Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/KDntMwv7lfN57GwH3c-ooOZ7MV8.roa
File:                     KDntMwv7lfN57GwH3c-ooOZ7MV8.roa (raw, json)
Hash identifier:          N8ZIBiU8gH7tSdeMv2oT8+5VHr8ZvOaPGXUGzn1qd6o=
Subject key identifier:   28:39:ED:33:0B:FB:95:F3:79:EC:6C:07:DD:CF:A8:A0:E6:7B:31:5F
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       01941FFA7ECB1B5626F91E12BD1B1B45A535
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/KDntMwv7lfN57GwH3c-ooOZ7MV8.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15730
IP address blocks:        89.46.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7e:cb:1b:56:26:f9:1e:12:bd:1b:1b:45:a5:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2839ed330bfb95f379ec6c07ddcfa8a0e67b315f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fb:2a:64:38:ad:3c:80:ea:26:f2:a6:21:d3:
                    52:34:d0:f4:cb:79:7a:1d:59:40:20:96:34:1f:f1:
                    4b:c6:38:68:5a:50:fe:b8:d4:73:a6:05:82:9f:ce:
                    23:67:8c:02:82:a9:ea:ee:0a:f8:57:c0:5d:cb:a4:
                    78:17:a2:84:bc:3f:4b:bf:e4:fe:88:47:67:48:da:
                    f5:29:8b:3b:a8:73:23:c4:bb:1f:d1:c0:93:9b:1c:
                    2b:92:ca:5f:8b:f4:b5:b2:af:d7:86:0b:59:46:4a:
                    fc:41:87:af:c2:19:f1:fc:0d:4f:a6:62:3f:7e:85:
                    c7:35:ad:3f:77:0a:e4:8f:34:4b:c3:50:d8:32:a1:
                    a6:f6:1d:91:d6:ae:df:5a:37:69:85:0e:d0:6d:64:
                    89:81:82:63:f6:dd:4f:94:8b:fb:89:7f:3c:c5:86:
                    11:55:69:21:3c:d3:48:cb:1c:6f:50:3b:60:79:48:
                    3e:de:26:19:5a:45:2e:58:07:26:65:12:01:85:ae:
                    81:54:e7:cd:ea:cb:56:0d:e9:f7:f0:5b:e5:a0:dc:
                    5e:a5:d2:18:7b:cd:a3:59:55:51:97:61:80:ae:76:
                    5f:02:f1:4f:5a:5b:54:b0:8f:e0:57:e1:4a:37:2c:
                    d1:b6:d6:bb:6a:bc:3c:d9:2d:45:b7:4b:20:cf:30:
                    43:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:39:ED:33:0B:FB:95:F3:79:EC:6C:07:DD:CF:A8:A0:E6:7B:31:5F
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/KDntMwv7lfN57GwH3c-ooOZ7MV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:4c:78:98:cb:ac:c8:e5:42:29:2c:ae:12:28:d1:e7:38:4d:
         12:48:fc:8b:e1:95:c2:f0:86:f2:f5:cd:63:f6:5c:b6:30:f7:
         6e:61:16:74:04:20:ee:3a:cd:ad:c1:11:77:fb:66:7c:96:19:
         af:e9:64:dd:64:3a:19:d6:52:d5:14:36:3d:fa:c8:46:30:9a:
         30:0b:38:d1:6a:df:ba:82:fc:41:e0:f3:4f:3d:b4:d2:46:80:
         19:6d:a3:ed:4f:d7:0a:f3:6a:4d:1a:c0:99:85:b5:df:4a:3f:
         0f:da:af:fe:3e:c8:d5:b3:97:92:a5:dd:42:39:89:90:dd:ae:
         ab:d0:cf:1c:11:8c:b2:c5:35:88:a4:f3:7b:f2:20:05:4a:2e:
         2e:2f:82:9c:6a:52:86:a7:ce:20:7b:1c:6f:b1:e6:66:1c:92:
         81:70:c7:2b:be:32:4f:0e:29:23:2b:dc:4d:ce:7a:51:ff:1f:
         f9:2d:8a:97:26:99:ef:9e:f0:03:f9:0a:06:2c:60:ba:5f:06:
         67:ea:3b:e3:b7:8b:7b:36:1f:c3:8f:e4:3f:a3:15:6b:77:b6:
         f5:c2:26:f1:01:da:1e:aa:75:07:7d:5a:75:da:f6:7d:97:54:
         e3:94:82:5a:61:13:75:63:7b:e8:a5:af:db:c6:06:47:ce:23:
         de:3b:ab:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+n7LG1Ym+R4SvRsbRaU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzIwYWUxZGFjY2EzMTgxNWIyNzQ3MDI5MjdjMWE1YTlk
YmM3YjMwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODM5ZWQzMzBiZmI5NWYzNzllYzZjMDdkZGNmYThhMGU2N2IzMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfsqZDitPIDqJvKmIdNSNND0y3l6
HVlAIJY0H/FLxjhoWlD+uNRzpgWCn84jZ4wCgqnq7gr4V8Bdy6R4F6KEvD9Lv+T+
iEdnSNr1KYs7qHMjxLsf0cCTmxwrkspfi/S1sq/XhgtZRkr8QYevwhnx/A1PpmI/
foXHNa0/dwrkjzRLw1DYMqGm9h2R1q7fWjdphQ7QbWSJgYJj9t1PlIv7iX88xYYR
VWkhPNNIyxxvUDtgeUg+3iYZWkUuWAcmZRIBha6BVOfN6stWDen38FvloNxepdIY
e82jWVVRl2GArnZfAvFPWltUsI/gV+FKNyzRtta7arw82S1Ft0sgzzBD5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCg57TML+5XzeexsB93PqKDmezFfMB8GA1UdIwQY
MBaAFLDCCuHazKMYFbJ0cCknwaWp28ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYt
NTQ4NDQwMmNlYjdhLzEvS0RudE13djdsZk41N0d3SDNjLW9vT1o3TVY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYtNTQ4NDQwMmNlYjdh
LzEvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS54MA0G
CSqGSIb3DQEBCwUAA4IBAQAKTHiYy6zI5UIpLK4SKNHnOE0SSPyL4ZXC8Iby9c1j
9ly2MPduYRZ0BCDuOs2twRF3+2Z8lhmv6WTdZDoZ1lLVFDY9+shGMJowCzjRat+6
gvxB4PNPPbTSRoAZbaPtT9cK82pNGsCZhbXfSj8P2q/+PsjVs5eSpd1COYmQ3a6r
0M8cEYyyxTWIpPN78iAFSi4uL4KcalKGp84gexxvseZmHJKBcMcrvjJPDikjK9xN
znpR/x/5LYqXJpnvnvAD+QoGLGC6XwZn6jvjt4t7Nh/Dj+Q/oxVrd7b1wibxAdoe
qnUHfVp12vZ9l1TjlIJaYRN1Y3vopa/bxgZHziPeO6uU
-----END CERTIFICATE-----