Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/S1ukHOQHwZ5FXTblgAJkMrxdPMo.roa
File:                     S1ukHOQHwZ5FXTblgAJkMrxdPMo.roa (raw, json)
Hash identifier:          nsbro8MsYnPkoUuF8RjKDn+GAEU45Dqsh1VzCFmduco=
Subject key identifier:   4B:5B:A4:1C:E4:07:C1:9E:45:5D:36:E5:80:02:64:32:BC:5D:3C:CA
Certificate issuer:       /CN=8146de8cec01d052536c0f08dfe7a8b53f9aaec2
Certificate serial:       019427B66ED52640E634E9DACBB47FCBE1BF
Authority key identifier: 81:46:DE:8C:EC:01:D0:52:53:6C:0F:08:DF:E7:A8:B5:3F:9A:AE:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gUbejOwB0FJTbA8I3-eotT-arsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/S1ukHOQHwZ5FXTblgAJkMrxdPMo.roa
Signing time:             Thu 02 Jan 2025 15:50:54 +0000
ROA not before:           Thu 02 Jan 2025 15:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39257
IP address blocks:        89.58.128.0/21 maxlen: 21
                          2a0c:be01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/gUbejOwB0FJTbA8I3-eotT-arsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/gUbejOwB0FJTbA8I3-eotT-arsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gUbejOwB0FJTbA8I3-eotT-arsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 15:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:6e:d5:26:40:e6:34:e9:da:cb:b4:7f:cb:e1:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8146de8cec01d052536c0f08dfe7a8b53f9aaec2
        Validity
            Not Before: Jan  2 15:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b5ba41ce407c19e455d36e580026432bc5d3cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a7:a2:84:7d:b1:d7:82:9e:3e:60:d5:b0:0a:
                    40:7b:3e:e7:d4:50:da:12:ce:3c:bb:e9:b9:9c:74:
                    a4:3e:5c:48:14:51:43:cc:ce:2e:d3:cc:27:9a:35:
                    fa:87:c9:0f:46:db:42:16:97:1a:aa:4e:f7:1e:aa:
                    4a:0d:10:23:44:3e:21:d6:9c:c9:d3:9b:42:e3:c3:
                    ea:e7:8a:af:18:e9:89:b3:77:5d:21:87:1f:39:19:
                    20:14:46:f1:39:8d:05:88:a7:31:38:57:b3:c5:db:
                    7a:f3:89:0f:4e:f2:a0:d0:82:6c:37:d8:35:fd:83:
                    1c:4f:4c:dc:8c:9c:07:8a:f3:f7:f1:cd:ab:ed:86:
                    0a:87:6d:36:77:e1:4c:7d:a7:d4:db:49:f9:3f:cb:
                    25:4e:e8:1e:1c:6e:0d:6e:4c:d3:b2:20:4a:0d:66:
                    e5:fb:dd:71:d1:f0:e1:e2:52:be:06:44:57:4a:02:
                    66:e1:02:01:d4:a0:8f:64:cd:40:19:c2:ce:95:bc:
                    7a:4a:eb:fe:d4:c2:27:38:da:5b:87:02:0c:4b:37:
                    bf:e0:eb:a5:e9:42:3d:1e:f5:5b:cb:72:09:f2:ca:
                    8a:a3:31:1a:fb:d9:f1:d6:55:3e:53:04:20:93:82:
                    c0:d3:92:09:d5:5c:98:6b:d3:90:df:70:c8:9e:de:
                    9a:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:5B:A4:1C:E4:07:C1:9E:45:5D:36:E5:80:02:64:32:BC:5D:3C:CA
            X509v3 Authority Key Identifier:
                keyid:81:46:DE:8C:EC:01:D0:52:53:6C:0F:08:DF:E7:A8:B5:3F:9A:AE:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gUbejOwB0FJTbA8I3-eotT-arsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/S1ukHOQHwZ5FXTblgAJkMrxdPMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/gUbejOwB0FJTbA8I3-eotT-arsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.128.0/21
                IPv6:
                  2a0c:be01::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:fb:a9:37:d9:a4:c2:b7:9c:0b:a5:82:47:ef:d1:b8:1c:a6:
         34:51:73:89:c1:c7:36:54:8c:c3:18:a4:89:36:3a:b4:23:41:
         d7:21:1b:c9:fb:60:92:26:5b:16:98:74:e1:7a:91:51:0f:82:
         72:c9:78:80:82:3a:de:da:a8:0c:f6:2a:ee:ac:ce:a7:f1:12:
         a6:01:72:de:68:a4:7e:cc:1d:a5:a2:2e:15:42:8d:4c:f5:86:
         b8:35:68:96:09:2e:71:8d:d2:e8:d5:12:ae:c6:88:bd:74:e6:
         4e:b3:94:78:d4:08:00:c4:16:b4:57:bb:fd:21:21:36:86:f8:
         4f:98:4c:18:57:40:52:9b:35:e1:f5:2d:04:c9:c1:36:99:77:
         e5:36:d7:ef:63:ce:5d:35:ea:c2:ff:08:47:aa:ee:f6:39:07:
         d0:37:1a:f7:0c:c1:64:c7:64:2a:29:4e:fc:b5:ca:c2:9b:50:
         c7:21:f7:41:ee:0b:50:6a:b8:18:5b:d1:cf:b2:f6:c6:5c:32:
         5a:5c:a5:d5:32:45:af:6f:4a:d6:39:29:74:a6:50:f3:dc:f4:
         ec:0a:fe:78:98:2a:3c:d4:9e:d1:2d:8e:0e:7c:de:ec:3f:a8:
         a3:c9:9a:1d:c5:1f:48:71:10:1b:6f:ec:ab:2f:7c:2b:69:83:
         5a:17:4f:d2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntm7VJkDmNOnay7R/y+G/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNDZkZThjZWMwMWQwNTI1MzZjMGYwOGRmZTdhOGI1M2Y5
YWFlYzIwHhcNMjUwMTAyMTU1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjViYTQxY2U0MDdjMTllNDU1ZDM2ZTU4MDAyNjQzMmJjNWQzY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6eihH2x14KePmDVsApAez7n1FDa
Es48u+m5nHSkPlxIFFFDzM4u08wnmjX6h8kPRttCFpcaqk73HqpKDRAjRD4h1pzJ
05tC48Pq54qvGOmJs3ddIYcfORkgFEbxOY0FiKcxOFezxdt684kPTvKg0IJsN9g1
/YMcT0zcjJwHivP38c2r7YYKh202d+FMfafU20n5P8slTugeHG4NbkzTsiBKDWbl
+91x0fDh4lK+BkRXSgJm4QIB1KCPZM1AGcLOlbx6Suv+1MInONpbhwIMSze/4Oul
6UI9HvVby3IJ8sqKozEa+9nx1lU+UwQgk4LA05IJ1VyYa9OQ33DInt6aaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEtbpBzkB8GeRV025YACZDK8XTzKMB8GA1UdIwQY
MBaAFIFG3ozsAdBSU2wPCN/nqLU/mq7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1ViZWpPd0IwRkpUYkE4STMtZW90VC1hcnNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjhkOWEtOGRkYi00NGIzLTlhYzAt
Y2Q1NzJmZDA0NGVlLzEvUzF1a0hPUUh3WjVGWFRibGdBSmtNcnhkUE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjhkOWEtOGRkYi00NGIzLTlhYzAtY2Q1NzJmZDA0NGVl
LzEvZ1ViZWpPd0IwRkpUYkE4STMtZW90VC1hcnNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWTqAMA0E
AgACMAcDBQAqDL4BMA0GCSqGSIb3DQEBCwUAA4IBAQBa+6k32aTCt5wLpYJH79G4
HKY0UXOJwcc2VIzDGKSJNjq0I0HXIRvJ+2CSJlsWmHThepFRD4JyyXiAgjre2qgM
9irurM6n8RKmAXLeaKR+zB2loi4VQo1M9Ya4NWiWCS5xjdLo1RKuxoi9dOZOs5R4
1AgAxBa0V7v9ISE2hvhPmEwYV0BSmzXh9S0EycE2mXflNtfvY85dNerC/whHqu72
OQfQNxr3DMFkx2QqKU78tcrCm1DHIfdB7gtQargYW9HPsvbGXDJaXKXVMkWvb0rW
OSl0plDz3PTsCv54mCo81J7RLY4OfN7sP6ijyZodxR9IcRAbb+yrL3wraYNaF0/S
-----END CERTIFICATE-----