Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/F30_OjUKB9VrnLXkNiR8ZpIRWCg.roa
File:                     F30_OjUKB9VrnLXkNiR8ZpIRWCg.roa (raw, json)
Hash identifier:          KNylbSVcnthrIQLqbAEtatSFLiC4vlvqJbUkOcuBjgA=
Subject key identifier:   17:7D:3F:3A:35:0A:07:D5:6B:9C:B5:E4:36:24:7C:66:92:11:58:28
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019421B24A56877F04C269B76E97D7079EF4
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/F30_OjUKB9VrnLXkNiR8ZpIRWCg.roa
Signing time:             Wed 01 Jan 2025 11:48:40 +0000
ROA not before:           Wed 01 Jan 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42875
IP address blocks:        89.167.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4a:56:87:7f:04:c2:69:b7:6e:97:d7:07:9e:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  1 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=177d3f3a350a07d56b9cb5e436247c6692115828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b9:04:16:fb:e2:6b:c7:da:c8:51:ae:56:59:
                    df:f1:81:36:88:9f:89:3f:c0:e6:4e:0f:96:35:77:
                    4e:34:94:15:12:c6:54:f1:f9:27:bb:fc:b6:38:de:
                    0f:88:0f:2c:8e:83:80:88:4d:04:56:7d:91:f4:ce:
                    ab:25:21:a4:f3:8d:f4:b9:94:6e:a1:15:40:b7:eb:
                    f4:f0:9d:2e:92:08:52:6f:4e:88:42:89:71:dd:be:
                    e5:f6:e1:6b:99:21:f2:ea:0c:48:1b:02:e9:a3:d2:
                    0a:0f:e5:d4:ba:60:5d:49:e1:5f:8a:be:85:ca:22:
                    9c:45:35:12:17:2a:89:e1:b5:05:2e:12:13:7b:0c:
                    b4:1a:f0:0c:d6:f8:53:0d:93:9a:27:4f:a5:f1:43:
                    fa:bb:8a:a5:bb:63:46:04:a7:47:35:43:10:61:6b:
                    2c:d8:91:47:21:e0:1c:c0:e9:41:77:10:a8:29:a8:
                    05:be:69:e9:50:f9:fd:0a:70:8f:8d:8c:62:c5:7e:
                    d0:7d:61:ac:51:9f:a4:f3:49:c7:61:13:2c:f8:c8:
                    9a:71:1c:ef:fa:44:8e:6e:49:b2:a2:77:c2:46:04:
                    81:81:c0:87:49:39:d2:6d:6d:d4:bf:76:97:77:2c:
                    86:be:47:50:2a:d8:50:c8:89:aa:2c:9a:82:7c:d1:
                    bc:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:7D:3F:3A:35:0A:07:D5:6B:9C:B5:E4:36:24:7C:66:92:11:58:28
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/F30_OjUKB9VrnLXkNiR8ZpIRWCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.167.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:8b:ce:1b:ee:17:7f:0b:12:33:bb:9a:4a:e4:b3:c7:04:9c:
         fb:08:3f:9d:08:a3:d6:9d:e5:56:e6:0e:15:04:d2:d8:43:7e:
         42:47:c9:6e:e8:18:2b:49:a6:61:b4:52:86:d6:60:10:c8:54:
         c2:5c:c1:71:58:ee:f9:3d:dc:f4:dc:f5:51:0c:d0:c9:bc:ca:
         b8:87:54:3f:3d:c6:b9:95:a5:8d:eb:3d:5d:af:51:c7:46:2c:
         f8:cb:b5:64:7f:d7:12:f7:2d:24:35:72:63:aa:7a:08:76:64:
         3b:25:f4:63:cc:3d:dd:05:78:09:07:42:84:b9:13:9a:2f:2b:
         29:c7:9f:16:ab:06:ae:6f:98:8e:06:9f:10:b8:df:69:51:ff:
         6c:0f:19:9e:a7:ac:97:20:ea:b3:94:51:f8:b5:77:16:65:96:
         b4:1c:c8:9b:87:89:be:2e:4c:47:11:a2:f1:46:b8:01:97:e4:
         11:15:e8:38:83:16:c2:20:2a:07:c9:9c:0d:4f:54:67:be:23:
         e1:c8:50:ab:40:d7:ad:ce:b9:5d:1d:6c:a5:9b:13:a6:49:39:
         ef:df:c2:b6:63:a5:02:88:c4:cc:3a:d5:97:9f:b4:5c:59:16:
         b4:fc:07:a9:4e:d0:1a:1c:a6:f6:53:80:61:59:54:17:6a:2a:
         69:43:f0:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskpWh38Ewmm3bpfXB570MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjUwMTAxMTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzdkM2YzYTM1MGEwN2Q1NmI5Y2I1ZTQzNjI0N2M2NjkyMTE1ODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbkEFvvia8fayFGuVlnf8YE2iJ+J
P8DmTg+WNXdONJQVEsZU8fknu/y2ON4PiA8sjoOAiE0EVn2R9M6rJSGk8430uZRu
oRVAt+v08J0ukghSb06IQolx3b7l9uFrmSHy6gxIGwLpo9IKD+XUumBdSeFfir6F
yiKcRTUSFyqJ4bUFLhITewy0GvAM1vhTDZOaJ0+l8UP6u4qlu2NGBKdHNUMQYWss
2JFHIeAcwOlBdxCoKagFvmnpUPn9CnCPjYxixX7QfWGsUZ+k80nHYRMs+MiacRzv
+kSObkmyonfCRgSBgcCHSTnSbW3Uv3aXdyyGvkdQKthQyImqLJqCfNG8VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBd9Pzo1CgfVa5y15DYkfGaSEVgoMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvRjMwX09qVUtCOVZybkxYa05pUjhacElSV0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWaetMA0G
CSqGSIb3DQEBCwUAA4IBAQAoi84b7hd/CxIzu5pK5LPHBJz7CD+dCKPWneVW5g4V
BNLYQ35CR8lu6BgrSaZhtFKG1mAQyFTCXMFxWO75Pdz03PVRDNDJvMq4h1Q/Pca5
laWN6z1dr1HHRiz4y7Vkf9cS9y0kNXJjqnoIdmQ7JfRjzD3dBXgJB0KEuROaLysp
x58Wqwaub5iOBp8QuN9pUf9sDxmep6yXIOqzlFH4tXcWZZa0HMibh4m+LkxHEaLx
RrgBl+QRFeg4gxbCICoHyZwNT1RnviPhyFCrQNetzrldHWylmxOmSTnv38K2Y6UC
iMTMOtWXn7RcWRa0/AepTtAaHKb2U4BhWVQXaippQ/Cr
-----END CERTIFICATE-----