Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/IfJsnDvBjhqNyvQwy7Sj6pVTE48.roa
File:                     IfJsnDvBjhqNyvQwy7Sj6pVTE48.roa (raw, json)
Hash identifier:          72JQ+BiVOGXtzrf0r97edI+poiwfkKBvn0dEoFn6Vjs=
Subject key identifier:   21:F2:6C:9C:3B:C1:8E:1A:8D:CA:F4:30:CB:B4:A3:EA:95:53:13:8F
Certificate issuer:       /CN=1c99cebe0cf09903903d19c1ca0ae62421764859
Certificate serial:       019425FDED2550A8312D213DA19C0D6105FB
Authority key identifier: 1C:99:CE:BE:0C:F0:99:03:90:3D:19:C1:CA:0A:E6:24:21:76:48:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/IfJsnDvBjhqNyvQwy7Sj6pVTE48.roa
Signing time:             Thu 02 Jan 2025 07:49:45 +0000
ROA not before:           Thu 02 Jan 2025 07:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16186
IP address blocks:        89.105.48.0/20 maxlen: 20
                          185.116.4.0/22 maxlen: 22
                          2001:820::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ed:25:50:a8:31:2d:21:3d:a1:9c:0d:61:05:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c99cebe0cf09903903d19c1ca0ae62421764859
        Validity
            Not Before: Jan  2 07:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21f26c9c3bc18e1a8dcaf430cbb4a3ea9553138f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:82:c8:4a:fd:0d:3c:04:e8:17:77:3f:e4:6c:
                    a7:57:e9:5d:1c:dc:2e:30:58:c3:c6:b6:ee:c2:9c:
                    41:64:da:1b:50:4a:b2:b6:79:d8:b2:93:9a:e1:f0:
                    fa:b6:d9:16:bb:09:d7:d3:21:28:f6:e8:1b:1b:23:
                    93:aa:95:78:69:16:ad:e7:5d:88:f9:27:0c:37:40:
                    33:69:37:89:0e:74:20:11:fe:53:ac:86:ee:6d:30:
                    c1:4b:e4:2f:31:7f:3e:dd:dc:1f:5b:c4:10:a1:cb:
                    f3:08:dc:fa:9a:6d:be:1e:1f:5f:9b:0e:5d:e2:5e:
                    9b:33:07:76:f0:e5:75:7b:31:2e:98:46:bb:10:81:
                    28:c4:6e:27:7c:fe:be:cf:5a:47:54:ca:42:3b:05:
                    a7:ee:6a:b6:72:b3:51:23:38:f4:de:13:a2:a5:cd:
                    1d:b8:64:e9:63:83:e1:70:1b:03:62:9c:f4:1a:2d:
                    d3:d6:5e:66:f2:64:44:02:59:eb:62:ff:b6:69:89:
                    b5:24:42:c0:d9:92:00:ac:16:4a:16:3b:cc:db:74:
                    d2:d1:4e:c6:d2:4a:fb:1e:59:bc:5a:15:3b:f4:f9:
                    d6:a7:b0:b4:ef:c0:36:da:b6:cb:4f:e2:7e:9f:81:
                    40:f3:30:6f:c9:a5:cc:96:f7:66:71:38:45:3b:84:
                    ed:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F2:6C:9C:3B:C1:8E:1A:8D:CA:F4:30:CB:B4:A3:EA:95:53:13:8F
            X509v3 Authority Key Identifier:
                keyid:1C:99:CE:BE:0C:F0:99:03:90:3D:19:C1:CA:0A:E6:24:21:76:48:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/IfJsnDvBjhqNyvQwy7Sj6pVTE48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.105.48.0/20
                  185.116.4.0/22
                IPv6:
                  2001:820::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:e0:98:73:89:4a:2d:34:c5:21:a4:6c:49:7f:be:d5:63:a3:
         aa:be:1a:9c:5b:e9:4a:be:46:0f:e4:cc:29:2a:df:e2:a5:ac:
         40:8b:ff:0e:1d:42:83:3b:da:78:c9:26:57:dc:e3:41:bc:67:
         3e:f4:7c:0f:5e:e5:07:64:14:80:39:3b:e1:23:3b:93:44:8c:
         d7:68:73:c4:0f:0a:82:21:27:4a:f0:39:ca:6d:c8:c1:d5:06:
         ff:a6:01:ff:a9:78:36:e5:cb:75:6b:44:2a:bc:1e:11:28:54:
         f8:3a:43:16:85:43:a8:21:fb:c6:69:f2:98:0c:ec:43:6a:b0:
         5b:76:18:9b:97:9b:d2:de:a1:ca:6e:5d:8e:ed:91:b6:9d:ef:
         b1:21:a3:9c:40:f3:08:40:74:c3:09:23:35:44:39:f5:19:50:
         d2:ca:aa:da:cf:7a:ea:a1:47:19:7f:ca:72:37:d9:21:3b:4f:
         9f:7d:e7:13:69:19:74:17:2b:15:c9:6e:50:be:31:79:4a:b3:
         2f:b9:24:73:19:4f:60:fe:c6:6f:71:92:57:7f:7b:cf:c4:13:
         35:e5:08:83:67:d1:02:02:78:62:30:43:74:27:62:7d:7b:9a:
         3c:f7:ca:9a:e5:27:fd:fa:03:22:93:19:a5:00:c4:b1:9d:8a:
         c3:21:99:8c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/e0lUKgxLSE9oZwNYQX7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTljZWJlMGNmMDk5MDM5MDNkMTljMWNhMGFlNjI0MjE3
NjQ4NTkwHhcNMjUwMTAyMDc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWYyNmM5YzNiYzE4ZTFhOGRjYWY0MzBjYmI0YTNlYTk1NTMxMzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYLISv0NPAToF3c/5GynV+ldHNwu
MFjDxrbuwpxBZNobUEqytnnYspOa4fD6ttkWuwnX0yEo9ugbGyOTqpV4aRat512I
+ScMN0AzaTeJDnQgEf5TrIbubTDBS+QvMX8+3dwfW8QQocvzCNz6mm2+Hh9fmw5d
4l6bMwd28OV1ezEumEa7EIEoxG4nfP6+z1pHVMpCOwWn7mq2crNRIzj03hOipc0d
uGTpY4PhcBsDYpz0Gi3T1l5m8mREAlnrYv+2aYm1JELA2ZIArBZKFjvM23TS0U7G
0kr7Hlm8WhU79PnWp7C078A22rbLT+J+n4FA8zBvyaXMlvdmcThFO4TtVwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCHybJw7wY4ajcr0MMu0o+qVUxOPMB8GA1UdIwQY
MBaAFByZzr4M8JkDkD0ZwcoK5iQhdkhZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpuT3ZnendtUU9RUFJuQnlncm1KQ0YyU0ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8zZmVhMWEtNTdiYy00OTNhLTlhM2Ut
OGMyNWI1ZmIyNzZmLzEvSWZKc25EdkJqaHFOeXZRd3k3U2o2cFZURTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8zZmVhMWEtNTdiYy00OTNhLTlhM2UtOGMyNWI1ZmIyNzZm
LzEvSEpuT3ZnendtUU9RUFJuQnlncm1KQ0YyU0ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEWWkwAwQC
uXQEMA0EAgACMAcDBQAgAQggMA0GCSqGSIb3DQEBCwUAA4IBAQA/4JhziUotNMUh
pGxJf77VY6OqvhqcW+lKvkYP5MwpKt/ipaxAi/8OHUKDO9p4ySZX3ONBvGc+9HwP
XuUHZBSAOTvhIzuTRIzXaHPEDwqCISdK8DnKbcjB1Qb/pgH/qXg25ct1a0QqvB4R
KFT4OkMWhUOoIfvGafKYDOxDarBbdhibl5vS3qHKbl2O7ZG2ne+xIaOcQPMIQHTD
CSM1RDn1GVDSyqraz3rqoUcZf8pyN9khO0+ffecTaRl0FysVyW5QvjF5SrMvuSRz
GU9g/sZvcZJXf3vPxBM15QiDZ9ECAnhiMEN0J2J9e5o898qa5Sf9+gMikxmlAMSx
nYrDIZmM
-----END CERTIFICATE-----