Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v5PdTMP92oK707hkYTi4-macVSA.roa
File:                     v5PdTMP92oK707hkYTi4-macVSA.roa (raw, json)
Hash identifier:          QPVOMinnLJHft3TnK7vDWdtpI2RwCgoSLe5IJxBBE3Q=
Subject key identifier:   BF:93:DD:4C:C3:FD:DA:82:BB:D3:B8:64:61:38:B8:FA:66:9C:55:20
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019426983FBE87E765B6D5C1A8E81C56C211
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v5PdTMP92oK707hkYTi4-macVSA.roa
Signing time:             Thu 02 Jan 2025 10:38:19 +0000
ROA not before:           Thu 02 Jan 2025 10:38:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        89.213.197.0/24 maxlen: 24
                          194.105.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:98:3f:be:87:e7:65:b6:d5:c1:a8:e8:1c:56:c2:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  2 10:38:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf93dd4cc3fdda82bbd3b8646138b8fa669c5520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:99:c8:ae:96:dd:73:cb:e4:39:07:64:70:
                    3d:30:a2:d3:a2:b4:29:1f:f8:39:fc:39:d7:84:3d:
                    85:af:90:e6:5e:7f:71:78:ff:4a:15:c5:13:b0:9a:
                    6c:0d:e4:92:b3:79:2f:c9:04:63:12:1c:ae:53:a7:
                    42:80:55:52:f2:ae:d6:08:42:31:d4:6c:ba:b6:24:
                    f9:05:ed:76:b5:70:6a:37:91:07:2f:fd:11:cd:3f:
                    2f:85:a9:1a:6c:35:88:c7:c8:0e:a6:6c:20:43:a0:
                    38:dd:d9:28:c2:d0:89:36:b1:5f:64:ef:22:05:e4:
                    76:00:15:86:51:9d:96:4d:42:c0:6e:dd:98:66:d8:
                    27:8f:90:43:6d:77:24:a9:57:53:cc:7e:77:89:61:
                    38:0a:bc:f4:c4:80:ce:68:56:29:b9:30:d1:14:08:
                    b2:49:e6:dc:ad:7d:04:0f:8f:57:ae:4a:4a:52:79:
                    92:db:ee:6b:1a:7e:66:16:9a:1f:55:8c:d0:f7:dc:
                    2a:3f:c1:ed:4b:85:97:51:e9:05:03:56:71:79:b8:
                    2f:a8:09:be:69:54:52:58:e3:83:56:2d:91:37:70:
                    b8:db:be:b3:64:04:fb:09:14:32:2a:b5:b5:9a:53:
                    1e:99:b7:d5:99:9c:49:16:26:cc:24:28:02:14:65:
                    28:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:93:DD:4C:C3:FD:DA:82:BB:D3:B8:64:61:38:B8:FA:66:9C:55:20
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v5PdTMP92oK707hkYTi4-macVSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.197.0/24
                  194.105.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:02:d8:fd:ba:ee:24:7d:48:8d:83:cd:75:25:0b:c7:72:fd:
         e9:f3:12:85:f2:1b:49:13:39:ab:d8:44:15:d5:b0:fd:ab:e5:
         b1:dd:d2:ce:19:76:1e:d3:f2:66:73:06:0d:02:68:07:4c:5e:
         7a:71:06:72:16:0c:a6:2f:76:30:1d:a4:d1:e7:5f:6e:27:fd:
         76:51:15:b2:8d:b2:95:ea:5e:1e:a6:86:a9:0f:29:4b:b0:e3:
         27:e9:3f:09:7e:02:ea:b2:f0:87:f0:ce:3a:6f:60:3a:a6:d4:
         92:68:2d:3f:5f:34:8e:cf:ec:a5:fa:15:50:c2:51:91:7a:16:
         02:7a:c6:0d:18:72:5f:1c:5f:2c:c7:54:79:13:e8:79:d8:1d:
         00:13:b3:da:ac:ae:f3:ea:a3:4b:b7:20:54:a7:39:a8:0f:7e:
         41:90:2f:e1:8b:c6:4d:19:a5:13:0e:44:54:81:00:b9:d7:f9:
         53:43:4d:36:e7:fe:fb:ec:61:f6:d4:a5:38:2f:0c:5f:11:09:
         de:8e:3e:19:3c:ef:5e:22:6c:3a:46:5a:cd:ee:2e:a0:7f:2b:
         88:84:f5:53:6d:20:7c:0a:38:83:91:eb:db:4d:7e:77:79:c2:
         b0:81:7a:b9:e7:bc:13:9f:60:e5:b4:7d:51:5f:17:63:39:ec:
         b4:07:56:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmmD++h+dlttXBqOgcVsIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAyMTAzODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjkzZGQ0Y2MzZmRkYTgyYmJkM2I4NjQ2MTM4YjhmYTY2OWM1NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/6ZyK6W3XPL5DkHZHA9MKLTorQp
H/g5/DnXhD2Fr5DmXn9xeP9KFcUTsJpsDeSSs3kvyQRjEhyuU6dCgFVS8q7WCEIx
1Gy6tiT5Be12tXBqN5EHL/0RzT8vhakabDWIx8gOpmwgQ6A43dkowtCJNrFfZO8i
BeR2ABWGUZ2WTULAbt2YZtgnj5BDbXckqVdTzH53iWE4Crz0xIDOaFYpuTDRFAiy
SebcrX0ED49XrkpKUnmS2+5rGn5mFpofVYzQ99wqP8HtS4WXUekFA1ZxebgvqAm+
aVRSWOODVi2RN3C4276zZAT7CRQyKrW1mlMembfVmZxJFibMJCgCFGUoPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL+T3UzD/dqCu9O4ZGE4uPpmnFUgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdjVQZFRNUDkyb0s3MDdoa1lUaTQtbWFjVlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdXFAwQA
wmlaMA0GCSqGSIb3DQEBCwUAA4IBAQAJAtj9uu4kfUiNg811JQvHcv3p8xKF8htJ
Ezmr2EQV1bD9q+Wx3dLOGXYe0/JmcwYNAmgHTF56cQZyFgymL3YwHaTR519uJ/12
URWyjbKV6l4epoapDylLsOMn6T8JfgLqsvCH8M46b2A6ptSSaC0/XzSOz+yl+hVQ
wlGRehYCesYNGHJfHF8sx1R5E+h52B0AE7ParK7z6qNLtyBUpzmoD35BkC/hi8ZN
GaUTDkRUgQC51/lTQ0025/777GH21KU4LwxfEQnejj4ZPO9eImw6RlrN7i6gfyuI
hPVTbSB8CjiDkevbTX53ecKwgXq557wTn2DltH1RXxdjOey0B1bx
-----END CERTIFICATE-----