Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/f558aa-55ef-450f-8b97-10090d1e7d94/1/AVYBUHDR8cllHf1Clp-tHJ3mnJM.roa
File:                     AVYBUHDR8cllHf1Clp-tHJ3mnJM.roa (raw, json)
Hash identifier:          AnG8BWUfPxV5o1EC1SevW/uoDYd+aQAPwe1f/26+nZM=
Subject key identifier:   01:56:01:50:70:D1:F1:C9:65:1D:FD:42:96:9F:AD:1C:9D:E6:9C:93
Certificate issuer:       /CN=ca5154158905d1d44c4588dfd25802f324a93d61
Certificate serial:       0194266A466F45F38BF326429C94671107EE
Authority key identifier: CA:51:54:15:89:05:D1:D4:4C:45:88:DF:D2:58:02:F3:24:A9:3D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ylFUFYkF0dRMRYjf0lgC8ySpPWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/f558aa-55ef-450f-8b97-10090d1e7d94/1/AVYBUHDR8cllHf1Clp-tHJ3mnJM.roa
Signing time:             Thu 02 Jan 2025 09:48:06 +0000
ROA not before:           Thu 02 Jan 2025 09:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213313
IP address blocks:        152.89.148.0/22 maxlen: 24
                          2a09:34c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/f558aa-55ef-450f-8b97-10090d1e7d94/1/ylFUFYkF0dRMRYjf0lgC8ySpPWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/f558aa-55ef-450f-8b97-10090d1e7d94/1/ylFUFYkF0dRMRYjf0lgC8ySpPWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ylFUFYkF0dRMRYjf0lgC8ySpPWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:46:6f:45:f3:8b:f3:26:42:9c:94:67:11:07:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca5154158905d1d44c4588dfd25802f324a93d61
        Validity
            Not Before: Jan  2 09:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0156015070d1f1c9651dfd42969fad1c9de69c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:dd:d1:a5:3b:16:cb:aa:af:a8:f0:24:8b:f6:
                    cd:89:91:b0:c7:57:d4:38:6c:85:fb:49:20:f1:1b:
                    d2:e3:55:2a:43:46:24:46:7d:03:1d:ed:fb:d0:36:
                    cf:5d:27:1c:e5:08:db:29:ae:11:a8:6e:d1:22:eb:
                    e5:19:b3:a9:98:e7:8a:1c:5e:d5:1a:eb:73:ba:0e:
                    22:5f:2b:12:1e:45:07:8e:c5:2c:04:53:ad:30:9d:
                    b4:a0:a1:38:a5:d5:7e:bf:e5:66:bf:38:c6:1f:7e:
                    99:c2:6f:89:87:ca:21:81:09:72:74:cd:67:ec:4d:
                    cc:9d:5a:c7:64:9f:25:d4:ca:db:fc:7f:9c:a7:58:
                    b4:57:fe:6e:5d:dd:55:05:49:e6:bf:c6:26:d4:45:
                    3e:86:99:d5:5a:28:44:f2:1a:d4:24:32:05:d1:fc:
                    4b:b7:7d:c3:ae:5c:77:d9:b0:29:fb:51:2d:49:49:
                    39:f9:a7:48:40:d3:5a:33:ef:67:62:34:bd:d1:94:
                    be:ee:79:6f:76:b2:2e:70:71:e6:8d:56:a0:f0:11:
                    87:49:70:58:72:98:33:c0:5f:11:b2:d4:2c:03:96:
                    9c:8a:8f:18:73:5b:b7:f8:c9:7d:06:ed:5d:85:48:
                    b9:63:c7:ec:ed:8f:6c:f0:5b:32:e7:1b:5d:33:01:
                    0f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:56:01:50:70:D1:F1:C9:65:1D:FD:42:96:9F:AD:1C:9D:E6:9C:93
            X509v3 Authority Key Identifier:
                keyid:CA:51:54:15:89:05:D1:D4:4C:45:88:DF:D2:58:02:F3:24:A9:3D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ylFUFYkF0dRMRYjf0lgC8ySpPWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/f558aa-55ef-450f-8b97-10090d1e7d94/1/AVYBUHDR8cllHf1Clp-tHJ3mnJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/f558aa-55ef-450f-8b97-10090d1e7d94/1/ylFUFYkF0dRMRYjf0lgC8ySpPWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.148.0/22
                IPv6:
                  2a09:34c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:fa:a6:a8:0e:2d:70:ef:95:d9:c8:7b:bb:ac:a9:ae:ba:5e:
         b7:57:be:01:c7:39:ca:46:35:b3:33:e2:0c:fc:e4:31:f5:81:
         d8:c0:73:c9:ff:fe:09:ac:20:44:cf:3e:e9:3c:fb:34:b1:de:
         cc:21:42:61:aa:4c:86:14:87:86:1f:69:c0:82:21:34:10:78:
         bd:fa:45:c9:31:84:ad:47:64:ae:80:58:07:c6:0c:13:09:b8:
         3b:42:f5:ad:43:0e:9c:9b:47:45:c2:16:aa:9a:ea:49:c6:01:
         ff:45:b9:38:5d:e7:8e:9e:09:96:95:c7:81:5a:7a:1f:31:bb:
         d5:59:cb:1d:26:45:5e:f4:57:e8:58:d8:4d:90:0f:64:af:e5:
         39:73:36:19:91:dd:19:c7:34:fb:7a:e9:40:f6:73:56:e3:8a:
         cf:b5:85:f9:0f:fd:6b:72:1f:23:73:98:3c:22:46:04:29:14:
         42:5a:69:8e:bc:82:94:a8:3a:99:11:08:a7:69:c2:d9:86:1f:
         da:9d:a5:af:02:fd:30:e3:df:35:35:c7:c3:22:88:b4:52:c2:
         8e:4a:c3:08:3f:af:9f:00:e6:37:e1:22:dd:02:a8:2e:15:dc:
         b5:8a:50:8b:2f:40:c9:8c:64:a1:ab:bd:10:25:58:66:1b:a0:
         0a:00:f5:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmakZvRfOL8yZCnJRnEQfuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNTE1NDE1ODkwNWQxZDQ0YzQ1ODhkZmQyNTgwMmYzMjRh
OTNkNjEwHhcNMjUwMTAyMDk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTU2MDE1MDcwZDFmMWM5NjUxZGZkNDI5NjlmYWQxYzlkZTY5YzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA493RpTsWy6qvqPAki/bNiZGwx1fU
OGyF+0kg8RvS41UqQ0YkRn0DHe370DbPXScc5QjbKa4RqG7RIuvlGbOpmOeKHF7V
Gutzug4iXysSHkUHjsUsBFOtMJ20oKE4pdV+v+VmvzjGH36Zwm+Jh8ohgQlydM1n
7E3MnVrHZJ8l1Mrb/H+cp1i0V/5uXd1VBUnmv8Ym1EU+hpnVWihE8hrUJDIF0fxL
t33Drlx32bAp+1EtSUk5+adIQNNaM+9nYjS90ZS+7nlvdrIucHHmjVag8BGHSXBY
cpgzwF8RstQsA5acio8Yc1u3+Ml9Bu1dhUi5Y8fs7Y9s8Fsy5xtdMwEPeQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAFWAVBw0fHJZR39QpafrRyd5pyTMB8GA1UdIwQY
MBaAFMpRVBWJBdHUTEWI39JYAvMkqT1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWxGVUZZa0YwZFJNUllqZjBsZ0M4eVNwUFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9mNTU4YWEtNTVlZi00NTBmLThiOTct
MTAwOTBkMWU3ZDk0LzEvQVZZQlVIRFI4Y2xsSGYxQ2xwLXRISjNtbkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9mNTU4YWEtNTVlZi00NTBmLThiOTctMTAwOTBkMWU3ZDk0
LzEveWxGVUZZa0YwZFJNUllqZjBsZ0M4eVNwUFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCmFmUMA0E
AgACMAcDBQMqCTTAMA0GCSqGSIb3DQEBCwUAA4IBAQBl+qaoDi1w75XZyHu7rKmu
ul63V74BxznKRjWzM+IM/OQx9YHYwHPJ//4JrCBEzz7pPPs0sd7MIUJhqkyGFIeG
H2nAgiE0EHi9+kXJMYStR2SugFgHxgwTCbg7QvWtQw6cm0dFwhaqmupJxgH/Rbk4
XeeOngmWlceBWnofMbvVWcsdJkVe9FfoWNhNkA9kr+U5czYZkd0ZxzT7eulA9nNW
44rPtYX5D/1rch8jc5g8IkYEKRRCWmmOvIKUqDqZEQinacLZhh/anaWvAv0w4981
NcfDIoi0UsKOSsMIP6+fAOY34SLdAqguFdy1ilCLL0DJjGShq70QJVhmG6AKAPUk
-----END CERTIFICATE-----