Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/rL6AzulHQOLcRfhqRrPdMX43AzM.roa
File:                     rL6AzulHQOLcRfhqRrPdMX43AzM.roa (raw, json)
Hash identifier:          /p4sN3vL44k5lwQiWwAvoayVUuPAubPMAhf99ERn0+c=
Subject key identifier:   AC:BE:80:CE:E9:47:40:E2:DC:45:F8:6A:46:B3:DD:31:7E:37:03:33
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       01941F8C5F4D75DEA9D0743435FB5E397AAF
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/rL6AzulHQOLcRfhqRrPdMX43AzM.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49418
IP address blocks:        89.185.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5f:4d:75:de:a9:d0:74:34:35:fb:5e:39:7a:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acbe80cee94740e2dc45f86a46b3dd317e370333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f3:5d:61:94:49:77:73:a6:a6:bf:04:6f:d2:
                    01:d4:2d:88:e0:a7:3e:eb:99:95:ab:a6:6c:27:51:
                    26:1a:52:2c:3c:e6:4d:93:aa:84:c1:99:67:ab:82:
                    4c:3e:6a:20:76:f0:d3:69:19:63:34:a3:9b:a0:bd:
                    f7:4b:fe:7f:07:28:27:87:10:cd:fb:66:de:99:73:
                    2b:52:3a:5f:9b:98:89:32:4b:79:c8:8a:71:25:fe:
                    21:a4:89:8d:b0:f8:0c:e8:37:8d:d8:90:65:24:bf:
                    78:04:22:80:3f:ff:56:88:e6:44:7a:3d:a1:66:40:
                    7f:d1:74:65:73:b3:fd:95:cd:0b:43:08:10:bd:70:
                    c0:3f:ce:ee:d2:67:f4:86:04:dc:7f:20:20:c8:f4:
                    48:3e:0b:bf:89:8f:f0:c9:3a:d1:1f:68:e7:47:16:
                    b8:f9:6c:c4:cb:45:f3:94:94:28:f6:4d:a7:d5:58:
                    80:0a:13:8d:03:9a:86:2f:e9:06:32:b6:10:b6:45:
                    4c:bb:1c:db:5d:c3:21:32:a5:f4:2d:15:64:e7:a4:
                    c8:26:6e:bd:b5:9f:12:8e:0e:d8:10:c0:d0:5d:25:
                    06:90:5f:48:a4:2a:4d:80:7a:ce:fd:8c:72:14:a0:
                    5d:b1:4e:fa:96:c2:f0:48:47:81:f3:a4:8f:20:93:
                    84:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:BE:80:CE:E9:47:40:E2:DC:45:F8:6A:46:B3:DD:31:7E:37:03:33
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/rL6AzulHQOLcRfhqRrPdMX43AzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:28:6c:3c:33:a5:65:45:91:4e:b5:4a:ab:5a:c3:a7:14:24:
         85:bb:c9:84:5a:e7:cb:7f:66:ed:da:a5:ee:cc:82:18:e2:6b:
         d3:ee:84:8c:10:62:70:5c:9a:93:5a:60:65:d5:a6:d7:36:35:
         9a:25:bd:df:56:cb:a7:71:d7:b5:4e:3e:04:39:49:96:73:5c:
         e5:0d:4c:20:b2:7f:12:8a:e7:86:7a:e6:fc:1c:35:a4:d3:ad:
         f5:0b:0a:0b:4c:93:75:f5:4c:b1:53:fe:2f:d0:1a:ff:e1:b7:
         a9:55:70:7f:b5:57:37:04:f9:c6:1d:4d:11:a2:05:44:42:6b:
         31:ac:16:cd:74:56:c5:fc:78:b6:e1:70:8a:aa:61:24:f2:5d:
         4c:20:64:f9:27:c0:ca:42:9d:7d:18:bf:83:65:88:61:e2:bf:
         c0:9c:cd:28:7a:b6:74:77:15:07:11:67:de:19:86:29:6b:54:
         00:34:30:ea:fd:ab:0c:3a:b6:6e:e7:a4:22:1d:9e:c4:53:52:
         3e:4c:35:4e:da:56:bb:87:fd:01:cd:ce:12:47:74:68:2c:7f:
         2c:1d:b9:84:94:ae:a9:21:7d:74:e0:b8:61:80:d3:6f:46:6f:
         c0:8a:45:49:c2:04:3d:7a:4c:b5:71:e8:bc:74:43:d8:6a:a4:
         61:30:74:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjF9Ndd6p0HQ0NfteOXqvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2JlODBjZWU5NDc0MGUyZGM0NWY4NmE0NmIzZGQzMTdlMzcwMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvNdYZRJd3Ompr8Eb9IB1C2I4Kc+
65mVq6ZsJ1EmGlIsPOZNk6qEwZlnq4JMPmogdvDTaRljNKOboL33S/5/BygnhxDN
+2bemXMrUjpfm5iJMkt5yIpxJf4hpImNsPgM6DeN2JBlJL94BCKAP/9WiOZEej2h
ZkB/0XRlc7P9lc0LQwgQvXDAP87u0mf0hgTcfyAgyPRIPgu/iY/wyTrRH2jnRxa4
+WzEy0XzlJQo9k2n1ViAChONA5qGL+kGMrYQtkVMuxzbXcMhMqX0LRVk56TIJm69
tZ8Sjg7YEMDQXSUGkF9IpCpNgHrO/YxyFKBdsU76lsLwSEeB86SPIJOE0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKy+gM7pR0Di3EX4akaz3TF+NwMzMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvckw2QXp1bEhRT0xjUmZocVJyUGRNWDQzQXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWblTMA0G
CSqGSIb3DQEBCwUAA4IBAQDBKGw8M6VlRZFOtUqrWsOnFCSFu8mEWufLf2bt2qXu
zIIY4mvT7oSMEGJwXJqTWmBl1abXNjWaJb3fVsuncde1Tj4EOUmWc1zlDUwgsn8S
iueGeub8HDWk0631CwoLTJN19UyxU/4v0Br/4bepVXB/tVc3BPnGHU0RogVEQmsx
rBbNdFbF/Hi24XCKqmEk8l1MIGT5J8DKQp19GL+DZYhh4r/AnM0oerZ0dxUHEWfe
GYYpa1QANDDq/asMOrZu56QiHZ7EU1I+TDVO2la7h/0Bzc4SR3RoLH8sHbmElK6p
IX104LhhgNNvRm/AikVJwgQ9eky1cei8dEPYaqRhMHQN
-----END CERTIFICATE-----