Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/bFfYuWF2ASD_WhaKHcwniE-EJhc.roa
File:                     bFfYuWF2ASD_WhaKHcwniE-EJhc.roa (raw, json)
Hash identifier:          7I4u+C+7dGPFU5Dq9B4FirGYzRrbhUT5p5jlp8mFRMc=
Subject key identifier:   6C:57:D8:B9:61:76:01:20:FF:5A:16:8A:1D:CC:27:88:4F:84:26:17
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D6602507589AD28F158245373F9605
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/bFfYuWF2ASD_WhaKHcwniE-EJhc.roa
Signing time:             Wed 01 Jan 2025 07:48:27 +0000
ROA not before:           Wed 01 Jan 2025 07:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        89.44.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:60:25:07:58:9a:d2:8f:15:82:45:37:3f:96:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c57d8b961760120ff5a168a1dcc27884f842617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c1:fa:4e:fb:ca:7a:ca:88:26:57:31:03:0d:
                    61:40:ab:59:d9:1a:46:93:d7:4b:a1:85:e3:81:33:
                    14:3b:d3:77:22:ed:94:74:c2:c1:62:d7:54:c3:10:
                    0a:d7:4a:70:e0:a7:40:07:94:94:f2:4d:0f:3b:df:
                    03:86:4d:27:bd:7a:e3:ab:5e:00:97:00:7a:fe:21:
                    aa:ff:a5:e7:f5:38:e2:06:f3:e4:54:03:e4:44:b7:
                    a8:41:0d:e9:6c:b0:6f:a5:1f:32:81:61:a2:9f:bf:
                    97:2c:0e:6c:06:74:ed:d6:e2:76:09:cb:00:0d:e3:
                    f4:d8:80:50:6d:e9:ea:33:72:96:a2:67:f5:7e:7c:
                    61:c3:c1:9c:6e:5d:ff:63:3a:b5:ea:47:2d:d5:8d:
                    e0:08:03:b5:51:da:04:cb:78:17:82:4f:99:3d:24:
                    d3:d2:aa:b0:a7:75:61:a5:30:8f:79:ac:75:a3:63:
                    21:23:ef:87:b8:07:a3:b4:f7:fb:0f:11:c3:12:98:
                    00:a0:ec:54:9a:7f:47:ed:7d:f4:a0:3a:ca:14:ca:
                    b6:a0:8c:fb:c6:1e:f0:ef:4e:5c:cc:82:b1:66:ee:
                    62:53:e9:ab:6e:2d:91:09:39:df:a9:7a:41:e4:57:
                    a5:00:b0:e7:04:49:3f:2b:54:0f:41:75:67:06:6b:
                    f7:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:57:D8:B9:61:76:01:20:FF:5A:16:8A:1D:CC:27:88:4F:84:26:17
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/bFfYuWF2ASD_WhaKHcwniE-EJhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:66:34:a0:95:f0:b9:45:b2:f6:49:78:7f:00:a4:00:64:46:
         16:b1:a5:15:11:0f:75:3b:bb:3d:08:50:ed:4d:af:2d:37:c1:
         1c:33:08:49:53:54:c3:4e:96:22:07:4a:ab:f5:3d:9d:c9:53:
         89:01:7f:d4:f9:dd:86:f4:be:2f:df:31:ab:89:f7:45:29:1a:
         e2:c4:88:af:3e:a2:fd:5a:fe:a3:17:70:cb:64:55:09:59:2a:
         95:df:c1:d7:5b:44:48:db:95:9d:32:25:c9:6a:3b:b1:a3:ff:
         89:e6:50:09:d9:d2:fa:81:24:29:8a:fa:14:32:24:ee:9d:a4:
         20:b1:26:66:1c:43:21:71:00:c3:0d:8c:d9:4e:86:9e:8b:5b:
         07:3a:47:ff:c0:d2:c6:0d:19:e1:28:cb:13:8e:06:09:6a:b2:
         f7:24:d0:91:77:39:7f:c9:6c:02:2f:60:9a:b9:8f:9a:d9:6c:
         3d:dd:87:8c:4e:69:93:06:95:f5:69:7c:83:0e:09:e8:ba:aa:
         44:0e:e2:72:ee:d7:77:43:57:dc:77:e8:dd:22:e8:3a:74:9d:
         13:6a:7f:c9:61:9e:e1:91:cb:56:ee:34:8a:54:a5:a6:57:36:
         c1:53:a1:5e:6d:c5:a3:a4:98:59:ce:72:95:58:95:03:55:c3:
         c5:cd:2c:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1mAlB1ia0o8VgkU3P5YFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzU3ZDhiOTYxNzYwMTIwZmY1YTE2OGExZGNjMjc4ODRmODQyNjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8H6TvvKesqIJlcxAw1hQKtZ2RpG
k9dLoYXjgTMUO9N3Iu2UdMLBYtdUwxAK10pw4KdAB5SU8k0PO98Dhk0nvXrjq14A
lwB6/iGq/6Xn9TjiBvPkVAPkRLeoQQ3pbLBvpR8ygWGin7+XLA5sBnTt1uJ2CcsA
DeP02IBQbenqM3KWomf1fnxhw8Gcbl3/Yzq16kct1Y3gCAO1UdoEy3gXgk+ZPSTT
0qqwp3VhpTCPeax1o2MhI++HuAejtPf7DxHDEpgAoOxUmn9H7X30oDrKFMq2oIz7
xh7w705czIKxZu5iU+mrbi2RCTnfqXpB5FelALDnBEk/K1QPQXVnBmv37wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxX2LlhdgEg/1oWih3MJ4hPhCYXMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvYkZmWXVXRjJBU0RfV2hhS0hjd25pRS1FSmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSxmMA0G
CSqGSIb3DQEBCwUAA4IBAQCVZjSglfC5RbL2SXh/AKQAZEYWsaUVEQ91O7s9CFDt
Ta8tN8EcMwhJU1TDTpYiB0qr9T2dyVOJAX/U+d2G9L4v3zGrifdFKRrixIivPqL9
Wv6jF3DLZFUJWSqV38HXW0RI25WdMiXJajuxo/+J5lAJ2dL6gSQpivoUMiTunaQg
sSZmHEMhcQDDDYzZToaei1sHOkf/wNLGDRnhKMsTjgYJarL3JNCRdzl/yWwCL2Ca
uY+a2Ww93YeMTmmTBpX1aXyDDgnouqpEDuJy7td3Q1fcd+jdIug6dJ0Tan/JYZ7h
kctW7jSKVKWmVzbBU6FebcWjpJhZznKVWJUDVcPFzSwK
-----END CERTIFICATE-----