Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/LsmwcIccA3zM4d7kxqt3XhLcSa0.roa
File:                     LsmwcIccA3zM4d7kxqt3XhLcSa0.roa (raw, json)
Hash identifier:          98WTFaz7XPqlrJj7+XyfBTJEw1Sf7UEiPzA9D8zWsIw=
Subject key identifier:   2E:C9:B0:70:87:1C:03:7C:CC:E1:DE:E4:C6:AB:77:5E:12:DC:49:AD
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019426D9522939CCA23A629D5440DB66CFEE
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/LsmwcIccA3zM4d7kxqt3XhLcSa0.roa
Signing time:             Thu 02 Jan 2025 11:49:24 +0000
ROA not before:           Thu 02 Jan 2025 11:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208325
IP address blocks:        89.223.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:52:29:39:cc:a2:3a:62:9d:54:40:db:66:cf:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 11:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ec9b070871c037ccce1dee4c6ab775e12dc49ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bb:b6:81:f8:ef:47:76:47:d6:c3:f1:cc:40:
                    4c:37:f0:5a:a6:52:2c:12:00:88:5a:d8:8d:23:85:
                    2b:7a:3c:57:ae:00:76:bf:51:33:89:4e:e7:e9:7b:
                    cc:df:e4:44:20:9d:74:40:3b:6b:a8:d7:56:f3:eb:
                    2a:2f:c6:e8:ac:44:1c:15:76:6b:b8:90:e7:ee:85:
                    52:76:92:4b:54:75:46:03:aa:1a:66:39:1e:64:be:
                    31:7f:bc:dc:e0:cf:53:64:27:7a:ee:49:fd:23:9a:
                    77:02:fb:c3:1e:35:65:7f:d4:c8:ae:de:cc:45:be:
                    48:37:ae:01:b3:27:d2:fe:b4:e8:eb:77:d6:c2:25:
                    b2:97:2b:40:be:e1:2b:41:54:82:43:b6:26:b9:cf:
                    a8:3d:65:87:35:1d:34:21:56:5c:53:82:e5:2a:e4:
                    14:75:da:02:e5:dd:97:08:df:3e:46:52:43:e7:67:
                    08:13:e3:64:14:cf:32:a5:ef:cf:79:70:d1:eb:e3:
                    3f:eb:4f:10:62:32:94:85:19:a7:35:ac:65:13:46:
                    f5:8d:07:0e:64:57:d4:af:19:b9:9d:20:2c:1b:64:
                    38:bc:e1:40:18:fb:76:41:2a:c7:2c:da:77:c3:9e:
                    42:69:96:aa:3c:be:3f:10:3f:05:d2:39:4f:22:de:
                    23:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C9:B0:70:87:1C:03:7C:CC:E1:DE:E4:C6:AB:77:5E:12:DC:49:AD
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/LsmwcIccA3zM4d7kxqt3XhLcSa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:25:cb:96:92:9c:92:17:c7:f1:14:3f:71:36:50:dd:7e:b9:
         fc:c8:d0:a4:bc:57:e7:e3:b1:b8:48:73:ba:a6:a6:1a:bf:96:
         68:5d:c1:69:34:7d:83:eb:0f:79:a1:5b:dd:85:40:62:5e:f6:
         fc:d1:0a:c6:1c:30:8c:e7:25:b8:0e:2d:4c:09:c5:6c:33:f9:
         46:59:24:1d:e4:61:2e:cb:3c:78:79:77:26:71:69:4f:18:11:
         0e:06:58:a6:f2:3c:28:49:52:39:b6:ac:08:ff:d3:0c:ce:ee:
         1a:a8:a3:ba:41:cf:b7:45:11:95:1f:db:00:68:23:f4:97:0c:
         73:e1:e3:15:18:1e:9a:a1:05:15:dd:50:5a:28:f6:cb:07:12:
         2a:26:da:b3:8e:02:f7:5a:92:89:14:4e:82:98:4c:2b:04:3c:
         f9:05:b4:60:06:01:ac:de:a7:03:f1:c9:1a:b6:1b:67:f7:83:
         e5:0e:f5:0a:2d:0a:b1:30:bb:50:85:7e:5c:5a:fa:13:f0:f2:
         2f:6a:ae:df:31:a1:36:07:0a:16:0e:58:5c:85:9b:58:66:84:
         75:74:87:3a:08:1e:6f:1b:b0:61:15:83:a4:20:d9:72:f7:cd:
         f2:28:9a:cc:05:60:7b:39:03:37:60:35:a0:f1:9b:0f:d6:b7:
         45:90:19:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2VIpOcyiOmKdVEDbZs/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjUwMTAyMTE0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWM5YjA3MDg3MWMwMzdjY2NlMWRlZTRjNmFiNzc1ZTEyZGM0OWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArru2gfjvR3ZH1sPxzEBMN/BaplIs
EgCIWtiNI4UrejxXrgB2v1EziU7n6XvM3+REIJ10QDtrqNdW8+sqL8borEQcFXZr
uJDn7oVSdpJLVHVGA6oaZjkeZL4xf7zc4M9TZCd67kn9I5p3AvvDHjVlf9TIrt7M
Rb5IN64BsyfS/rTo63fWwiWylytAvuErQVSCQ7Ymuc+oPWWHNR00IVZcU4LlKuQU
ddoC5d2XCN8+RlJD52cIE+NkFM8ype/PeXDR6+M/608QYjKUhRmnNaxlE0b1jQcO
ZFfUrxm5nSAsG2Q4vOFAGPt2QSrHLNp3w55CaZaqPL4/ED8F0jlPIt4jcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7JsHCHHAN8zOHe5Mard14S3EmtMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvTHNtd2NJY2NBM3pNNGQ3a3hxdDNYaExjU2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWd9jMA0G
CSqGSIb3DQEBCwUAA4IBAQBeJcuWkpySF8fxFD9xNlDdfrn8yNCkvFfn47G4SHO6
pqYav5ZoXcFpNH2D6w95oVvdhUBiXvb80QrGHDCM5yW4Di1MCcVsM/lGWSQd5GEu
yzx4eXcmcWlPGBEOBlim8jwoSVI5tqwI/9MMzu4aqKO6Qc+3RRGVH9sAaCP0lwxz
4eMVGB6aoQUV3VBaKPbLBxIqJtqzjgL3WpKJFE6CmEwrBDz5BbRgBgGs3qcD8cka
thtn94PlDvUKLQqxMLtQhX5cWvoT8PIvaq7fMaE2BwoWDlhchZtYZoR1dIc6CB5v
G7BhFYOkINly983yKJrMBWB7OQM3YDWg8ZsP1rdFkBnU
-----END CERTIFICATE-----