Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/RLjWAiBDW7OGzF_VcCkKg-SuzTE.roa
File:                     RLjWAiBDW7OGzF_VcCkKg-SuzTE.roa (raw, json)
Hash identifier:          DCBINTtLxKJQkC6BRMLb3TMqWlrNb5ZnwJro+/q+QhU=
Subject key identifier:   44:B8:D6:02:20:43:5B:B3:86:CC:5F:D5:70:29:0A:83:E4:AE:CD:31
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       01941F8C5FD60F895005EC1AF4AE92D70E33
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/RLjWAiBDW7OGzF_VcCkKg-SuzTE.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        89.185.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5f:d6:0f:89:50:05:ec:1a:f4:ae:92:d7:0e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44b8d60220435bb386cc5fd570290a83e4aecd31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9d:b4:e9:a3:b4:6d:f4:c9:83:9a:c8:20:fd:
                    23:10:5e:66:ff:e0:b6:e3:eb:b1:c3:59:e1:29:8f:
                    95:8f:25:a4:2e:0c:d7:be:20:3d:ec:ea:4c:60:0a:
                    09:83:c8:9c:f3:34:6e:17:b6:db:c3:64:49:15:10:
                    96:d8:01:15:a3:c6:ea:eb:6f:97:b6:03:97:e1:53:
                    15:57:3c:15:8a:96:f0:ad:09:5e:4a:ee:1e:75:fe:
                    24:c1:42:cf:18:22:4d:5e:f1:44:68:32:87:5c:7f:
                    89:ff:c4:7e:a6:c4:81:b0:a8:78:05:c5:71:17:39:
                    9f:29:66:5f:ca:4c:89:12:a5:4d:58:f8:b3:0e:4e:
                    57:78:77:3f:d3:ab:81:2b:f5:d2:cb:66:96:7e:10:
                    05:19:d7:77:b1:83:f5:17:cd:e4:0d:7d:8c:cd:8e:
                    8e:7d:ec:2d:63:0c:5b:44:78:49:6e:76:ca:70:35:
                    7c:be:fb:c8:62:db:fa:4b:47:d9:09:5c:53:fc:95:
                    56:03:3b:6f:99:cd:8d:86:97:7a:f2:8a:a9:a5:ed:
                    0e:c6:79:65:3f:c1:e7:77:26:c0:d5:15:06:91:ed:
                    1c:ad:c8:e0:60:37:1d:37:85:c6:85:da:07:d6:61:
                    3a:a7:b7:0d:89:02:dc:aa:12:18:55:e2:e4:99:ca:
                    ed:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:B8:D6:02:20:43:5B:B3:86:CC:5F:D5:70:29:0A:83:E4:AE:CD:31
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/RLjWAiBDW7OGzF_VcCkKg-SuzTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:04:d4:39:db:34:22:df:7c:64:ac:56:63:de:8e:cc:a0:9a:
         9f:74:3f:d5:3b:77:ee:0c:c0:94:fd:9e:cd:87:9f:88:66:c8:
         b8:8d:90:ab:93:8e:16:a4:a1:fc:21:d7:fa:ce:63:37:a2:5c:
         38:f5:45:e8:c0:4c:08:b2:37:6a:6d:05:13:54:a0:0a:12:f3:
         10:0a:77:61:20:71:ab:cf:71:20:3c:ec:7a:a6:be:5c:8c:1f:
         65:13:30:85:d1:b1:ad:33:d9:27:dd:ff:c4:87:87:ba:a4:f0:
         5c:d9:e3:dc:08:3d:13:35:03:b0:63:c1:53:7c:c0:2f:d8:30:
         67:34:00:17:52:74:08:7b:72:98:ce:44:de:01:f4:4f:f3:4d:
         b1:fb:50:6c:c2:5f:01:a2:7e:6b:c3:5e:80:4e:c3:49:e3:00:
         42:e2:b8:6f:5a:fc:8b:70:5f:c1:16:d0:4b:9e:43:f0:8c:e5:
         99:7c:8f:01:f9:0f:f7:0d:49:2b:67:e5:72:cd:a0:c0:c2:e9:
         3a:49:e0:88:c1:a1:57:8b:c9:f3:ab:3a:17:6e:19:9e:d0:cf:
         cc:b5:f4:40:44:c7:ca:ba:41:5f:54:be:fe:40:76:57:23:9e:
         7a:a2:2f:34:2f:e1:62:3b:95:ed:2a:a4:be:4b:77:1b:10:bc:
         28:d3:22:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjF/WD4lQBewa9K6S1w4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGI4ZDYwMjIwNDM1YmIzODZjYzVmZDU3MDI5MGE4M2U0YWVjZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvp206aO0bfTJg5rIIP0jEF5m/+C2
4+uxw1nhKY+VjyWkLgzXviA97OpMYAoJg8ic8zRuF7bbw2RJFRCW2AEVo8bq62+X
tgOX4VMVVzwVipbwrQleSu4edf4kwULPGCJNXvFEaDKHXH+J/8R+psSBsKh4BcVx
FzmfKWZfykyJEqVNWPizDk5XeHc/06uBK/XSy2aWfhAFGdd3sYP1F83kDX2MzY6O
fewtYwxbRHhJbnbKcDV8vvvIYtv6S0fZCVxT/JVWAztvmc2Nhpd68oqppe0Oxnll
P8HndybA1RUGke0crcjgYDcdN4XGhdoH1mE6p7cNiQLcqhIYVeLkmcrtTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFES41gIgQ1uzhsxf1XApCoPkrs0xMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvUkxqV0FpQkRXN09HekZfVmNDa0tnLVN1elRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWblUMA0G
CSqGSIb3DQEBCwUAA4IBAQAiBNQ52zQi33xkrFZj3o7MoJqfdD/VO3fuDMCU/Z7N
h5+IZsi4jZCrk44WpKH8Idf6zmM3olw49UXowEwIsjdqbQUTVKAKEvMQCndhIHGr
z3EgPOx6pr5cjB9lEzCF0bGtM9kn3f/Eh4e6pPBc2ePcCD0TNQOwY8FTfMAv2DBn
NAAXUnQIe3KYzkTeAfRP802x+1Bswl8Bon5rw16ATsNJ4wBC4rhvWvyLcF/BFtBL
nkPwjOWZfI8B+Q/3DUkrZ+VyzaDAwuk6SeCIwaFXi8nzqzoXbhme0M/MtfRARMfK
ukFfVL7+QHZXI556oi80L+FiO5XtKqS+S3cbELwo0yLq
-----END CERTIFICATE-----