Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/kaXih0ftxLoxKevElyyNGY3Am90.roa
File:                     kaXih0ftxLoxKevElyyNGY3Am90.roa (raw, json)
Hash identifier:          VV+Kmbg3++xVZSuR6z9QplDGDyuGw9lzxK6+uDRXc2k=
Subject key identifier:   91:A5:E2:87:47:ED:C4:BA:31:29:EB:C4:97:2C:8D:19:8D:C0:9B:DD
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       01941F8C61960560A6B6538D221C2B2966A1
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/kaXih0ftxLoxKevElyyNGY3Am90.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        89.185.80.0/24 maxlen: 24
                          89.185.81.0/24 maxlen: 24
                          89.185.82.0/24 maxlen: 24
                          89.185.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:61:96:05:60:a6:b6:53:8d:22:1c:2b:29:66:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91a5e28747edc4ba3129ebc4972c8d198dc09bdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e7:7a:9d:70:8c:cb:b1:74:9d:5b:95:7e:0c:
                    dc:6c:7b:ef:b3:08:23:73:8c:e0:c1:a0:ad:b9:1b:
                    74:d1:ef:42:98:3e:e8:ab:16:38:ab:50:a6:c5:84:
                    bc:23:d3:c9:79:44:a3:5a:f2:9e:19:b1:b0:90:ca:
                    0c:56:ea:11:de:ee:ac:a3:42:bf:01:0f:2c:7c:8b:
                    f5:57:f9:2f:20:cd:c6:f3:7c:33:48:63:11:31:9d:
                    db:b7:bf:e6:4c:8e:63:95:52:3e:79:58:1e:d3:d6:
                    2d:68:2d:7c:16:48:9c:62:88:98:7b:c0:83:cb:22:
                    74:e0:ab:3b:a7:cf:cd:70:12:aa:71:bb:e5:ac:06:
                    01:b3:f1:b1:b8:73:f3:83:e2:72:89:b8:c7:e4:83:
                    34:26:c0:93:a0:62:b0:f0:49:0d:a1:6e:a1:92:a0:
                    98:a6:98:b3:c6:12:ef:27:24:b9:7f:c8:a2:10:a0:
                    00:5c:b0:96:59:9d:37:2d:b9:93:59:f6:9a:6c:ca:
                    91:43:33:99:59:4d:7b:5a:b7:ca:13:0c:fe:9b:f5:
                    f5:53:11:4b:7a:5f:ad:85:78:53:fb:1f:a7:67:da:
                    a6:7a:4c:ec:1a:7e:43:9d:89:3f:21:3e:0a:5e:84:
                    84:37:66:76:65:88:39:65:fe:8d:0a:67:1a:22:d2:
                    2b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A5:E2:87:47:ED:C4:BA:31:29:EB:C4:97:2C:8D:19:8D:C0:9B:DD
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/kaXih0ftxLoxKevElyyNGY3Am90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.80.0-89.185.82.255
                  89.185.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:e8:52:53:79:f3:65:3a:51:1f:bd:b8:e2:44:03:fb:22:6e:
         1d:99:05:cb:51:5a:25:6c:cf:26:9f:d1:b4:4f:d1:e1:15:fd:
         5d:c7:eb:7d:66:e1:86:4f:d7:a7:a5:b1:16:e5:30:71:a1:6e:
         e4:80:57:de:e1:56:0c:37:b9:33:f0:97:8a:b5:67:66:c9:51:
         db:32:77:dc:f1:53:01:5a:98:f7:0a:e4:70:f1:95:b5:f4:46:
         8f:64:33:91:97:54:bc:df:21:09:39:fd:3d:ab:aa:fd:52:84:
         d1:71:aa:47:6e:e6:6a:c4:56:de:e0:c8:c5:83:6e:40:29:68:
         7f:99:e3:36:13:04:b3:2f:58:3c:b2:95:bb:25:22:49:fd:13:
         2e:b6:7c:e5:37:ae:2d:89:d4:94:8b:28:b9:d5:0e:55:50:38:
         45:6c:1c:ed:38:f4:56:5e:55:e4:9e:a1:e6:f1:cd:18:cf:1f:
         bf:78:4d:a5:b2:fa:44:b0:d5:8a:b0:50:21:a5:f1:b1:a2:03:
         bc:6b:1d:15:b9:cf:e3:6d:69:be:81:84:ec:ed:a4:94:a5:37:
         22:c8:14:3d:76:8d:7d:f0:4d:ef:22:f5:74:87:c8:4e:87:a6:
         46:0a:cd:6f:3f:a7:f2:07:c4:01:64:16:d0:6f:79:d5:00:5c:
         69:47:c0:6c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQfjGGWBWCmtlONIhwrKWahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWE1ZTI4NzQ3ZWRjNGJhMzEyOWViYzQ5NzJjOGQxOThkYzA5YmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ed6nXCMy7F0nVuVfgzcbHvvswgj
c4zgwaCtuRt00e9CmD7oqxY4q1CmxYS8I9PJeUSjWvKeGbGwkMoMVuoR3u6so0K/
AQ8sfIv1V/kvIM3G83wzSGMRMZ3bt7/mTI5jlVI+eVge09YtaC18FkicYoiYe8CD
yyJ04Ks7p8/NcBKqcbvlrAYBs/GxuHPzg+JyibjH5IM0JsCToGKw8EkNoW6hkqCY
ppizxhLvJyS5f8iiEKAAXLCWWZ03LbmTWfaabMqRQzOZWU17WrfKEwz+m/X1UxFL
el+thXhT+x+nZ9qmekzsGn5DnYk/IT4KXoSEN2Z2ZYg5Zf6NCmcaItIrqQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJGl4odH7cS6MSnrxJcsjRmNwJvdMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEva2FYaWgwZnR4TG94S2V2RWx5eU5HWTNBbTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBARZuVAD
BABZuVIDBABZuVQwDQYJKoZIhvcNAQELBQADggEBAI/oUlN582U6UR+9uOJEA/si
bh2ZBctRWiVszyaf0bRP0eEV/V3H631m4YZP16elsRblMHGhbuSAV97hVgw3uTPw
l4q1Z2bJUdsyd9zxUwFamPcK5HDxlbX0Ro9kM5GXVLzfIQk5/T2rqv1ShNFxqkdu
5mrEVt7gyMWDbkApaH+Z4zYTBLMvWDyylbslIkn9Ey62fOU3ri2J1JSLKLnVDlVQ
OEVsHO049FZeVeSeoebxzRjPH794TaWy+kSw1YqwUCGl8bGiA7xrHRW5z+Ntab6B
hOztpJSlNyLIFD12jX3wTe8i9XSHyE6HpkYKzW8/p/IHxAFkFtBvedUAXGlHwGw=
-----END CERTIFICATE-----