Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/bb6f34-347b-4bae-8f92-ea84a51eb3dc/1/cllA8kNp-t480y7IfyyWuiklziY.roa
File:                     cllA8kNp-t480y7IfyyWuiklziY.roa (raw, json)
Hash identifier:          5bq8pPC98WVuN+UCw7i3OOCXOObrhETW5cCP805rEU4=
Subject key identifier:   72:59:40:F2:43:69:FA:DE:3C:D3:2E:C8:7F:2C:96:BA:29:25:CE:26
Certificate issuer:       /CN=85f870119e5921bf12495dc902dcfe3d8d4a37d8
Certificate serial:       01956A4E20CD9B3D8926D0BEE4D825F6CBB6
Authority key identifier: 85:F8:70:11:9E:59:21:BF:12:49:5D:C9:02:DC:FE:3D:8D:4A:37:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfhwEZ5ZIb8SSV3JAtz-PY1KN9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/bb6f34-347b-4bae-8f92-ea84a51eb3dc/1/cllA8kNp-t480y7IfyyWuiklziY.roa
Signing time:             Thu 06 Mar 2025 07:14:19 +0000
ROA not before:           Thu 06 Mar 2025 07:14:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214418
IP address blocks:        89.40.27.0/24 maxlen: 24
                          2001:3700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/bb6f34-347b-4bae-8f92-ea84a51eb3dc/1/hfhwEZ5ZIb8SSV3JAtz-PY1KN9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/bb6f34-347b-4bae-8f92-ea84a51eb3dc/1/hfhwEZ5ZIb8SSV3JAtz-PY1KN9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfhwEZ5ZIb8SSV3JAtz-PY1KN9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6a:4e:20:cd:9b:3d:89:26:d0:be:e4:d8:25:f6:cb:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85f870119e5921bf12495dc902dcfe3d8d4a37d8
        Validity
            Not Before: Mar  6 07:14:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=725940f24369fade3cd32ec87f2c96ba2925ce26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b6:fe:25:15:a3:b7:58:51:45:25:e3:e5:1f:
                    c2:51:fa:4a:3f:91:64:58:4f:86:ba:29:59:71:20:
                    a7:4d:3b:7f:c7:da:72:e1:a4:fd:e9:aa:2e:ad:97:
                    99:43:79:c4:89:4f:63:3e:58:61:94:e1:78:c7:3f:
                    75:e0:92:dd:f1:58:b9:48:a2:be:76:83:44:1a:05:
                    b4:2c:d2:62:67:8c:93:15:fa:91:31:de:93:01:0b:
                    ad:d9:a4:b6:b5:c0:95:aa:fd:64:88:99:95:50:98:
                    13:91:b7:a6:8b:02:3b:1b:cd:b1:68:eb:84:73:67:
                    12:2b:ce:7c:0a:b1:fc:af:99:35:66:e6:02:d6:02:
                    f0:0e:c3:c4:ce:1d:8b:8b:0c:0e:cf:a9:e2:f6:4e:
                    ce:cf:b1:43:a6:8b:a9:d6:ee:43:a5:65:35:c9:d1:
                    ff:99:f4:86:c3:9f:01:d3:eb:b4:48:e0:04:28:b4:
                    70:e0:af:90:59:ee:aa:d0:17:f5:63:78:3e:86:bf:
                    57:3c:d1:9e:bb:f5:5a:41:ca:b4:7e:00:5f:34:bf:
                    d9:2c:58:22:a3:2e:2e:e6:e4:77:95:9c:86:ca:65:
                    18:5c:de:c7:bb:c0:92:a0:ab:77:8e:28:d4:53:8e:
                    f0:d4:ae:e8:17:63:55:c5:39:a0:87:0c:54:b5:29:
                    ba:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:59:40:F2:43:69:FA:DE:3C:D3:2E:C8:7F:2C:96:BA:29:25:CE:26
            X509v3 Authority Key Identifier:
                keyid:85:F8:70:11:9E:59:21:BF:12:49:5D:C9:02:DC:FE:3D:8D:4A:37:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfhwEZ5ZIb8SSV3JAtz-PY1KN9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/bb6f34-347b-4bae-8f92-ea84a51eb3dc/1/cllA8kNp-t480y7IfyyWuiklziY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/bb6f34-347b-4bae-8f92-ea84a51eb3dc/1/hfhwEZ5ZIb8SSV3JAtz-PY1KN9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.27.0/24
                IPv6:
                  2001:3700::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:33:62:ac:f8:18:a2:98:e4:63:60:6a:a0:6c:b7:14:3c:bf:
         27:7b:9c:3c:ae:ba:66:0e:81:3e:49:a3:63:a2:c9:99:af:4f:
         2d:1b:90:8a:49:ba:dc:aa:ce:15:09:b9:d5:c9:36:96:49:76:
         11:1b:ac:77:8e:38:e7:ec:72:f1:e0:06:b1:cd:66:25:06:87:
         c7:a0:c3:ed:ee:74:4b:e7:98:66:11:98:18:c9:bd:ff:d3:d9:
         a1:78:60:2b:79:e8:68:03:17:b6:f4:e3:a2:d8:a8:3f:47:4b:
         6b:d4:f0:f2:cd:50:d8:ec:c3:06:3c:fb:47:8b:41:7c:68:9e:
         81:94:c3:40:09:e0:e4:4f:b5:18:35:e8:f1:93:5c:13:32:bc:
         27:a6:95:11:a6:d3:94:19:cd:30:55:b4:c2:89:7c:2d:9a:2a:
         c5:c7:c6:7c:4b:a1:8d:cd:d1:7b:6c:6d:8c:df:51:b3:09:d2:
         91:37:4f:54:db:3f:01:e6:4c:6d:86:84:5f:30:0f:a2:a6:64:
         88:2a:02:b5:b0:af:3d:45:be:c7:ad:c3:8a:74:19:33:da:1e:
         e6:a6:8c:f6:fb:ee:b2:bc:1f:e3:c1:66:29:74:0a:d0:1f:6d:
         7e:00:cb:37:f2:ad:d5:02:df:09:c9:86:5c:f4:86:d9:41:19:
         9b:13:43:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZVqTiDNmz2JJtC+5Ngl9su2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1Zjg3MDExOWU1OTIxYmYxMjQ5NWRjOTAyZGNmZTNkOGQ0
YTM3ZDgwHhcNMjUwMzA2MDcxNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjU5NDBmMjQzNjlmYWRlM2NkMzJlYzg3ZjJjOTZiYTI5MjVjZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLb+JRWjt1hRRSXj5R/CUfpKP5Fk
WE+GuilZcSCnTTt/x9py4aT96aourZeZQ3nEiU9jPlhhlOF4xz914JLd8Vi5SKK+
doNEGgW0LNJiZ4yTFfqRMd6TAQut2aS2tcCVqv1kiJmVUJgTkbemiwI7G82xaOuE
c2cSK858CrH8r5k1ZuYC1gLwDsPEzh2LiwwOz6ni9k7Oz7FDpoup1u5DpWU1ydH/
mfSGw58B0+u0SOAEKLRw4K+QWe6q0Bf1Y3g+hr9XPNGeu/VaQcq0fgBfNL/ZLFgi
oy4u5uR3lZyGymUYXN7Hu8CSoKt3jijUU47w1K7oF2NVxTmghwxUtSm6mQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHJZQPJDafrePNMuyH8slropJc4mMB8GA1UdIwQY
MBaAFIX4cBGeWSG/EkldyQLc/j2NSjfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZod0VaNVpJYjhTU1YzSkF0ei1QWTFLTjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iYjZmMzQtMzQ3Yi00YmFlLThmOTIt
ZWE4NGE1MWViM2RjLzEvY2xsQThrTnAtdDQ4MHk3SWZ5eVd1aWtsemlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iYjZmMzQtMzQ3Yi00YmFlLThmOTItZWE4NGE1MWViM2Rj
LzEvaGZod0VaNVpJYjhTU1YzSkF0ei1QWTFLTjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWSgbMA0E
AgACMAcDBQMgATcAMA0GCSqGSIb3DQEBCwUAA4IBAQBZM2Ks+BiimORjYGqgbLcU
PL8ne5w8rrpmDoE+SaNjosmZr08tG5CKSbrcqs4VCbnVyTaWSXYRG6x3jjjn7HLx
4AaxzWYlBofHoMPt7nRL55hmEZgYyb3/09mheGAreehoAxe29OOi2Kg/R0tr1PDy
zVDY7MMGPPtHi0F8aJ6BlMNACeDkT7UYNejxk1wTMrwnppURptOUGc0wVbTCiXwt
mirFx8Z8S6GNzdF7bG2M31GzCdKRN09U2z8B5kxthoRfMA+ipmSIKgK1sK89Rb7H
rcOKdBkz2h7mpoz2++6yvB/jwWYpdArQH21+AMs38q3VAt8JyYZc9IbZQRmbE0NI
-----END CERTIFICATE-----