Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/o89_e09UYTTUBFL2JHPh74Xn0HM.roa
File:                     o89_e09UYTTUBFL2JHPh74Xn0HM.roa (raw, json)
Hash identifier:          ZTWS+JKKvshY4NQqQEcnWbf3wjsUT8mJs1ncnEDD8wI=
Subject key identifier:   A3:CF:7F:7B:4F:54:61:34:D4:04:52:F6:24:73:E1:EF:85:E7:D0:73
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64BD2DD990D3126112F370FA277DB1
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/o89_e09UYTTUBFL2JHPh74Xn0HM.roa
Signing time:             Thu 09 Jan 2025 09:28:23 +0000
ROA not before:           Thu 09 Jan 2025 09:28:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201200
IP address blocks:        79.124.55.0/24 maxlen: 24
                          217.174.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:bd:2d:d9:90:d3:12:61:12:f3:70:fa:27:7d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3cf7f7b4f546134d40452f62473e1ef85e7d073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:19:96:17:b2:96:7d:f1:da:d6:24:08:53:89:
                    28:25:43:54:29:d3:ad:33:77:e4:d6:bc:38:6c:f0:
                    38:45:61:5b:8d:db:49:96:a9:82:71:fa:fa:9c:db:
                    5f:91:75:e7:e9:30:de:58:1a:2d:b6:b9:24:4d:82:
                    0a:0b:b6:75:c3:20:66:be:31:1a:81:ac:22:6c:44:
                    f0:2c:a0:c3:66:d3:d0:fe:02:53:96:7b:bd:3a:04:
                    ef:7d:0a:ce:53:51:cb:61:72:5d:c7:3a:2d:fb:c3:
                    0a:c1:10:cc:e9:4c:60:39:7d:93:5e:a1:a1:21:fa:
                    d7:b9:8f:36:f4:2f:04:b0:39:9c:6f:f5:30:44:ea:
                    73:d5:07:16:e8:e3:92:73:7d:ce:04:1b:84:27:d9:
                    b1:69:9c:6d:23:20:89:1e:c4:fb:79:04:97:d2:c9:
                    36:ad:07:7c:16:ab:c1:1d:81:ed:10:f1:48:2e:25:
                    52:a0:41:98:43:71:a1:e2:02:1f:00:96:7f:e7:45:
                    be:a2:55:61:5f:d9:08:c2:d2:fc:13:6b:71:a9:db:
                    a0:bd:a3:27:82:30:f6:3b:9f:58:01:c7:04:32:65:
                    9c:c8:a1:fe:d9:8a:80:bd:9a:f8:32:ff:db:8e:fc:
                    23:a8:97:0d:7d:89:6f:18:2d:9d:99:1a:0f:b6:e8:
                    0e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CF:7F:7B:4F:54:61:34:D4:04:52:F6:24:73:E1:EF:85:E7:D0:73
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/o89_e09UYTTUBFL2JHPh74Xn0HM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.124.55.0/24
                  217.174.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:67:60:62:01:72:f3:d0:38:de:bc:dd:cf:74:32:10:62:a0:
         6a:ba:17:e7:17:8d:49:64:fb:85:a5:9a:f3:bf:ea:b1:49:e5:
         85:6f:e9:6e:bd:43:44:4c:3a:df:7c:23:ae:2b:9a:59:d9:a9:
         53:56:72:f3:2a:46:c1:a2:93:20:bb:04:ff:d2:8e:d9:db:10:
         8b:13:21:2c:3c:ad:1c:b6:fe:b1:5a:3c:5c:21:38:4c:59:80:
         59:fe:92:7a:87:75:c8:0c:0e:2c:66:ca:e7:aa:f4:eb:c7:1f:
         fd:fb:8f:10:94:7b:2f:27:ef:2f:5e:92:1a:8c:28:57:4d:ef:
         9f:0d:4c:fa:e4:ed:1e:54:00:35:52:0a:e7:77:a4:c2:5a:82:
         c2:37:53:1a:7f:7b:60:4e:1d:00:4f:c0:96:4c:5f:13:21:1f:
         fb:8d:76:78:26:29:4f:98:d8:60:e2:a4:d5:28:57:70:d7:d9:
         55:94:df:40:19:f4:a2:58:90:0c:ed:75:a7:9f:cc:7a:f8:fd:
         8f:c3:56:66:fb:6a:a1:fb:e8:90:fa:a6:e1:1b:93:57:5d:b2:
         3e:81:01:73:bd:12:5c:a8:fa:bb:7d:3e:0a:b4:b5:0c:03:dc:
         1e:65:47:da:d9:09:df:fb:b2:5d:af:bb:57:30:ac:55:84:bb:
         e6:ed:7f:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRKZL0t2ZDTEmES83D6J32xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NmN2Y3YjRmNTQ2MTM0ZDQwNDUyZjYyNDczZTFlZjg1ZTdkMDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhmWF7KWffHa1iQIU4koJUNUKdOt
M3fk1rw4bPA4RWFbjdtJlqmCcfr6nNtfkXXn6TDeWBottrkkTYIKC7Z1wyBmvjEa
gawibETwLKDDZtPQ/gJTlnu9OgTvfQrOU1HLYXJdxzot+8MKwRDM6UxgOX2TXqGh
IfrXuY829C8EsDmcb/UwROpz1QcW6OOSc33OBBuEJ9mxaZxtIyCJHsT7eQSX0sk2
rQd8FqvBHYHtEPFILiVSoEGYQ3Gh4gIfAJZ/50W+olVhX9kIwtL8E2txqdugvaMn
gjD2O59YAccEMmWcyKH+2YqAvZr4Mv/bjvwjqJcNfYlvGC2dmRoPtugOtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKPPf3tPVGE01ARS9iRz4e+F59BzMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvbzg5X2UwOVVZVFRVQkZMMkpIUGg3NFhuMEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT3w3AwQA
2a6cMA0GCSqGSIb3DQEBCwUAA4IBAQALZ2BiAXLz0DjevN3PdDIQYqBquhfnF41J
ZPuFpZrzv+qxSeWFb+luvUNETDrffCOuK5pZ2alTVnLzKkbBopMguwT/0o7Z2xCL
EyEsPK0ctv6xWjxcIThMWYBZ/pJ6h3XIDA4sZsrnqvTrxx/9+48QlHsvJ+8vXpIa
jChXTe+fDUz65O0eVAA1Ugrnd6TCWoLCN1Maf3tgTh0AT8CWTF8TIR/7jXZ4JilP
mNhg4qTVKFdw19lVlN9AGfSiWJAM7XWnn8x6+P2Pw1Zm+2qh++iQ+qbhG5NXXbI+
gQFzvRJcqPq7fT4KtLUMA9weZUfa2Qnf+7Jdr7tXMKxVhLvm7X/v
-----END CERTIFICATE-----