Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/KnmFh3qNXzClOAnP3N3_zOdYRAo.roa
File:                     KnmFh3qNXzClOAnP3N3_zOdYRAo.roa (raw, json)
Hash identifier:          +qqI3RCcMPzqW1FNd6qeiI1Hp+fo8ydp1FHu51Tncg4=
Subject key identifier:   2A:79:85:87:7A:8D:5F:30:A5:38:09:CF:DC:DD:FF:CC:E7:58:44:0A
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       019425217F4A4C03D6EAF26664C9F808A8C0
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/KnmFh3qNXzClOAnP3N3_zOdYRAo.roa
Signing time:             Thu 02 Jan 2025 03:48:59 +0000
ROA not before:           Thu 02 Jan 2025 03:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214330
IP address blocks:        89.44.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:7f:4a:4c:03:d6:ea:f2:66:64:c9:f8:08:a8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 03:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a7985877a8d5f30a53809cfdcddffcce758440a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6c:11:a7:bf:1f:73:94:05:d4:ec:57:f5:8e:
                    7a:78:8b:7f:00:62:87:a0:1b:38:29:bb:98:7d:7b:
                    d3:41:2d:1a:2f:09:62:e4:b0:89:1a:72:f1:6d:1d:
                    19:27:3a:a7:24:71:78:c0:f0:b5:62:8b:7c:35:01:
                    19:71:11:95:3f:da:a0:bf:24:60:20:cb:51:64:12:
                    a6:c1:96:5d:29:95:b8:3b:a8:a7:d1:74:11:42:85:
                    5f:9f:a4:bd:25:dd:bf:70:9e:e6:e0:42:92:f2:94:
                    41:ef:6b:1e:c6:9a:a1:c6:ef:0d:28:58:a6:cf:fe:
                    f3:88:52:77:cc:3e:49:6f:10:18:90:03:59:5e:4d:
                    2a:93:ae:dc:43:53:b8:2e:dd:c4:3b:e4:88:b5:ab:
                    f4:e7:55:7c:05:b9:cc:84:4b:22:05:32:6f:08:ec:
                    cb:a1:99:46:14:86:5f:c8:38:2a:9a:b1:f5:18:dd:
                    c7:64:d7:91:1a:f5:58:cf:e4:53:aa:87:04:d1:6e:
                    d0:52:3f:3d:38:fe:8c:e4:e1:d8:34:d7:e9:c8:06:
                    c2:53:d7:c9:46:d5:51:49:04:1f:2e:90:3e:cd:db:
                    c1:23:ac:92:82:3d:69:3a:ec:9d:47:01:ed:bd:19:
                    85:06:3c:51:55:98:b2:26:07:8a:1d:dd:7a:95:1f:
                    f5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:79:85:87:7A:8D:5F:30:A5:38:09:CF:DC:DD:FF:CC:E7:58:44:0A
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/KnmFh3qNXzClOAnP3N3_zOdYRAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:45:e0:fb:0b:21:36:b0:55:4d:ac:2e:ed:ee:b4:d3:06:30:
         da:ff:63:8f:39:b0:de:1a:6d:65:89:1e:9f:e1:db:e0:ac:fa:
         d6:e9:48:9c:a2:d8:53:a9:be:5a:e7:55:64:90:fd:40:16:2a:
         86:64:21:d5:c1:81:9a:f7:ed:22:13:fe:d6:fe:47:f3:ed:ac:
         5c:ac:ed:be:1d:bf:83:8d:f4:f0:fa:49:e1:74:12:72:2a:ee:
         d4:cd:96:2d:b3:f4:5c:47:2b:fe:84:e0:84:51:00:a5:fd:a5:
         a8:a3:41:c7:01:4c:f6:c9:0a:b3:5f:c6:23:ba:3c:02:d2:3b:
         6f:e8:62:03:c0:e2:56:ed:ba:05:b3:90:ce:74:22:d3:15:b9:
         da:f0:bb:70:0e:34:01:6b:83:87:e9:c2:53:fd:c3:ab:da:26:
         a4:69:03:18:f0:ad:02:44:d3:a5:ec:10:5e:1d:e5:95:8f:31:
         93:a9:1d:09:36:1e:76:c7:29:c9:f8:66:53:31:d3:90:b9:5d:
         bc:03:3f:2e:b8:0f:d1:91:9f:7e:80:78:ab:f0:da:a9:70:61:
         22:68:37:1a:1c:cd:71:76:69:fc:bf:3a:6e:10:35:06:1c:fb:
         2b:d4:96:5e:9c:11:64:4d:3e:d2:6d:27:33:66:86:04:c8:d8:
         b8:76:17:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIX9KTAPW6vJmZMn4CKjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjUwMTAyMDM0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc5ODU4NzdhOGQ1ZjMwYTUzODA5Y2ZkY2RkZmZjY2U3NTg0NDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2wRp78fc5QF1OxX9Y56eIt/AGKH
oBs4KbuYfXvTQS0aLwli5LCJGnLxbR0ZJzqnJHF4wPC1Yot8NQEZcRGVP9qgvyRg
IMtRZBKmwZZdKZW4O6in0XQRQoVfn6S9Jd2/cJ7m4EKS8pRB72sexpqhxu8NKFim
z/7ziFJ3zD5JbxAYkANZXk0qk67cQ1O4Lt3EO+SItav051V8BbnMhEsiBTJvCOzL
oZlGFIZfyDgqmrH1GN3HZNeRGvVYz+RTqocE0W7QUj89OP6M5OHYNNfpyAbCU9fJ
RtVRSQQfLpA+zdvBI6ySgj1pOuydRwHtvRmFBjxRVZiyJgeKHd16lR/1KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCp5hYd6jV8wpTgJz9zd/8znWEQKMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvS25tRmgzcU5YekNsT0FuUDNOM196T2RZUkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSz2MA0G
CSqGSIb3DQEBCwUAA4IBAQAOReD7CyE2sFVNrC7t7rTTBjDa/2OPObDeGm1liR6f
4dvgrPrW6UicothTqb5a51VkkP1AFiqGZCHVwYGa9+0iE/7W/kfz7axcrO2+Hb+D
jfTw+knhdBJyKu7UzZYts/RcRyv+hOCEUQCl/aWoo0HHAUz2yQqzX8YjujwC0jtv
6GIDwOJW7boFs5DOdCLTFbna8LtwDjQBa4OH6cJT/cOr2iakaQMY8K0CRNOl7BBe
HeWVjzGTqR0JNh52xynJ+GZTMdOQuV28Az8uuA/RkZ9+gHir8NqpcGEiaDcaHM1x
dmn8vzpuEDUGHPsr1JZenBFkTT7SbSczZoYEyNi4dhfz
-----END CERTIFICATE-----