Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/89pL_6fhBybA-VoC0AWu1S10sdM.roa
File:                     89pL_6fhBybA-VoC0AWu1S10sdM.roa (raw, json)
Hash identifier:          YxD0MYukYkke9dssLSiPBXYgNOj8+xJSU/U+9dumNwM=
Subject key identifier:   F3:DA:4B:FF:A7:E1:07:26:C0:F9:5A:02:D0:05:AE:D5:2D:74:B1:D3
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       019428271B39F92A07981938D4F382D294EA
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/89pL_6fhBybA-VoC0AWu1S10sdM.roa
Signing time:             Thu 02 Jan 2025 17:53:58 +0000
ROA not before:           Thu 02 Jan 2025 17:53:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211227
IP address blocks:        2a0e:46c4:1600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:1b:39:f9:2a:07:98:19:38:d4:f3:82:d2:94:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  2 17:53:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3da4bffa7e10726c0f95a02d005aed52d74b1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b5:a8:74:7d:66:bf:d1:cf:0c:db:6a:c1:c3:
                    b4:0f:db:fd:30:d2:d7:2a:09:38:59:a9:f8:49:28:
                    11:1b:da:b2:f8:df:24:42:f2:d3:54:c2:7a:16:e6:
                    cf:1c:6c:f9:b3:10:41:f4:b0:51:52:15:5c:51:43:
                    29:ae:bc:2f:17:2a:64:01:e2:3c:4e:bd:a5:bd:0a:
                    5f:ff:96:d9:22:fd:39:ac:50:52:4f:88:df:69:14:
                    69:b1:73:5e:6c:83:b3:3f:fa:4b:58:73:7c:c4:e0:
                    eb:0f:be:8c:13:50:26:8c:eb:78:9a:54:03:24:4b:
                    44:92:90:13:0e:8b:71:90:cd:b4:77:6a:21:ec:39:
                    4f:10:e2:5c:51:f4:21:8c:db:c3:09:cb:a9:09:ce:
                    f9:1d:5c:17:34:b9:de:27:60:ac:5f:a9:83:c1:0c:
                    4a:73:47:f1:46:cd:3f:32:1f:26:62:41:34:38:c2:
                    47:4d:f9:fe:fc:5d:c5:bb:c8:08:2b:2c:28:9b:f5:
                    c5:10:c9:50:25:6e:e6:f0:af:76:48:a4:e1:a1:a6:
                    12:c9:5c:82:99:56:f1:c4:ed:2b:44:34:00:49:ac:
                    ec:37:46:94:c4:a4:1b:f9:da:b5:d0:90:99:03:c9:
                    05:5c:1a:94:78:f0:de:a7:59:0a:47:a7:e2:7a:ca:
                    90:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:DA:4B:FF:A7:E1:07:26:C0:F9:5A:02:D0:05:AE:D5:2D:74:B1:D3
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/89pL_6fhBybA-VoC0AWu1S10sdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:1600::/40

    Signature Algorithm: sha256WithRSAEncryption
         35:d3:10:a3:3c:1d:45:39:2a:44:0e:96:a7:f7:26:db:48:00:
         3f:40:9f:49:92:c2:cf:0e:59:c8:7c:ff:33:ca:2f:83:93:d3:
         6f:88:05:f0:cc:b1:63:6e:b8:c7:28:18:16:38:b4:f9:9b:00:
         87:75:0a:cf:78:88:44:ed:14:46:a8:86:20:32:74:86:57:1c:
         2b:45:92:b1:36:5b:63:fc:ec:b9:2c:7a:44:f6:30:66:e5:bd:
         9a:d1:6a:ad:cf:11:72:1e:14:fd:f6:27:24:dd:79:65:8d:b1:
         c7:83:f1:76:e3:f6:02:5c:0b:4b:3f:51:31:0f:b4:3d:83:e2:
         88:ce:8a:c8:3b:d3:15:bc:05:7a:6d:29:06:a0:53:79:0e:ee:
         91:77:89:44:7c:48:c5:d5:72:be:0f:98:af:6e:4b:55:c9:3d:
         47:ed:d8:d8:9a:89:69:a2:38:44:96:e2:cd:a7:55:ad:3e:97:
         79:19:f2:ee:3b:c4:d2:1d:41:12:26:82:67:57:da:e7:13:9a:
         f5:66:41:8f:9b:e9:55:cd:0f:d1:16:46:a0:19:84:01:6c:01:
         9a:a3:b2:ea:de:36:09:d4:69:31:05:30:99:3d:5d:2d:3f:dd:
         66:2f:78:30:e5:1d:b8:56:30:5f:8a:70:4c:a1:5e:f2:b9:82:
         2a:a0:21:4a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQoJxs5+SoHmBk41POC0pTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjUwMTAyMTc1MzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2RhNGJmZmE3ZTEwNzI2YzBmOTVhMDJkMDA1YWVkNTJkNzRiMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbWodH1mv9HPDNtqwcO0D9v9MNLX
Kgk4Wan4SSgRG9qy+N8kQvLTVMJ6FubPHGz5sxBB9LBRUhVcUUMprrwvFypkAeI8
Tr2lvQpf/5bZIv05rFBST4jfaRRpsXNebIOzP/pLWHN8xODrD76ME1AmjOt4mlQD
JEtEkpATDotxkM20d2oh7DlPEOJcUfQhjNvDCcupCc75HVwXNLneJ2CsX6mDwQxK
c0fxRs0/Mh8mYkE0OMJHTfn+/F3Fu8gIKywom/XFEMlQJW7m8K92SKThoaYSyVyC
mVbxxO0rRDQASazsN0aUxKQb+dq10JCZA8kFXBqUePDep1kKR6fiesqQDwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPPaS/+n4QcmwPlaAtAFrtUtdLHTMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvODlwTF82ZmhCeWJBLVZvQzBBV3UxUzEwc2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg5GxBYw
DQYJKoZIhvcNAQELBQADggEBADXTEKM8HUU5KkQOlqf3JttIAD9An0mSws8OWch8
/zPKL4OT02+IBfDMsWNuuMcoGBY4tPmbAId1Cs94iETtFEaohiAydIZXHCtFkrE2
W2P87LksekT2MGblvZrRaq3PEXIeFP32JyTdeWWNsceD8Xbj9gJcC0s/UTEPtD2D
4ojOisg70xW8BXptKQagU3kO7pF3iUR8SMXVcr4PmK9uS1XJPUft2NiaiWmiOESW
4s2nVa0+l3kZ8u47xNIdQRImgmdX2ucTmvVmQY+b6VXND9EWRqAZhAFsAZqjsure
NgnUaTEFMJk9XS0/3WYveDDlHbhWMF+KcEyhXvK5giqgIUo=
-----END CERTIFICATE-----