Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/fd73d8-154a-40ce-aebc-e889a6e6beac/1/ic2AvQV4fn5mQGurv_9LydC-BbI.roa
File:                     ic2AvQV4fn5mQGurv_9LydC-BbI.roa (raw, json)
Hash identifier:          mD0dAfaF87izkBorR76KrAgNEqpqvPq8C6YXxT1+QYI=
Subject key identifier:   89:CD:80:BD:05:78:7E:7E:66:40:6B:AB:BF:FF:4B:C9:D0:BE:05:B2
Certificate issuer:       /CN=f3c8990bd6e9307113e83832c6915fda5cacfc2f
Certificate serial:       019420D5C3D7F698015615711F7032DF2EF2
Authority key identifier: F3:C8:99:0B:D6:E9:30:71:13:E8:38:32:C6:91:5F:DA:5C:AC:FC:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/88iZC9bpMHET6DgyxpFf2lys_C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/fd73d8-154a-40ce-aebc-e889a6e6beac/1/ic2AvQV4fn5mQGurv_9LydC-BbI.roa
Signing time:             Wed 01 Jan 2025 07:47:47 +0000
ROA not before:           Wed 01 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43012
IP address blocks:        77.91.216.0/21 maxlen: 21
                          194.59.52.0/22 maxlen: 22
                          2a02:2538::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/fd73d8-154a-40ce-aebc-e889a6e6beac/1/88iZC9bpMHET6DgyxpFf2lys_C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/fd73d8-154a-40ce-aebc-e889a6e6beac/1/88iZC9bpMHET6DgyxpFf2lys_C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/88iZC9bpMHET6DgyxpFf2lys_C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c3:d7:f6:98:01:56:15:71:1f:70:32:df:2e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3c8990bd6e9307113e83832c6915fda5cacfc2f
        Validity
            Not Before: Jan  1 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89cd80bd05787e7e66406babbfff4bc9d0be05b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e6:04:e8:67:81:df:c4:af:87:08:45:8d:4f:
                    d6:a1:47:48:28:13:59:6c:50:80:85:76:64:ae:84:
                    0f:93:e3:48:a6:0c:fe:17:06:fd:f3:1d:e3:a1:4e:
                    ce:99:5e:88:f1:24:e2:3a:26:21:cb:a8:10:8f:b7:
                    05:8c:8d:24:c1:fc:a8:71:7f:85:c5:1b:12:12:aa:
                    93:20:36:03:e4:1b:67:d6:0e:1e:2b:aa:33:04:fb:
                    53:2a:4b:8c:b2:bf:e6:42:a5:37:9a:48:d6:e4:21:
                    26:55:5b:d9:3d:0a:e3:3d:94:d4:8c:c3:55:ce:88:
                    f5:d3:d4:8d:9e:78:dc:be:7a:34:b4:a9:2b:98:13:
                    06:da:33:87:f3:c8:a7:11:b7:34:67:ff:eb:35:e9:
                    b7:67:58:d5:7f:9d:d3:fd:31:17:c1:0c:51:61:8a:
                    8f:86:3f:f4:45:88:8a:ae:c0:96:0d:2c:c6:47:2b:
                    8f:08:81:bd:e3:7f:ba:b7:21:ef:1d:1d:97:cc:df:
                    bb:bb:06:ad:51:60:53:f6:19:d6:e7:39:df:50:45:
                    57:21:67:40:28:1e:53:89:e3:d0:97:c1:c1:c2:57:
                    37:dc:10:c1:ff:a3:c9:ac:06:ad:44:77:75:1e:99:
                    e2:c1:1e:47:9e:2e:75:ae:7d:23:8b:1a:7c:3c:9d:
                    fa:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:CD:80:BD:05:78:7E:7E:66:40:6B:AB:BF:FF:4B:C9:D0:BE:05:B2
            X509v3 Authority Key Identifier:
                keyid:F3:C8:99:0B:D6:E9:30:71:13:E8:38:32:C6:91:5F:DA:5C:AC:FC:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/88iZC9bpMHET6DgyxpFf2lys_C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fd73d8-154a-40ce-aebc-e889a6e6beac/1/ic2AvQV4fn5mQGurv_9LydC-BbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fd73d8-154a-40ce-aebc-e889a6e6beac/1/88iZC9bpMHET6DgyxpFf2lys_C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.216.0/21
                  194.59.52.0/22
                IPv6:
                  2a02:2538::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:8d:47:17:fb:3c:27:75:4a:f7:37:20:ca:ad:14:a8:81:72:
         e4:b1:aa:a0:de:53:94:6c:2f:4d:ec:11:22:07:07:1f:e8:9a:
         1f:38:d0:74:7a:c6:97:12:f5:97:8a:1c:fc:27:f5:a1:d7:f0:
         77:21:d7:27:0f:e0:c6:ec:17:90:22:cd:6f:fe:2a:22:c2:32:
         88:57:3a:dd:80:99:e6:c4:cf:88:0b:33:9f:61:9b:71:f0:d9:
         96:2e:e6:b2:84:7e:fb:59:69:f5:18:40:6b:cb:f8:e8:eb:1b:
         80:66:88:41:24:74:30:67:13:d1:ad:44:0b:88:ca:56:1d:98:
         a4:c9:a6:41:3c:38:cc:a3:49:cb:69:50:31:7f:8c:6a:a1:97:
         7c:80:4d:52:db:ec:a6:0f:63:37:a9:02:ba:74:12:b1:0f:a1:
         34:21:91:14:ad:17:29:52:a9:65:26:29:c4:3b:02:9f:e2:7d:
         e9:e4:5e:32:d2:38:6c:57:13:7f:f8:07:b0:36:b2:57:2b:85:
         39:8b:fe:e9:b2:97:76:e3:c4:32:52:f9:c1:fe:c5:91:cb:e7:
         51:47:a4:18:d4:0d:0f:e0:43:ec:8f:4f:06:f7:28:dd:2c:1a:
         d9:dd:ee:4f:a9:ea:8e:51:b4:0c:59:10:79:f9:19:b8:e8:77:
         37:8a:6d:0a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1cPX9pgBVhVxH3Ay3y7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYzg5OTBiZDZlOTMwNzExM2U4MzgzMmM2OTE1ZmRhNWNh
Y2ZjMmYwHhcNMjUwMTAxMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWNkODBiZDA1Nzg3ZTdlNjY0MDZiYWJiZmZmNGJjOWQwYmUwNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+YE6GeB38SvhwhFjU/WoUdIKBNZ
bFCAhXZkroQPk+NIpgz+Fwb98x3joU7OmV6I8STiOiYhy6gQj7cFjI0kwfyocX+F
xRsSEqqTIDYD5Btn1g4eK6ozBPtTKkuMsr/mQqU3mkjW5CEmVVvZPQrjPZTUjMNV
zoj109SNnnjcvno0tKkrmBMG2jOH88inEbc0Z//rNem3Z1jVf53T/TEXwQxRYYqP
hj/0RYiKrsCWDSzGRyuPCIG943+6tyHvHR2XzN+7uwatUWBT9hnW5znfUEVXIWdA
KB5TiePQl8HBwlc33BDB/6PJrAatRHd1HpniwR5Hni51rn0jixp8PJ36SQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFInNgL0FeH5+ZkBrq7//S8nQvgWyMB8GA1UdIwQY
MBaAFPPImQvW6TBxE+g4MsaRX9pcrPwvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODhpWkM5YnBNSEVUNkRneXhwRmYybHlzX0M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mZDczZDgtMTU0YS00MGNlLWFlYmMt
ZTg4OWE2ZTZiZWFjLzEvaWMyQXZRVjRmbjVtUUd1cnZfOUx5ZEMtQmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mZDczZDgtMTU0YS00MGNlLWFlYmMtZTg4OWE2ZTZiZWFj
LzEvODhpWkM5YnBNSEVUNkRneXhwRmYybHlzX0M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDTVvYAwQC
wjs0MA0EAgACMAcDBQAqAiU4MA0GCSqGSIb3DQEBCwUAA4IBAQBvjUcX+zwndUr3
NyDKrRSogXLksaqg3lOUbC9N7BEiBwcf6JofONB0esaXEvWXihz8J/Wh1/B3Idcn
D+DG7BeQIs1v/ioiwjKIVzrdgJnmxM+ICzOfYZtx8NmWLuayhH77WWn1GEBry/jo
6xuAZohBJHQwZxPRrUQLiMpWHZikyaZBPDjMo0nLaVAxf4xqoZd8gE1S2+ymD2M3
qQK6dBKxD6E0IZEUrRcpUqllJinEOwKf4n3p5F4y0jhsVxN/+AewNrJXK4U5i/7p
spd248QyUvnB/sWRy+dRR6QY1A0P4EPsj08G9yjdLBrZ3e5PqeqOUbQMWRB5+Rm4
6Hc3im0K
-----END CERTIFICATE-----