Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/OOYkNDqqDn1Unj3M-yrjf_S9VlU.roa
File:                     OOYkNDqqDn1Unj3M-yrjf_S9VlU.roa (raw, json)
Hash identifier:          oCGvjVeC4FC9ueufaA6bhsrNhxHd2pd306IA0XGXLfs=
Subject key identifier:   38:E6:24:34:3A:AA:0E:7D:54:9E:3D:CC:FB:2A:E3:7F:F4:BD:56:55
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC12DB7773F491AAAA5F240D9150D6
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/OOYkNDqqDn1Unj3M-yrjf_S9VlU.roa
Signing time:             Wed 01 Jan 2025 17:48:52 +0000
ROA not before:           Wed 01 Jan 2025 17:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202662
IP address blocks:        89.185.24.0/22 maxlen: 24
                          89.185.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:12:db:77:73:f4:91:aa:aa:5f:24:0d:91:50:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38e624343aaa0e7d549e3dccfb2ae37ff4bd5655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:30:c7:e6:51:b4:c9:c3:a5:14:62:ae:df:15:
                    48:93:1a:78:dd:6f:9c:22:71:00:12:d4:46:08:ea:
                    e1:6a:0c:1c:aa:85:5d:04:e5:42:94:a6:87:2f:ca:
                    7d:ce:f0:47:88:ce:8d:7f:31:0e:ce:4e:ff:8f:bc:
                    67:39:f6:95:99:0a:d0:a4:b3:37:86:77:00:39:8b:
                    74:94:ae:48:f5:89:44:9d:50:af:2a:25:eb:ef:9e:
                    0f:43:05:32:6b:02:48:d4:a6:6c:81:12:61:ee:51:
                    fb:15:67:d3:24:40:ea:e0:d3:8d:7a:d7:bb:3c:20:
                    34:0f:8e:8a:fe:73:a6:61:5d:d5:20:3f:8d:bc:1d:
                    92:ab:a4:e5:44:2f:d8:5b:5d:ad:b9:dd:bf:2e:86:
                    47:59:d4:c1:d6:ec:22:d7:fc:15:43:c4:63:97:61:
                    52:40:a8:f2:63:43:12:f5:de:53:bf:2f:c3:df:c0:
                    8d:b2:10:86:a4:7d:58:fe:4b:81:f9:3e:19:22:59:
                    16:61:a3:4f:2e:ee:4b:af:27:cf:c4:71:dd:12:bf:
                    9d:66:bf:f1:b8:95:5f:4e:f5:f1:60:b2:cc:24:1d:
                    f7:5d:ef:2b:2e:ea:42:7f:c7:a4:a2:69:06:15:b2:
                    21:b0:be:03:b1:a8:ea:50:c3:28:c5:43:37:2c:96:
                    d1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:E6:24:34:3A:AA:0E:7D:54:9E:3D:CC:FB:2A:E3:7F:F4:BD:56:55
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/OOYkNDqqDn1Unj3M-yrjf_S9VlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:74:dd:16:7e:9c:8b:cc:8d:86:6e:d6:af:24:a7:b8:24:f3:
         7d:28:6f:03:78:f4:d8:74:15:c3:71:35:d5:76:d1:eb:eb:08:
         1d:65:88:3b:d5:46:13:d2:a3:71:93:26:2b:fa:4f:27:41:19:
         96:a8:3a:a2:61:fc:7a:89:20:a9:a3:46:46:90:29:e7:57:b6:
         70:ca:0d:d4:9b:b3:b5:b1:72:8c:54:42:78:43:df:6a:2b:35:
         d0:4c:5f:43:fb:8f:fe:11:4b:cc:ab:cd:ab:7f:e6:d3:a1:f7:
         74:26:64:ea:9f:b4:97:5e:5d:1d:fc:f6:10:bb:17:f6:87:e4:
         0b:a9:60:e8:cc:bc:e1:cc:47:de:0f:ed:6e:f5:4c:fe:e3:7a:
         d5:40:ef:19:57:82:18:fd:cf:0c:76:77:45:3a:ab:93:a2:7a:
         92:7a:22:9c:41:4e:6c:c0:05:38:c2:94:95:86:c3:1a:7e:94:
         02:56:02:a4:32:7d:88:74:bf:71:f3:8a:a4:5c:69:77:13:69:
         08:ba:a2:80:14:e3:9f:36:68:bf:7c:c5:63:1e:56:88:69:2b:
         2c:cb:ba:3c:5b:9d:34:50:d9:b3:56:5d:62:36:66:d2:ee:72:
         35:0d:d9:b2:13:ec:14:5b:fb:0d:c3:80:ae:17:3e:f4:93:3f:
         41:a9:98:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/BLbd3P0kaqqXyQNkVDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGU2MjQzNDNhYWEwZTdkNTQ5ZTNkY2NmYjJhZTM3ZmY0YmQ1NjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzDH5lG0ycOlFGKu3xVIkxp43W+c
InEAEtRGCOrhagwcqoVdBOVClKaHL8p9zvBHiM6NfzEOzk7/j7xnOfaVmQrQpLM3
hncAOYt0lK5I9YlEnVCvKiXr754PQwUyawJI1KZsgRJh7lH7FWfTJEDq4NONete7
PCA0D46K/nOmYV3VID+NvB2Sq6TlRC/YW12tud2/LoZHWdTB1uwi1/wVQ8Rjl2FS
QKjyY0MS9d5Tvy/D38CNshCGpH1Y/kuB+T4ZIlkWYaNPLu5LryfPxHHdEr+dZr/x
uJVfTvXxYLLMJB33Xe8rLupCf8ekomkGFbIhsL4DsajqUMMoxUM3LJbRvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjmJDQ6qg59VJ49zPsq43/0vVZVMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvT09Za05EcXFEbjFVbmozTS15cmpmX1M5VmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWbkYMA0G
CSqGSIb3DQEBCwUAA4IBAQAFdN0WfpyLzI2GbtavJKe4JPN9KG8DePTYdBXDcTXV
dtHr6wgdZYg71UYT0qNxkyYr+k8nQRmWqDqiYfx6iSCpo0ZGkCnnV7Zwyg3Um7O1
sXKMVEJ4Q99qKzXQTF9D+4/+EUvMq82rf+bTofd0JmTqn7SXXl0d/PYQuxf2h+QL
qWDozLzhzEfeD+1u9Uz+43rVQO8ZV4IY/c8MdndFOquTonqSeiKcQU5swAU4wpSV
hsMafpQCVgKkMn2IdL9x84qkXGl3E2kIuqKAFOOfNmi/fMVjHlaIaSssy7o8W500
UNmzVl1iNmbS7nI1DdmyE+wUW/sNw4CuFz70kz9BqZiR
-----END CERTIFICATE-----