Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/ief4j2bb-cAvwzzS1T0xB8OgxGk.roa
File:                     ief4j2bb-cAvwzzS1T0xB8OgxGk.roa (raw, json)
Hash identifier:          cv2vWMrY2M65pVapU15+XFEE8tVsd4Na8PnjBxEQRuA=
Subject key identifier:   89:E7:F8:8F:66:DB:F9:C0:2F:C3:3C:D2:D5:3D:31:07:C3:A0:C4:69
Certificate issuer:       /CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
Certificate serial:       01944AC87909C87D013CF907D2AF5DC953C6
Authority key identifier: D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/ief4j2bb-cAvwzzS1T0xB8OgxGk.roa
Signing time:             Thu 09 Jan 2025 11:17:19 +0000
ROA not before:           Thu 09 Jan 2025 11:17:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51318
IP address blocks:        195.89.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:c8:79:09:c8:7d:01:3c:f9:07:d2:af:5d:c9:53:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
        Validity
            Not Before: Jan  9 11:17:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89e7f88f66dbf9c02fc33cd2d53d3107c3a0c469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b4:68:60:44:6a:bd:67:04:1e:97:a5:11:85:
                    ea:e8:b8:59:e5:bf:76:66:f6:9d:c6:12:61:00:86:
                    1a:be:28:13:69:2c:c7:8a:89:e8:31:6d:d4:ac:80:
                    8d:be:c5:5a:49:7b:94:c1:3a:2e:4c:75:ac:68:1f:
                    c9:1d:c7:48:b8:dc:12:5e:22:b1:07:9a:b8:ed:72:
                    a5:f5:98:62:cc:c0:08:14:8b:e5:7e:b0:18:f4:ca:
                    e1:87:9a:89:1c:d6:00:ff:9f:de:9c:16:a9:89:fd:
                    2c:ea:7c:0c:25:eb:82:e7:72:e7:02:70:03:72:27:
                    0b:33:92:b1:14:2c:70:4e:34:2c:9f:8c:1b:af:69:
                    b4:a8:35:95:50:46:34:72:93:d7:ff:fe:16:bd:a6:
                    36:ab:34:cf:2b:d8:2d:00:5f:ac:40:6a:11:d2:30:
                    3b:8d:72:f1:18:65:d7:96:ea:8f:4c:d6:e9:9c:6c:
                    2d:ac:d2:a3:3d:15:09:45:d7:b7:6c:ae:2e:27:a5:
                    ae:4f:46:54:51:fd:73:2c:2c:5e:6c:ce:d9:46:af:
                    72:61:82:6e:c9:77:11:4c:64:31:ae:fe:67:b0:b8:
                    be:e3:eb:51:cf:c6:3b:5c:dc:b5:9a:47:66:14:87:
                    0d:3b:15:69:9e:d6:f1:c2:28:e9:79:cc:a1:a1:31:
                    c3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E7:F8:8F:66:DB:F9:C0:2F:C3:3C:D2:D5:3D:31:07:C3:A0:C4:69
            X509v3 Authority Key Identifier:
                keyid:D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/ief4j2bb-cAvwzzS1T0xB8OgxGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.89.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:57:65:fb:b5:26:13:ef:c2:37:87:24:ec:0a:a6:24:3e:c4:
         b4:f0:90:96:88:99:9a:43:f6:b7:cf:5d:f0:ff:ce:b9:7b:32:
         7c:85:cb:ad:86:cd:29:65:2b:f5:2d:e8:c6:94:2f:87:4f:ba:
         29:71:a4:33:f0:51:78:d9:3f:d1:82:40:12:39:1c:e5:84:4c:
         51:e9:61:54:89:b9:5d:cc:e4:dc:c7:a3:4e:68:7d:2b:9f:a6:
         c8:9b:38:07:0b:dd:d3:8e:b9:e1:55:9a:90:a9:5b:1a:5e:98:
         f4:88:ed:0f:e5:9f:49:80:37:68:b6:42:1d:64:4b:9a:de:cc:
         15:08:ba:28:35:3a:12:18:b4:7f:ae:5e:8d:76:a1:fa:86:55:
         3f:18:6c:d7:f4:2f:81:84:17:55:27:d8:59:b5:d4:97:51:5f:
         42:ed:c6:14:e2:e4:af:88:f8:c7:97:28:80:0b:a5:20:ad:7f:
         56:06:b7:c7:93:2e:5d:54:78:4f:ab:61:84:7e:9f:37:03:70:
         93:c5:f9:3a:2a:7b:fb:c4:3d:d7:b0:5e:2f:0d:5c:8a:c1:6a:
         92:bb:0a:47:47:5d:0c:5b:52:5b:47:bc:ef:70:5c:34:8b:9c:
         2a:d4:f6:5f:bc:8e:4e:cb:7b:ac:7d:51:91:1e:c3:86:35:0c:
         a7:54:fd:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKyHkJyH0BPPkH0q9dyVPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYWE0YTFhN2EzYWQyM2ZhYWUyYWVhZTlmYTYxOTRmMDIx
MjgxMjkwHhcNMjUwMTA5MTExNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWU3Zjg4ZjY2ZGJmOWMwMmZjMzNjZDJkNTNkMzEwN2MzYTBjNDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbRoYERqvWcEHpelEYXq6LhZ5b92
ZvadxhJhAIYavigTaSzHionoMW3UrICNvsVaSXuUwTouTHWsaB/JHcdIuNwSXiKx
B5q47XKl9ZhizMAIFIvlfrAY9Mrhh5qJHNYA/5/enBapif0s6nwMJeuC53LnAnAD
cicLM5KxFCxwTjQsn4wbr2m0qDWVUEY0cpPX//4WvaY2qzTPK9gtAF+sQGoR0jA7
jXLxGGXXluqPTNbpnGwtrNKjPRUJRde3bK4uJ6WuT0ZUUf1zLCxebM7ZRq9yYYJu
yXcRTGQxrv5nsLi+4+tRz8Y7XNy1mkdmFIcNOxVpntbxwijpecyhoTHDuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInn+I9m2/nAL8M80tU9MQfDoMRpMB8GA1UdIwQY
MBaAFNCqShp6OtI/quKurp+mGU8CEoEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0Njgt
MjIxNGYxOGViMzI5LzEvaWVmNGoyYmItY0F2d3p6UzFUMHhCOE9neEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0NjgtMjIxNGYxOGViMzI5
LzEvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1kNMA0G
CSqGSIb3DQEBCwUAA4IBAQDGV2X7tSYT78I3hyTsCqYkPsS08JCWiJmaQ/a3z13w
/865ezJ8hcuths0pZSv1LejGlC+HT7opcaQz8FF42T/RgkASORzlhExR6WFUibld
zOTcx6NOaH0rn6bImzgHC93TjrnhVZqQqVsaXpj0iO0P5Z9JgDdotkIdZEua3swV
CLooNToSGLR/rl6NdqH6hlU/GGzX9C+BhBdVJ9hZtdSXUV9C7cYU4uSviPjHlyiA
C6UgrX9WBrfHky5dVHhPq2GEfp83A3CTxfk6Knv7xD3XsF4vDVyKwWqSuwpHR10M
W1JbR7zvcFw0i5wq1PZfvI5Oy3usfVGRHsOGNQynVP02
-----END CERTIFICATE-----