Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uU0xyia_Mn1DuPDvuFi-E0m5YvM.roa
File:                     uU0xyia_Mn1DuPDvuFi-E0m5YvM.roa (raw, json)
Hash identifier:          j2aYHpbDk8RF1M6aV2IJ4BIfJzpBcJYYaevYGiSjpHs=
Subject key identifier:   B9:4D:31:CA:26:BF:32:7D:43:B8:F0:EF:B8:58:BE:13:49:B9:62:F3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143FB833D289B5D563055B4E92A4793
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uU0xyia_Mn1DuPDvuFi-E0m5YvM.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        89.213.206.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fb:83:3d:28:9b:5d:56:30:55:b4:e9:2a:47:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b94d31ca26bf327d43b8f0efb858be1349b962f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cd:cf:8b:a3:d0:b5:d4:1d:8e:9e:64:1a:c8:
                    56:80:08:68:03:4e:15:63:73:68:97:d3:00:75:f3:
                    9d:70:25:8f:73:5c:69:05:2f:f0:e2:2d:ff:88:0d:
                    20:d0:1c:d1:3d:dd:96:47:32:5c:15:41:6f:48:f9:
                    95:c7:ef:dd:fd:c0:34:7f:24:04:1c:aa:b4:3f:80:
                    7a:04:7f:a5:cb:b5:d4:4c:4c:f0:97:79:91:b6:a0:
                    b3:02:58:5c:d8:ee:d0:3d:9f:98:1f:92:67:7e:8e:
                    84:65:86:96:aa:47:03:a9:92:a5:f2:37:08:70:d9:
                    a6:94:d6:67:44:de:db:9b:bc:7e:b7:7c:22:7e:9e:
                    98:0a:02:0f:74:00:b1:a2:5e:81:57:84:38:18:98:
                    27:40:49:06:06:73:bb:ff:ad:3f:b8:bf:09:25:c3:
                    3c:98:6e:36:8d:49:7e:d0:4d:f3:1a:15:4e:ed:db:
                    01:26:fe:5c:f3:70:84:63:91:40:2a:fb:56:2e:35:
                    c6:5a:e8:31:d9:8b:11:8d:d4:af:5f:77:ee:6d:48:
                    96:5a:91:e4:b4:62:4d:ad:c5:c4:50:b0:5a:fe:f7:
                    c1:02:b6:08:34:01:27:4d:d8:fa:8b:cc:fe:be:63:
                    fc:d1:cc:4a:0c:1e:84:b3:39:13:d3:3c:70:b5:d6:
                    e1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4D:31:CA:26:BF:32:7D:43:B8:F0:EF:B8:58:BE:13:49:B9:62:F3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uU0xyia_Mn1DuPDvuFi-E0m5YvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:4f:5a:56:a7:e9:fe:b6:9c:c7:81:ec:33:8e:68:94:3c:db:
         38:d6:12:77:fa:a8:d9:d1:51:12:88:57:06:21:07:75:ef:1b:
         68:0b:b9:a8:ab:c6:bc:c2:ca:96:ca:6e:e3:ea:71:5e:ca:23:
         7c:0e:05:2f:b4:05:19:c9:5b:ee:7a:3b:13:53:4f:8e:fe:dc:
         dd:54:97:d4:38:ea:87:92:f4:7d:ee:e4:85:68:5e:92:40:9d:
         ce:27:3f:54:a9:5e:59:c3:4c:30:c9:ba:e3:9b:32:9e:37:a9:
         a0:8f:a4:41:07:45:6e:6c:b4:89:ec:a6:c1:83:c1:15:59:5a:
         ce:d6:8e:71:c6:08:b5:33:2e:21:cd:ed:8b:dd:6b:53:dc:bf:
         32:58:57:3b:4c:78:1b:a7:62:93:2d:b0:87:40:6e:25:03:6c:
         68:74:e2:70:12:d6:72:fc:87:b0:f6:7b:ac:d7:c6:bd:19:f8:
         dc:c0:7e:c8:c1:52:f8:bd:1c:09:9c:ce:f0:92:72:ec:c3:29:
         53:bb:9f:0a:32:36:7e:33:d4:63:42:b8:f2:f8:dc:8e:36:f6:
         09:e0:eb:a7:08:89:b1:ab:56:cc:11:88:14:1a:6b:1d:cc:c9:
         60:f8:95:bd:3a:7c:a1:bd:f0:52:8b:bc:da:f5:ee:23:1c:c6:
         64:1d:e1:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/uDPSibXVYwVbTpKkeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRkMzFjYTI2YmYzMjdkNDNiOGYwZWZiODU4YmUxMzQ5Yjk2MmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks3Pi6PQtdQdjp5kGshWgAhoA04V
Y3Nol9MAdfOdcCWPc1xpBS/w4i3/iA0g0BzRPd2WRzJcFUFvSPmVx+/d/cA0fyQE
HKq0P4B6BH+ly7XUTEzwl3mRtqCzAlhc2O7QPZ+YH5Jnfo6EZYaWqkcDqZKl8jcI
cNmmlNZnRN7bm7x+t3wifp6YCgIPdACxol6BV4Q4GJgnQEkGBnO7/60/uL8JJcM8
mG42jUl+0E3zGhVO7dsBJv5c83CEY5FAKvtWLjXGWugx2YsRjdSvX3fubUiWWpHk
tGJNrcXEULBa/vfBArYINAEnTdj6i8z+vmP80cxKDB6EszkT0zxwtdbhvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlNMcomvzJ9Q7jw77hYvhNJuWLzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdVUweHlpYV9NbjFEdVBEdnVGaS1FMG01WXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdXOMA0G
CSqGSIb3DQEBCwUAA4IBAQBWT1pWp+n+tpzHgewzjmiUPNs41hJ3+qjZ0VESiFcG
IQd17xtoC7moq8a8wsqWym7j6nFeyiN8DgUvtAUZyVvuejsTU0+O/tzdVJfUOOqH
kvR97uSFaF6SQJ3OJz9UqV5Zw0wwybrjmzKeN6mgj6RBB0VubLSJ7KbBg8EVWVrO
1o5xxgi1My4hze2L3WtT3L8yWFc7THgbp2KTLbCHQG4lA2xodOJwEtZy/Iew9nus
18a9GfjcwH7IwVL4vRwJnM7wknLswylTu58KMjZ+M9RjQrjy+NyONvYJ4OunCImx
q1bMEYgUGmsdzMlg+JW9OnyhvfBSi7za9e4jHMZkHeHp
-----END CERTIFICATE-----