Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/gnHztlWIUEkbfP_VpJDgy1aZ-q8.roa
File:                     gnHztlWIUEkbfP_VpJDgy1aZ-q8.roa (raw, json)
Hash identifier:          8IEq5Il4ymKT0XR1RNf3aEeBm7YPqbccSq4VWhr/cXU=
Subject key identifier:   82:71:F3:B6:55:88:50:49:1B:7C:FF:D5:A4:90:E0:CB:56:99:FA:AF
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC13FF5E19837DA77E21FD1DC7184E
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/gnHztlWIUEkbfP_VpJDgy1aZ-q8.roa
Signing time:             Wed 01 Jan 2025 17:48:52 +0000
ROA not before:           Wed 01 Jan 2025 17:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211826
IP address blocks:        89.185.2.0/24 maxlen: 24
                          109.72.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:13:ff:5e:19:83:7d:a7:7e:21:fd:1d:c7:18:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8271f3b6558850491b7cffd5a490e0cb5699faaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:69:95:cb:b2:2c:64:96:6d:31:21:e1:4b:3f:
                    f6:4a:09:bd:f1:a0:ab:96:a4:21:6f:73:3f:5e:18:
                    af:a3:d5:97:43:06:38:20:8d:6f:48:d9:35:5c:8b:
                    5c:0b:62:ac:d0:60:1e:9f:40:90:5b:10:d0:1d:93:
                    a1:b3:03:7e:b0:66:a8:84:0d:bb:f3:52:29:43:ab:
                    4c:69:04:d9:3e:f3:ca:f4:75:68:d7:b9:30:1d:e7:
                    ab:ce:a5:cd:3c:f0:ec:15:77:f9:b2:71:2c:ab:6b:
                    b8:62:da:b3:20:d9:3a:84:30:98:24:43:4a:6d:c2:
                    bb:91:a8:6c:c4:90:96:23:ca:46:6b:b8:d2:25:06:
                    b5:27:52:75:23:61:db:56:c1:63:d8:42:fc:8e:76:
                    92:52:59:c4:dd:37:e7:73:5a:cd:e5:61:9a:70:b4:
                    52:9d:0d:32:a8:09:ee:b5:eb:31:ff:37:83:6e:9e:
                    2e:4d:c2:ee:a0:81:8f:83:95:49:f5:3c:47:a8:33:
                    12:8f:ab:b3:72:4d:a6:99:fb:32:8e:b6:05:ec:23:
                    eb:b7:f1:04:cc:c5:55:51:11:29:5b:e5:3d:06:5f:
                    a3:af:99:e3:a7:09:ca:c2:c9:83:83:b1:a0:1f:96:
                    80:d9:09:c7:9e:fd:14:66:6e:fb:1f:08:99:89:12:
                    eb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:71:F3:B6:55:88:50:49:1B:7C:FF:D5:A4:90:E0:CB:56:99:FA:AF
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/gnHztlWIUEkbfP_VpJDgy1aZ-q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.2.0/24
                  109.72.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:2c:26:55:c7:77:c3:b9:cd:7e:c4:9b:f7:06:1d:81:e2:a8:
         16:18:dd:39:5e:b7:e6:dc:90:4b:b9:21:c3:2f:bf:36:fb:cd:
         79:d1:88:3e:bb:06:ea:ff:43:52:c4:5a:79:27:a6:0f:ad:27:
         ba:42:11:37:2c:a0:ac:dc:d8:fc:2a:40:d1:61:34:fa:eb:a3:
         73:6f:fb:ba:27:05:d3:27:1d:d2:8a:4d:f0:a1:6a:7f:e6:c1:
         9b:5f:d6:c0:3d:98:45:23:ea:07:e3:69:52:27:61:7e:af:a6:
         04:d6:44:a7:39:c8:be:91:a5:77:cd:fd:af:f8:41:77:60:9b:
         96:72:8d:c4:fd:da:c3:b9:c6:b4:e1:d3:30:8b:ae:3f:7c:c3:
         7c:07:1d:32:c2:ed:3c:dd:3d:24:8e:8f:6b:88:85:85:7b:0b:
         1e:59:ef:e0:6d:3f:20:28:73:12:70:7e:13:a6:7c:0c:09:a2:
         4a:9f:0d:48:9c:d4:f7:5a:93:a2:1c:d2:fa:16:89:69:4c:5a:
         e9:7f:2b:3d:46:13:ac:47:a8:77:8f:c6:fa:e4:eb:c6:b9:f9:
         ed:5e:84:be:2e:51:57:58:b2:4c:c3:39:b8:16:3c:9b:54:14:
         75:e6:f1:2f:0d:5c:ac:8b:9e:16:53:9d:88:d4:a1:7c:7b:f9:
         63:27:c7:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/BP/XhmDfad+If0dxxhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjcxZjNiNjU1ODg1MDQ5MWI3Y2ZmZDVhNDkwZTBjYjU2OTlmYWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWmVy7IsZJZtMSHhSz/2Sgm98aCr
lqQhb3M/Xhivo9WXQwY4II1vSNk1XItcC2Ks0GAen0CQWxDQHZOhswN+sGaohA27
81IpQ6tMaQTZPvPK9HVo17kwHeerzqXNPPDsFXf5snEsq2u4YtqzINk6hDCYJENK
bcK7kahsxJCWI8pGa7jSJQa1J1J1I2HbVsFj2EL8jnaSUlnE3Tfnc1rN5WGacLRS
nQ0yqAnutesx/zeDbp4uTcLuoIGPg5VJ9TxHqDMSj6uzck2mmfsyjrYF7CPrt/EE
zMVVUREpW+U9Bl+jr5njpwnKwsmDg7GgH5aA2QnHnv0UZm77HwiZiRLrnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIJx87ZViFBJG3z/1aSQ4MtWmfqvMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvZ25IenRsV0lVRWtiZlBfVnBKRGd5MWFaLXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWbkCAwQA
bUh+MA0GCSqGSIb3DQEBCwUAA4IBAQAvLCZVx3fDuc1+xJv3Bh2B4qgWGN05Xrfm
3JBLuSHDL782+8150Yg+uwbq/0NSxFp5J6YPrSe6QhE3LKCs3Nj8KkDRYTT666Nz
b/u6JwXTJx3Sik3woWp/5sGbX9bAPZhFI+oH42lSJ2F+r6YE1kSnOci+kaV3zf2v
+EF3YJuWco3E/drDuca04dMwi64/fMN8Bx0ywu083T0kjo9riIWFewseWe/gbT8g
KHMScH4TpnwMCaJKnw1InNT3WpOiHNL6FolpTFrpfys9RhOsR6h3j8b65OvGufnt
XoS+LlFXWLJMwzm4FjybVBR15vEvDVysi54WU52I1KF8e/ljJ8eP
-----END CERTIFICATE-----