Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/o68Ghde1n_EzeMSw-694dwm9M2o.roa
File:                     o68Ghde1n_EzeMSw-694dwm9M2o.roa (raw, json)
Hash identifier:          Y6KCx3LRrw57VbzbPdLVCd2PGVgDxQ3gEG3VGoRjZt0=
Subject key identifier:   A3:AF:06:85:D7:B5:9F:F1:33:78:C4:B0:FB:AF:78:77:09:BD:33:6A
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D660EFA2C96DA7973085B6062CB67C
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/o68Ghde1n_EzeMSw-694dwm9M2o.roa
Signing time:             Wed 01 Jan 2025 07:48:27 +0000
ROA not before:           Wed 01 Jan 2025 07:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211439
IP address blocks:        89.40.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:60:ef:a2:c9:6d:a7:97:30:85:b6:06:2c:b6:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3af0685d7b59ff13378c4b0fbaf787709bd336a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e9:16:02:b8:c6:76:34:a5:6f:79:ff:ac:9a:
                    d2:76:0f:8a:35:fd:16:2c:31:b4:07:ef:86:5a:36:
                    1a:d3:2d:1e:02:00:01:06:68:db:b2:bd:63:2c:b6:
                    4d:76:38:e6:36:ea:81:cc:ae:6a:53:0a:c8:70:90:
                    a0:68:8f:0b:6b:94:4f:b5:b2:87:16:3a:62:f5:a2:
                    85:65:43:89:c5:f6:ff:1d:6c:72:ef:58:e3:73:2f:
                    11:8d:ef:ac:46:9c:30:4d:c0:1e:a8:41:a5:89:6e:
                    96:8b:67:60:87:b3:ce:00:4d:83:74:34:5c:52:75:
                    ff:af:56:50:b3:0f:4b:bc:d4:a6:ad:77:d8:ec:e7:
                    3f:97:3e:13:14:45:44:53:19:c1:2d:3c:47:7f:1e:
                    b7:3d:60:43:8f:f1:04:35:07:33:15:8f:29:0a:c3:
                    2b:df:28:de:e7:4f:7d:2c:6c:93:47:6a:2e:69:54:
                    ef:c4:c9:af:c3:4f:72:f4:88:d6:c0:91:82:83:3b:
                    4a:2b:09:54:92:c9:32:c4:8f:44:74:17:2b:88:da:
                    51:30:e6:6b:a6:8e:6d:6a:98:40:56:fb:eb:9c:54:
                    3f:d1:68:eb:a1:49:69:bc:24:a6:e6:4b:01:98:04:
                    69:1e:6d:f8:04:de:1d:a8:44:0e:fb:50:2c:09:83:
                    57:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AF:06:85:D7:B5:9F:F1:33:78:C4:B0:FB:AF:78:77:09:BD:33:6A
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/o68Ghde1n_EzeMSw-694dwm9M2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:43:9d:67:ef:69:30:7d:90:e2:59:21:1c:40:84:e8:7b:af:
         30:3a:16:ee:91:7e:13:ac:67:79:54:ee:c9:06:2d:45:ef:33:
         b1:7c:2c:d8:fc:0c:bd:24:ee:8f:64:1f:20:88:af:4c:88:72:
         b6:92:ef:6f:01:76:a5:65:6d:2d:3f:60:4d:c7:9a:e8:c3:da:
         94:1c:6d:df:ae:5b:87:d5:54:a4:a0:31:b0:d6:8b:57:77:58:
         58:cc:db:20:cd:db:00:af:9d:9d:14:33:d5:4a:8f:3f:39:97:
         30:83:c4:38:76:c9:e0:0d:47:3c:2b:b5:53:9e:d5:b4:e3:51:
         0b:e5:c0:45:b6:a7:da:e6:20:bd:38:54:d4:b3:3c:b9:ac:c6:
         fb:5d:9d:34:d7:4d:5e:c5:62:b7:53:a9:a8:2e:67:e6:e6:24:
         56:48:d9:52:9f:db:ce:a6:26:24:9c:95:df:bb:67:40:4f:cf:
         b3:9c:a3:6e:70:72:e9:61:7c:3d:b4:34:4a:df:11:1f:4f:77:
         8d:a4:40:5c:df:b1:13:82:b3:52:1b:6c:86:00:e7:f8:97:c9:
         09:51:54:a0:72:ee:b1:58:15:10:9b:cb:97:00:69:dc:9c:52:
         72:49:82:15:1e:df:a5:09:6c:a1:ec:df:cc:38:6f:dd:de:34:
         cd:cd:b9:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1mDvosltp5cwhbYGLLZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2FmMDY4NWQ3YjU5ZmYxMzM3OGM0YjBmYmFmNzg3NzA5YmQzMzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ekWArjGdjSlb3n/rJrSdg+KNf0W
LDG0B++GWjYa0y0eAgABBmjbsr1jLLZNdjjmNuqBzK5qUwrIcJCgaI8La5RPtbKH
Fjpi9aKFZUOJxfb/HWxy71jjcy8Rje+sRpwwTcAeqEGliW6Wi2dgh7POAE2DdDRc
UnX/r1ZQsw9LvNSmrXfY7Oc/lz4TFEVEUxnBLTxHfx63PWBDj/EENQczFY8pCsMr
3yje5099LGyTR2ouaVTvxMmvw09y9IjWwJGCgztKKwlUkskyxI9EdBcriNpRMOZr
po5taphAVvvrnFQ/0WjroUlpvCSm5ksBmARpHm34BN4dqEQO+1AsCYNXEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOvBoXXtZ/xM3jEsPuveHcJvTNqMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvbzY4R2hkZTFuX0V6ZU1Tdy02OTRkd205TTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSimMA0G
CSqGSIb3DQEBCwUAA4IBAQCHQ51n72kwfZDiWSEcQIToe68wOhbukX4TrGd5VO7J
Bi1F7zOxfCzY/Ay9JO6PZB8giK9MiHK2ku9vAXalZW0tP2BNx5row9qUHG3frluH
1VSkoDGw1otXd1hYzNsgzdsAr52dFDPVSo8/OZcwg8Q4dsngDUc8K7VTntW041EL
5cBFtqfa5iC9OFTUszy5rMb7XZ00101exWK3U6moLmfm5iRWSNlSn9vOpiYknJXf
u2dAT8+znKNucHLpYXw9tDRK3xEfT3eNpEBc37ETgrNSG2yGAOf4l8kJUVSgcu6x
WBUQm8uXAGncnFJySYIVHt+lCWyh7N/MOG/d3jTNzblx
-----END CERTIFICATE-----