Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/Yqt3Kg8k1YJOv7s88RcINuiKaCE.roa
File:                     Yqt3Kg8k1YJOv7s88RcINuiKaCE.roa (raw, json)
Hash identifier:          nWZ5K8Cmhazakp99a9slUSDcrdtW/sXazmS+lE8qgb8=
Subject key identifier:   62:AB:77:2A:0F:24:D5:82:4E:BF:BB:3C:F1:17:08:36:E8:8A:68:21
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019426D952A99B054BF1C2A273A2CC1FBECE
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/Yqt3Kg8k1YJOv7s88RcINuiKaCE.roa
Signing time:             Thu 02 Jan 2025 11:49:24 +0000
ROA not before:           Thu 02 Jan 2025 11:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208371
IP address blocks:        89.223.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:52:a9:9b:05:4b:f1:c2:a2:73:a2:cc:1f:be:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 11:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62ab772a0f24d5824ebfbb3cf1170836e88a6821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1a:98:13:0f:98:6e:d7:ab:ec:98:98:f1:bd:
                    f3:32:97:fa:72:83:d4:6a:b5:6d:cd:92:0e:95:7a:
                    e1:cb:c5:c0:3f:8f:fb:9c:06:34:32:78:31:c6:65:
                    e9:7d:99:11:3d:c0:eb:d6:4b:3a:ae:a9:6d:c5:32:
                    89:18:cb:5d:2b:5c:1b:18:46:5b:92:ef:b5:2a:b7:
                    60:3f:63:c8:7c:dd:0a:2e:c0:36:f9:fb:60:ac:05:
                    17:f3:eb:08:75:6b:68:db:01:21:1e:94:5d:9f:31:
                    29:90:46:74:d9:d0:7b:b5:25:45:0a:56:e6:4b:2a:
                    13:e3:f4:0a:81:7b:b3:cf:ed:02:49:95:5f:5f:44:
                    ed:23:b1:b2:f3:a5:08:53:8d:9d:ad:07:55:e4:19:
                    96:57:9d:37:90:7d:e0:5e:e3:c0:2d:1a:c1:98:c2:
                    27:e3:ef:13:56:1a:34:98:72:5e:49:35:64:3b:2b:
                    fb:a4:6f:f5:30:5b:53:a1:56:6e:29:d5:3a:85:bc:
                    99:85:e7:b8:be:34:93:03:f2:c9:b9:64:c0:7c:b4:
                    30:42:d6:6e:db:33:31:6b:7b:c2:1e:2e:b2:04:20:
                    7a:6e:54:f7:45:45:72:4d:39:49:b6:3c:9b:6c:e1:
                    dd:bf:a0:66:24:7a:bc:cf:52:b4:4e:72:57:16:f0:
                    6b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:AB:77:2A:0F:24:D5:82:4E:BF:BB:3C:F1:17:08:36:E8:8A:68:21
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/Yqt3Kg8k1YJOv7s88RcINuiKaCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:45:b3:60:d7:b1:b2:35:ab:1c:7d:80:ca:86:45:95:6e:92:
         8e:9c:34:68:c8:f0:ab:aa:2d:2f:0b:48:35:45:68:59:fb:40:
         c7:c1:f8:5a:1d:f0:70:7f:3d:18:66:38:1b:a9:0b:9e:6d:d3:
         d3:2e:4c:e2:11:e5:cf:3d:60:6b:02:8d:5e:48:3c:d0:3a:62:
         12:ff:a6:dc:f7:d9:00:b6:30:3f:61:31:f7:b2:ce:8b:6c:e0:
         e9:20:62:9a:cc:9d:0c:bd:7f:04:f4:09:8a:74:d0:fe:04:36:
         fb:99:87:20:14:81:7d:b3:23:5c:a3:0c:d1:9f:de:f0:f5:cc:
         38:65:1e:7e:d3:17:b3:1f:03:1b:49:a8:33:38:e5:cc:cb:ab:
         c1:72:d1:7d:52:9a:95:6e:92:bd:4f:a8:fd:14:d0:89:bf:7a:
         c2:48:19:9e:35:70:d7:34:41:85:1f:16:b7:f0:71:5b:39:3f:
         a9:65:6d:56:ba:d4:20:87:89:d3:b0:ee:0e:76:a7:68:83:f6:
         5a:84:ff:c9:93:50:a7:8f:2d:67:59:6f:1b:4f:56:b3:15:fc:
         21:ab:9a:c1:ee:81:c8:15:ae:81:c3:e0:b6:e5:a6:06:f5:38:
         c0:c4:c7:01:5e:83:f6:0f:1f:0e:3f:b8:42:25:e4:3b:1e:0d:
         ea:bd:c2:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2VKpmwVL8cKic6LMH77OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjUwMTAyMTE0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmFiNzcyYTBmMjRkNTgyNGViZmJiM2NmMTE3MDgzNmU4OGE2ODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohqYEw+Ybter7JiY8b3zMpf6coPU
arVtzZIOlXrhy8XAP4/7nAY0MngxxmXpfZkRPcDr1ks6rqltxTKJGMtdK1wbGEZb
ku+1KrdgP2PIfN0KLsA2+ftgrAUX8+sIdWto2wEhHpRdnzEpkEZ02dB7tSVFClbm
SyoT4/QKgXuzz+0CSZVfX0TtI7Gy86UIU42drQdV5BmWV503kH3gXuPALRrBmMIn
4+8TVho0mHJeSTVkOyv7pG/1MFtToVZuKdU6hbyZhee4vjSTA/LJuWTAfLQwQtZu
2zMxa3vCHi6yBCB6blT3RUVyTTlJtjybbOHdv6BmJHq8z1K0TnJXFvBrOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKrdyoPJNWCTr+7PPEXCDboimghMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvWXF0M0tnOGsxWUpPdjdzODhSY0lOdWlLYUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWd9iMA0G
CSqGSIb3DQEBCwUAA4IBAQAHRbNg17GyNascfYDKhkWVbpKOnDRoyPCrqi0vC0g1
RWhZ+0DHwfhaHfBwfz0YZjgbqQuebdPTLkziEeXPPWBrAo1eSDzQOmIS/6bc99kA
tjA/YTH3ss6LbODpIGKazJ0MvX8E9AmKdND+BDb7mYcgFIF9syNcowzRn97w9cw4
ZR5+0xezHwMbSagzOOXMy6vBctF9UpqVbpK9T6j9FNCJv3rCSBmeNXDXNEGFHxa3
8HFbOT+pZW1WutQgh4nTsO4Odqdog/ZahP/Jk1Cnjy1nWW8bT1azFfwhq5rB7oHI
Fa6Bw+C25aYG9TjAxMcBXoP2Dx8OP7hCJeQ7Hg3qvcJi
-----END CERTIFICATE-----