da:5f:2d:ee:c8:91:ff:1c:55:94:8c:
         ff:69:bf:a3:8f:20:97:39:2b:57:df:df:b7:cf:0d:be:a3:84:
         d7:11:3b:d8:d9:a9:9c:a0:00:60:8c:ee:b0:b3:3f:14:5b:02:
         04:2e:8a:3e:34:de:1d:fe:a6:e4:93:ed:5b:34:a2:42:86:2c:
         39:29:e8:f8:4e:11:bf:92:88:c4:d6:ce:0f:99:2e:6c:14:6b:
         75:3f:f7:76:8d:39:da:d0:0f:89:aa:a5:01:a8:b7:0a:00:6c:
         48:6d:84:18:9f:52:ad:69:fc:51:af:f7:25:e4:ae:e1:47:52:
         49:68:7f:a2:b2:a8:52:0b:c7:e9:64:12:96:48:88:bd:62:00:
         fd:42:db:b8:2e:a9:48:4e:25:e7:5d:83:a9:ec:91:13:95:a0:
         65:51:87:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9UUDM7dtNptAqVJKtmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGNiNTEyMjdlZTViNTBjNDU0ZjVmNTY5NTQ0YmI3NDM0NGMzNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtio2Rfx0zHyM8uvTyWOvnA48bMC+
wt5OuceLgN3hoPJoyvPSP/A9r7tvKGwwd+vTBZ0B2QR1favx2IUpVXlAlPEnulS+
Q+n6mVFBtvVDZrk8jZy9u3HCyUs4cT4ZtLWouJzkWPxcBmDRDnYrLAtagDhunswO
n0XR9cGR8FLsv2wmnd0wChWW1lLGlB8+zIJ690cCPB8YskblaYqt3noPr/OWZF3Z
4ET6TTHdMlHchmwBunCIwy3b9dvEXcs3Ep1cOjkXEozbFAXFlIQLjYb/HGoH59ee
n2/lkpjTLeVNO/7mNrtJM95gl3mip4shrXs+OonFFNT9lxlh99Y5On2SuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTLUSJ+5bUMRU9fVpVEu3Q0TDQCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdE10UkluN2x0UXhGVDE5V2xVUzdkRFJNTkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdX+MA0G
CSqGSIb3DQEBCwUAA4IBAQCb3u2rzPyjboa2Wsgv0xfCUVxcKN9xPi7+70PCPBj4
AmvUDn2C83hTnslRShUINOIoTgYmgsOy/bEmeJHXspl2B7T7f3QG1+lND3ZW2dPC
HTTJKEN9/E9MS4FhFFny78iS2l8t7siR/xxVlIz/ab+jjyCXOStX39+3zw2+o4TX
ETvY2amcoABgjO6wsz8UWwIELoo+NN4d/qbkk+1bNKJChiw5Kej4ThG/kojE1s4P
mS5sFGt1P/d2jTna0A+JqqUBqLcKAGxIbYQYn1KtafxRr/cl5K7hR1JJaH+isqhS
C8fpZBKWSIi9YgD9Qtu4LqlITiXnXYOp7JETlaBlUYdp
-----END CERTIFICATE-----