Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/8iX1O9Nr2sq2PzTsb0QhKjkmqM8.roa
File:                     8iX1O9Nr2sq2PzTsb0QhKjkmqM8.roa (raw, json)
Hash identifier:          T1LBCnYiryGN37/+HhdZ0s82/cAkH+vRbdKZsBwMESM=
Subject key identifier:   F2:25:F5:3B:D3:6B:DA:CA:B6:3F:34:EC:6F:44:21:2A:39:26:A8:CF
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019421B24BB63134D81D25F4DC7C1FD56928
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/8iX1O9Nr2sq2PzTsb0QhKjkmqM8.roa
Signing time:             Wed 01 Jan 2025 11:48:40 +0000
ROA not before:           Wed 01 Jan 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62044
IP address blocks:        89.167.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4b:b6:31:34:d8:1d:25:f4:dc:7c:1f:d5:69:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  1 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f225f53bd36bdacab63f34ec6f44212a3926a8cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5e:39:b5:02:85:0c:88:b4:2d:69:f5:ad:c1:
                    00:be:ee:4e:0f:a9:58:e1:1a:dd:92:c5:2e:0c:a0:
                    8e:46:43:05:27:9a:32:73:3d:ae:ee:bd:de:5d:c1:
                    b8:89:20:a8:d9:6b:4a:53:e4:0c:db:86:ca:b2:6b:
                    13:26:64:ba:b8:44:78:19:b4:27:e7:c7:cc:ff:7a:
                    c4:fb:1c:25:09:fe:af:c4:01:9f:ce:a6:9c:c8:8c:
                    b7:f4:d9:52:99:70:98:68:0c:ac:9e:64:fa:af:39:
                    9e:70:d0:39:4a:10:2f:ee:19:f0:29:35:8e:78:6f:
                    11:aa:39:8d:08:a1:6b:8e:30:20:cb:2d:2a:52:23:
                    df:64:8b:99:44:8e:90:4e:1c:db:99:17:c1:a3:77:
                    f9:c3:c1:09:dc:a1:5c:7c:1e:ed:aa:c7:5f:0a:65:
                    cf:d9:6e:22:00:95:19:85:21:63:98:2c:7a:ee:9c:
                    31:ce:97:63:d2:44:65:db:aa:09:74:d9:c2:d2:b1:
                    74:61:0f:09:ac:0f:a0:a4:bd:75:4f:f5:df:50:44:
                    de:0e:36:e9:21:83:66:a3:63:12:99:1e:4e:18:d1:
                    e8:3b:23:71:f5:0e:99:45:b0:4d:d8:4b:d6:27:a7:
                    44:a1:2b:6f:69:02:e4:be:76:e7:91:23:6c:37:71:
                    2d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:25:F5:3B:D3:6B:DA:CA:B6:3F:34:EC:6F:44:21:2A:39:26:A8:CF
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/8iX1O9Nr2sq2PzTsb0QhKjkmqM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.167.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:cc:32:80:54:d7:23:08:f4:f9:54:ce:d1:cb:01:70:a9:76:
         8f:0d:df:a7:9f:fc:cc:a7:d7:66:70:8e:0b:43:57:fa:06:3d:
         85:68:32:f2:47:1a:25:c9:7b:34:dc:53:4b:b0:fe:20:df:1b:
         a0:9f:d1:1f:d2:0c:a2:89:84:47:45:05:34:55:98:56:ab:b7:
         49:8d:99:b5:32:ca:9d:21:93:7e:00:6f:55:5b:59:99:62:b2:
         35:db:38:b2:ff:b3:2c:85:9b:a3:cc:38:6a:e3:df:6f:6e:b8:
         bb:d6:0e:1e:7d:fa:b1:86:17:68:30:da:a3:79:d5:59:68:83:
         c2:e9:0d:1c:41:bb:db:6c:35:b8:3e:58:3c:c6:e2:f3:a5:d1:
         a2:b9:a7:2a:2f:cf:0a:1c:ec:c0:0a:ec:fa:d0:61:f0:8c:60:
         80:07:6d:b9:28:4f:59:d7:19:c4:f1:29:d2:75:62:c7:d1:ec:
         be:49:00:06:db:46:06:72:c0:d0:30:92:43:d0:f8:4e:9f:9f:
         0b:c0:93:38:c4:90:f6:93:2d:3f:f8:0f:66:bb:1d:c6:1d:5b:
         0f:29:c6:dd:9c:c0:f9:4a:47:8c:1e:ef:19:33:72:39:b8:a0:
         b6:0e:40:9f:b3:b7:25:5e:da:89:07:a8:48:73:83:5f:61:f1:
         f4:0a:d0:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsku2MTTYHSX03Hwf1WkoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjUwMTAxMTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjI1ZjUzYmQzNmJkYWNhYjYzZjM0ZWM2ZjQ0MjEyYTM5MjZhOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtV45tQKFDIi0LWn1rcEAvu5OD6lY
4RrdksUuDKCORkMFJ5oycz2u7r3eXcG4iSCo2WtKU+QM24bKsmsTJmS6uER4GbQn
58fM/3rE+xwlCf6vxAGfzqacyIy39NlSmXCYaAysnmT6rzmecNA5ShAv7hnwKTWO
eG8RqjmNCKFrjjAgyy0qUiPfZIuZRI6QThzbmRfBo3f5w8EJ3KFcfB7tqsdfCmXP
2W4iAJUZhSFjmCx67pwxzpdj0kRl26oJdNnC0rF0YQ8JrA+gpL11T/XfUETeDjbp
IYNmo2MSmR5OGNHoOyNx9Q6ZRbBN2EvWJ6dEoStvaQLkvnbnkSNsN3EtTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIl9TvTa9rKtj807G9EISo5JqjPMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvOGlYMU85TnIyc3EyUHpUc2IwUWhLamttcU04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWaeDMA0G
CSqGSIb3DQEBCwUAA4IBAQAMzDKAVNcjCPT5VM7RywFwqXaPDd+nn/zMp9dmcI4L
Q1f6Bj2FaDLyRxolyXs03FNLsP4g3xugn9Ef0gyiiYRHRQU0VZhWq7dJjZm1Msqd
IZN+AG9VW1mZYrI12ziy/7MshZujzDhq499vbri71g4effqxhhdoMNqjedVZaIPC
6Q0cQbvbbDW4Plg8xuLzpdGiuacqL88KHOzACuz60GHwjGCAB225KE9Z1xnE8SnS
dWLH0ey+SQAG20YGcsDQMJJD0PhOn58LwJM4xJD2ky0/+A9mux3GHVsPKcbdnMD5
SkeMHu8ZM3I5uKC2DkCfs7clXtqJB6hIc4NfYfH0CtC8
-----END CERTIFICATE-----