Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/hlqWTcGjcSJd1r5U3U4_3MeKdzw.roa
File:                     hlqWTcGjcSJd1r5U3U4_3MeKdzw.roa (raw, json)
Hash identifier:          vvxOLW1Cs1J7vdtvtl6JtaxARV46jaPnmMA627WhO/g=
Subject key identifier:   86:5A:96:4D:C1:A3:71:22:5D:D6:BE:54:DD:4E:3F:DC:C7:8A:77:3C
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       01941FFA33909E3E2AC4A878130D42A5373E
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/hlqWTcGjcSJd1r5U3U4_3MeKdzw.roa
Signing time:             Wed 01 Jan 2025 03:47:58 +0000
ROA not before:           Wed 01 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41043
IP address blocks:        89.45.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:33:90:9e:3e:2a:c4:a8:78:13:0d:42:a5:37:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=865a964dc1a371225dd6be54dd4e3fdcc78a773c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:31:04:0e:29:22:3e:89:e3:8c:f4:62:43:e0:
                    b9:7a:52:1b:ba:7f:a5:2d:37:c5:21:77:8a:07:3c:
                    d4:93:23:79:88:70:ba:d9:ff:e1:6a:4a:18:e4:04:
                    1d:78:15:3a:47:3f:7f:29:54:74:c5:8c:87:87:76:
                    c8:b8:97:f3:f2:e3:ce:df:31:81:af:51:c7:13:e9:
                    5c:9b:46:99:17:fb:90:02:53:0b:53:17:c9:00:aa:
                    b6:a0:a6:98:26:19:7b:74:f2:6a:68:f5:31:67:36:
                    64:6b:99:a4:30:d2:24:e1:a1:7d:7d:e0:c0:0a:34:
                    13:98:2f:cb:0c:e8:e0:d6:0d:03:4e:de:61:10:ec:
                    31:8a:bd:62:1b:c5:01:11:9b:70:71:31:30:88:a0:
                    52:bd:58:57:d3:c3:1e:0c:6c:8c:86:3b:6f:41:9f:
                    e7:e3:5f:f8:92:2d:4d:08:5e:09:cf:e5:bb:04:f4:
                    10:fd:51:6f:ab:7c:8c:07:80:08:4f:c8:b9:7d:b1:
                    9b:35:f1:1c:af:21:53:44:d3:13:97:88:81:18:2c:
                    e2:a5:fe:6e:30:7e:87:ba:21:91:03:85:3b:2c:89:
                    b6:78:ed:24:05:85:d6:a5:c3:73:b5:3f:49:65:fa:
                    44:db:ac:da:4d:7d:c9:8e:23:4f:2e:d7:1f:9c:79:
                    ad:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:5A:96:4D:C1:A3:71:22:5D:D6:BE:54:DD:4E:3F:DC:C7:8A:77:3C
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/hlqWTcGjcSJd1r5U3U4_3MeKdzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:01:4c:50:3b:58:fd:c2:28:cb:08:c1:33:ea:ae:d5:bf:5b:
         ea:0a:86:b0:06:78:84:6c:b7:17:e7:1d:e1:bd:a6:17:ba:e0:
         0b:0d:31:82:f9:df:f5:69:0a:e2:f1:94:d0:70:ea:d6:d5:77:
         ff:1b:52:43:fa:d6:cd:51:6e:76:9f:e5:a4:f6:d7:c4:ba:a5:
         e2:e5:a2:e4:54:00:f7:f2:5c:eb:44:87:e8:87:88:45:51:ae:
         9c:4a:2d:19:2e:84:44:c2:f5:33:42:c7:1e:c2:42:9c:d3:27:
         06:f4:54:1d:5d:0d:0e:b6:cb:1c:0d:88:c0:75:a2:4d:fa:16:
         0f:dc:06:a4:e4:0c:d4:6f:21:60:62:2e:a6:8a:45:8b:38:0c:
         51:35:53:a9:96:03:32:cc:c1:c8:e9:b4:a2:a6:21:df:ba:da:
         a3:b0:10:c0:86:12:eb:13:1b:32:45:1f:47:38:f6:d4:b5:48:
         c9:63:92:47:84:c2:15:47:22:92:ed:1f:83:2c:bc:c5:e1:70:
         f7:7d:3c:5a:cd:d3:77:38:f1:bb:a0:c0:66:01:9a:16:4c:77:
         ae:ce:00:74:e9:d2:f4:42:d2:a0:ad:7c:fd:d7:4b:d7:a7:4a:
         25:a1:d5:99:8a:96:80:51:7f:d8:a7:3d:9f:3e:a9:a2:ea:39:
         1c:22:af:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jOQnj4qxKh4Ew1CpTc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjVhOTY0ZGMxYTM3MTIyNWRkNmJlNTRkZDRlM2ZkY2M3OGE3NzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTEEDikiPonjjPRiQ+C5elIbun+l
LTfFIXeKBzzUkyN5iHC62f/hakoY5AQdeBU6Rz9/KVR0xYyHh3bIuJfz8uPO3zGB
r1HHE+lcm0aZF/uQAlMLUxfJAKq2oKaYJhl7dPJqaPUxZzZka5mkMNIk4aF9feDA
CjQTmC/LDOjg1g0DTt5hEOwxir1iG8UBEZtwcTEwiKBSvVhX08MeDGyMhjtvQZ/n
41/4ki1NCF4Jz+W7BPQQ/VFvq3yMB4AIT8i5fbGbNfEcryFTRNMTl4iBGCzipf5u
MH6HuiGRA4U7LIm2eO0kBYXWpcNztT9JZfpE26zaTX3JjiNPLtcfnHmtkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZalk3Bo3EiXda+VN1OP9zHinc8MB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvaGxxV1RjR2pjU0pkMXI1VTNVNF8zTWVLZHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS0vMA0G
CSqGSIb3DQEBCwUAA4IBAQB+AUxQO1j9wijLCMEz6q7Vv1vqCoawBniEbLcX5x3h
vaYXuuALDTGC+d/1aQri8ZTQcOrW1Xf/G1JD+tbNUW52n+Wk9tfEuqXi5aLkVAD3
8lzrRIfoh4hFUa6cSi0ZLoREwvUzQscewkKc0ycG9FQdXQ0OtsscDYjAdaJN+hYP
3Aak5AzUbyFgYi6mikWLOAxRNVOplgMyzMHI6bSipiHfutqjsBDAhhLrExsyRR9H
OPbUtUjJY5JHhMIVRyKS7R+DLLzF4XD3fTxazdN3OPG7oMBmAZoWTHeuzgB06dL0
QtKgrXz910vXp0olodWZipaAUX/Ypz2fPqmi6jkcIq9g
-----END CERTIFICATE-----