Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/89qbXuP3JJGKzWaNZO3dqnt1pdw.roa
File:                     89qbXuP3JJGKzWaNZO3dqnt1pdw.roa (raw, json)
Hash identifier:          obr33L2CB/OVnTXprqPZCOQ9LeK6vQA821ilRu8qFT0=
Subject key identifier:   F3:DA:9B:5E:E3:F7:24:91:8A:CD:66:8D:64:ED:DD:AA:7B:75:A5:DC
Certificate issuer:       /CN=b0ad22643c2d97bd71f8b634fb8d1d4f9f01f4a7
Certificate serial:       019422FB712A7FF57861178E7FC45242CF06
Authority key identifier: B0:AD:22:64:3C:2D:97:BD:71:F8:B6:34:FB:8D:1D:4F:9F:01:F4:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sK0iZDwtl71x-LY0-40dT58B9Kc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/89qbXuP3JJGKzWaNZO3dqnt1pdw.roa
Signing time:             Wed 01 Jan 2025 17:48:11 +0000
ROA not before:           Wed 01 Jan 2025 17:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39020
IP address blocks:        193.203.118.0/24 maxlen: 24
                          193.203.119.0/24 maxlen: 24
                          195.88.152.0/24 maxlen: 24
                          195.88.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/sK0iZDwtl71x-LY0-40dT58B9Kc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/sK0iZDwtl71x-LY0-40dT58B9Kc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sK0iZDwtl71x-LY0-40dT58B9Kc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 02:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:71:2a:7f:f5:78:61:17:8e:7f:c4:52:42:cf:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0ad22643c2d97bd71f8b634fb8d1d4f9f01f4a7
        Validity
            Not Before: Jan  1 17:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3da9b5ee3f724918acd668d64edddaa7b75a5dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:58:79:76:2c:b5:5e:b0:38:f7:c2:1a:39:bb:
                    bd:9f:71:ae:cf:e3:a0:27:73:58:86:41:10:7f:ce:
                    9e:27:66:7b:06:30:86:dd:e8:ff:51:18:81:81:73:
                    c6:6a:64:87:66:09:85:77:ba:ee:c8:e7:ec:36:75:
                    6a:e5:0a:32:93:c1:53:ce:22:0b:b4:12:bb:bd:0f:
                    ad:32:e4:6f:10:44:fb:9a:0c:fe:39:d2:7a:eb:e0:
                    cc:91:cd:67:7d:26:c1:5d:8a:7e:6b:75:46:49:d6:
                    de:ed:1d:51:5a:a4:c2:c5:2f:b2:b1:de:6b:b9:1c:
                    82:28:0f:63:25:33:43:cc:bd:ae:f9:0a:61:3c:5b:
                    8b:5f:08:90:c7:2f:54:37:b9:a7:e6:74:6f:3f:3f:
                    dc:f5:3a:e0:16:4e:1a:9b:22:a6:cc:d9:fc:89:6d:
                    63:d3:07:3d:65:af:42:b0:04:ab:bc:db:ba:77:89:
                    b0:15:87:b3:54:c1:a9:f2:94:b1:b2:df:83:4c:cd:
                    4a:52:90:0b:23:21:b2:b2:d8:54:6e:19:d5:c3:8e:
                    3e:70:83:98:97:36:51:34:a4:a8:73:d9:bd:51:21:
                    37:c0:3d:2c:ce:0e:3b:bb:1c:e0:b1:f0:8f:e5:f7:
                    a3:4b:f1:19:0c:9c:d2:33:bd:16:d1:ae:7c:cc:c9:
                    ad:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:DA:9B:5E:E3:F7:24:91:8A:CD:66:8D:64:ED:DD:AA:7B:75:A5:DC
            X509v3 Authority Key Identifier:
                keyid:B0:AD:22:64:3C:2D:97:BD:71:F8:B6:34:FB:8D:1D:4F:9F:01:F4:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sK0iZDwtl71x-LY0-40dT58B9Kc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/89qbXuP3JJGKzWaNZO3dqnt1pdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/30b3ff-7036-4a2e-8eb5-074ffb423c13/1/sK0iZDwtl71x-LY0-40dT58B9Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.118.0/23
                  195.88.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:ce:b5:19:cd:e1:de:42:b3:ad:88:db:40:f5:ac:0c:1f:06:
         8d:ae:ef:b8:39:3f:50:75:a4:37:5f:dd:63:74:e6:0c:95:03:
         12:8f:2c:41:41:78:11:b1:fa:88:d1:22:40:8b:5f:b5:1a:f6:
         1c:1d:57:81:82:b4:7d:5d:ec:96:00:b0:e5:a6:f9:9f:8f:02:
         01:2d:e1:be:64:1b:7b:cd:f9:52:18:e6:54:d6:07:f8:49:d5:
         a5:f8:90:df:c1:cb:5d:d4:ab:3c:2b:1d:21:2d:b8:9e:8f:91:
         13:0e:58:cf:9b:27:d5:ae:20:bb:8c:d4:b0:85:f6:59:33:01:
         bc:41:55:1c:d4:36:23:38:bb:3d:dc:f8:8e:2f:68:63:da:55:
         4a:1c:d9:3c:23:e7:3c:8b:3e:cb:bc:f1:de:67:5a:d6:a1:9a:
         68:81:3b:6d:28:97:22:f7:65:44:6c:c8:07:02:3a:e1:b4:a1:
         f2:9c:6d:b6:49:63:4e:c3:f4:34:d0:ad:13:c7:da:21:a0:0c:
         d1:33:d1:27:59:c2:b9:e5:93:a1:58:94:db:15:97:a4:20:0d:
         a2:97:55:96:dd:01:64:b2:66:50:fc:d4:f1:3d:ed:df:e6:98:
         a0:fe:40:f1:9f:c9:1f:aa:2b:4d:6e:76:2b:7d:34:30:f4:af:
         68:ef:2d:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+3Eqf/V4YReOf8RSQs8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYWQyMjY0M2MyZDk3YmQ3MWY4YjYzNGZiOGQxZDRmOWYw
MWY0YTcwHhcNMjUwMTAxMTc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2RhOWI1ZWUzZjcyNDkxOGFjZDY2OGQ2NGVkZGRhYTdiNzVhNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVh5diy1XrA498IaObu9n3Guz+Og
J3NYhkEQf86eJ2Z7BjCG3ej/URiBgXPGamSHZgmFd7ruyOfsNnVq5Qoyk8FTziIL
tBK7vQ+tMuRvEET7mgz+OdJ66+DMkc1nfSbBXYp+a3VGSdbe7R1RWqTCxS+ysd5r
uRyCKA9jJTNDzL2u+QphPFuLXwiQxy9UN7mn5nRvPz/c9TrgFk4amyKmzNn8iW1j
0wc9Za9CsASrvNu6d4mwFYezVMGp8pSxst+DTM1KUpALIyGysthUbhnVw44+cIOY
lzZRNKSoc9m9USE3wD0szg47uxzgsfCP5fejS/EZDJzSM70W0a58zMmtiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPPam17j9ySRis1mjWTt3ap7daXcMB8GA1UdIwQY
MBaAFLCtImQ8LZe9cfi2NPuNHU+fAfSnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0swaVpEd3RsNzF4LUxZMC00MGRUNThCOUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8zMGIzZmYtNzAzNi00YTJlLThlYjUt
MDc0ZmZiNDIzYzEzLzEvODlxYlh1UDNKSkdLeldhTlpPM2RxbnQxcGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8zMGIzZmYtNzAzNi00YTJlLThlYjUtMDc0ZmZiNDIzYzEz
LzEvc0swaVpEd3RsNzF4LUxZMC00MGRUNThCOUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwct2AwQB
w1iYMA0GCSqGSIb3DQEBCwUAA4IBAQAkzrUZzeHeQrOtiNtA9awMHwaNru+4OT9Q
daQ3X91jdOYMlQMSjyxBQXgRsfqI0SJAi1+1GvYcHVeBgrR9XeyWALDlpvmfjwIB
LeG+ZBt7zflSGOZU1gf4SdWl+JDfwctd1Ks8Kx0hLbiej5ETDljPmyfVriC7jNSw
hfZZMwG8QVUc1DYjOLs93PiOL2hj2lVKHNk8I+c8iz7LvPHeZ1rWoZpogTttKJci
92VEbMgHAjrhtKHynG22SWNOw/Q00K0Tx9ohoAzRM9EnWcK55ZOhWJTbFZekIA2i
l1WW3QFksmZQ/NTxPe3f5pig/kDxn8kfqitNbnYrfTQw9K9o7y0A
-----END CERTIFICATE-----