Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/RNDoaXvvOX22MpXmc3Ff_6K2Zr0.roa
File:                     RNDoaXvvOX22MpXmc3Ff_6K2Zr0.roa (raw, json)
Hash identifier:          9ScFJyBJ0ntBcGgka6vn0/EsUriLP41MonbDidIqsxk=
Subject key identifier:   44:D0:E8:69:7B:EF:39:7D:B6:32:95:E6:73:71:5F:FF:A2:B6:66:BD
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0194221F88154A2AAAF993F750CFA8EF0AAC
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/RNDoaXvvOX22MpXmc3Ff_6K2Zr0.roa
Signing time:             Wed 01 Jan 2025 13:47:59 +0000
ROA not before:           Wed 01 Jan 2025 13:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35014
IP address blocks:        89.252.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:88:15:4a:2a:aa:f9:93:f7:50:cf:a8:ef:0a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 13:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44d0e8697bef397db63295e673715fffa2b666bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:47:81:17:34:89:9a:66:df:62:94:65:35:f8:
                    16:71:7b:76:fa:a9:02:3d:02:9a:da:b5:86:91:52:
                    18:f2:8d:3f:81:39:71:03:6d:79:9e:c4:14:7f:cb:
                    e8:df:99:dc:34:8d:bf:e3:d1:20:be:c6:53:35:41:
                    c6:6a:a6:24:21:5a:32:75:4c:a7:d6:47:dd:8e:6b:
                    59:08:40:79:d3:83:f9:fd:74:8f:04:c8:14:66:eb:
                    cd:db:6c:17:4a:7f:76:dd:33:c6:69:06:c0:37:ea:
                    4f:f5:24:3d:bc:cf:e8:61:32:b7:c5:99:00:c7:64:
                    d0:c3:fa:5a:a8:61:3b:85:9e:aa:a4:c8:0c:0f:1e:
                    a6:bc:50:fd:ea:b8:29:b3:b3:fc:a0:ea:84:e1:b5:
                    ba:58:28:3e:fa:b3:e5:07:ad:68:ee:40:3a:31:1d:
                    06:b3:17:c4:be:58:42:49:e0:9b:fd:06:04:0f:5c:
                    8a:36:99:88:78:19:38:51:e8:4f:c4:72:bf:59:45:
                    c2:24:5c:cd:59:8e:90:79:aa:2e:45:37:53:21:8d:
                    d0:34:ec:7a:dd:89:91:05:e0:7f:a2:a1:ae:a7:c9:
                    ec:4e:fc:68:97:82:5e:ff:6f:3b:89:4f:13:df:2e:
                    dd:2c:1c:a7:63:54:d7:51:5d:6b:3b:a3:c1:f7:9c:
                    86:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D0:E8:69:7B:EF:39:7D:B6:32:95:E6:73:71:5F:FF:A2:B6:66:BD
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/RNDoaXvvOX22MpXmc3Ff_6K2Zr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:61:e4:ba:8f:e7:e0:c9:a3:64:1c:bd:42:fc:04:3d:ec:ef:
         bc:87:cc:a7:9e:da:7f:27:7f:c7:66:b0:87:f7:f5:a5:d3:fb:
         6c:2a:cb:db:aa:a4:8a:3a:b9:03:a5:6d:e8:9d:8b:03:63:f1:
         55:a2:b2:97:1e:87:14:cc:48:7e:5d:cb:a5:3a:8c:bc:fc:14:
         6c:fb:39:25:9c:79:37:61:4a:2f:85:6f:aa:ce:ee:54:da:fc:
         3e:a9:a1:3c:1b:9d:ab:b0:b4:31:9f:5d:46:26:c5:c4:a5:b6:
         9d:5d:f5:71:40:5a:7f:1d:83:09:68:72:08:b2:7e:1f:fb:00:
         d6:0f:09:2e:53:e4:91:e2:72:87:1d:bb:3b:80:99:cd:31:77:
         60:f4:cf:12:78:72:1d:8a:bc:75:61:a6:6d:35:af:0a:de:7e:
         cb:2c:75:d9:a0:f9:5c:7d:d5:05:c8:6a:f3:a6:4b:87:c4:0f:
         2f:1c:df:6b:15:58:4b:59:44:76:5a:37:ad:58:80:74:46:a8:
         56:6c:84:35:06:5c:2b:77:4c:ef:a4:8e:d3:37:b0:78:ae:ad:
         fe:f1:23:30:44:ff:78:24:42:ce:69:9b:49:30:40:c3:6b:88:
         8f:54:09:e3:25:c5:d8:5d:90:39:9f:67:4a:cf:29:5d:26:02:
         0d:90:d8:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4gVSiqq+ZP3UM+o7wqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGQwZTg2OTdiZWYzOTdkYjYzMjk1ZTY3MzcxNWZmZmEyYjY2NmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0eBFzSJmmbfYpRlNfgWcXt2+qkC
PQKa2rWGkVIY8o0/gTlxA215nsQUf8vo35ncNI2/49EgvsZTNUHGaqYkIVoydUyn
1kfdjmtZCEB504P5/XSPBMgUZuvN22wXSn923TPGaQbAN+pP9SQ9vM/oYTK3xZkA
x2TQw/paqGE7hZ6qpMgMDx6mvFD96rgps7P8oOqE4bW6WCg++rPlB61o7kA6MR0G
sxfEvlhCSeCb/QYED1yKNpmIeBk4UehPxHK/WUXCJFzNWY6QeaouRTdTIY3QNOx6
3YmRBeB/oqGup8nsTvxol4Je/287iU8T3y7dLBynY1TXUV1rO6PB95yG6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETQ6Gl77zl9tjKV5nNxX/+itma9MB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvUk5Eb2FYdnZPWDIyTXBYbWMzRmZfNksyWnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfzFMA0G
CSqGSIb3DQEBCwUAA4IBAQAuYeS6j+fgyaNkHL1C/AQ97O+8h8ynntp/J3/HZrCH
9/Wl0/tsKsvbqqSKOrkDpW3onYsDY/FVorKXHocUzEh+XculOoy8/BRs+zklnHk3
YUovhW+qzu5U2vw+qaE8G52rsLQxn11GJsXEpbadXfVxQFp/HYMJaHIIsn4f+wDW
DwkuU+SR4nKHHbs7gJnNMXdg9M8SeHIdirx1YaZtNa8K3n7LLHXZoPlcfdUFyGrz
pkuHxA8vHN9rFVhLWUR2WjetWIB0RqhWbIQ1Blwrd0zvpI7TN7B4rq3+8SMwRP94
JELOaZtJMEDDa4iPVAnjJcXYXZA5n2dKzyldJgINkNjo
-----END CERTIFICATE-----