Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/2BUGtHga-91WOayxMZ7EN3sAoUE.roa
File:                     2BUGtHga-91WOayxMZ7EN3sAoUE.roa (raw, json)
Hash identifier:          40eNzoOdvf9iy0CU470Iq6VAmpCnU36Mg3hoCFP9r9Q=
Subject key identifier:   D8:15:06:B4:78:1A:FB:DD:56:39:AC:B1:31:9E:C4:37:7B:00:A1:41
Certificate issuer:       /CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
Certificate serial:       0194282586791F0313DE7CF46E8375985E3F
Authority key identifier: C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/2BUGtHga-91WOayxMZ7EN3sAoUE.roa
Signing time:             Thu 02 Jan 2025 17:52:15 +0000
ROA not before:           Thu 02 Jan 2025 17:52:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60676
IP address blocks:        89.34.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:86:79:1f:03:13:de:7c:f4:6e:83:75:98:5e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
        Validity
            Not Before: Jan  2 17:52:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d81506b4781afbdd5639acb1319ec4377b00a141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:df:e0:5f:65:80:bb:f9:25:0a:72:5b:e6:d9:
                    d5:8b:0d:23:b5:71:ac:a7:7e:b0:93:bf:18:bd:8b:
                    e6:d9:46:a5:82:c1:ea:a5:9f:73:44:ce:cf:44:ab:
                    88:31:6d:14:75:88:d2:d5:c8:7d:25:57:46:38:86:
                    fd:95:dd:30:a8:8b:9d:73:2a:61:7f:ba:13:a0:61:
                    49:45:f9:14:5e:69:ec:a9:ad:04:27:b0:f4:c3:49:
                    e7:b7:14:50:54:4d:01:0a:4f:04:63:85:2d:d5:81:
                    53:c8:18:27:0c:ba:46:b0:b5:cb:98:3f:f8:54:2d:
                    fe:e6:8d:5e:01:7d:4e:5d:93:60:cc:eb:82:9d:25:
                    40:92:b9:49:64:44:86:b3:f3:27:13:80:82:48:d7:
                    99:83:b0:46:00:cc:56:1b:d5:6f:9e:25:36:02:0f:
                    c4:fc:cf:b0:e8:7b:43:3f:57:ff:3e:fa:d9:64:c4:
                    84:e3:19:ad:0a:3f:9b:a8:b9:d9:30:90:14:4c:47:
                    a4:3e:e0:97:62:70:d2:a7:20:00:e1:e7:7c:4b:47:
                    2a:99:46:19:9c:49:36:c4:d1:57:0b:3f:cb:29:c2:
                    75:03:ea:f2:7c:63:4a:64:73:aa:78:fa:8c:80:2b:
                    4a:7c:11:35:5a:bf:f5:55:8a:09:38:f4:be:dd:db:
                    cb:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:15:06:B4:78:1A:FB:DD:56:39:AC:B1:31:9E:C4:37:7B:00:A1:41
            X509v3 Authority Key Identifier:
                keyid:C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/2BUGtHga-91WOayxMZ7EN3sAoUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:9c:fd:88:cf:e9:f4:9f:a6:39:c2:72:07:c8:04:d2:06:9c:
         84:5b:1f:ee:de:b2:9e:3b:7c:b5:73:73:e3:e6:06:17:55:ac:
         da:d4:47:a0:8a:df:2e:67:6d:50:7e:43:29:7e:e8:9e:05:34:
         92:11:c4:06:92:81:53:01:91:7d:5f:30:9f:e4:88:b0:d4:b8:
         56:65:cc:95:b7:d7:ac:e2:28:00:01:2f:6e:6a:ed:42:b3:3e:
         11:40:a2:e7:a3:47:97:5e:2f:b4:b0:2f:33:53:23:bc:e3:2d:
         31:64:dc:94:a5:63:3d:85:7e:a4:bf:d4:64:46:92:ae:6c:63:
         28:8a:59:6f:5d:5a:89:d0:4a:2e:c1:2b:ce:c5:8e:38:da:5d:
         3b:44:a8:0c:90:08:84:de:6f:10:57:f7:99:5b:94:db:6e:8f:
         9c:ca:66:82:b7:7d:9a:5a:f5:e3:7d:0c:a4:25:f2:01:46:a7:
         ea:b2:b9:bd:3f:29:98:81:28:aa:de:3e:cd:39:51:93:93:82:
         24:cc:df:fb:7f:8b:97:80:2d:fb:ac:aa:fa:28:dc:00:f7:80:
         a2:2f:25:77:e3:ce:a4:62:d0:24:16:00:ca:b2:1c:bd:56:be:
         6e:9c:31:4a:ed:2f:53:2b:41:d1:3b:7d:9e:52:df:5e:c6:7a:
         f1:de:f7:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJYZ5HwMT3nz0boN1mF4/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzA1OTFlMmViNDlkMDU1OWU2ZmNlN2VlMmFhODFmMGY1
OWJhNmYwHhcNMjUwMTAyMTc1MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODE1MDZiNDc4MWFmYmRkNTYzOWFjYjEzMTllYzQzNzdiMDBhMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9/gX2WAu/klCnJb5tnViw0jtXGs
p36wk78YvYvm2UalgsHqpZ9zRM7PRKuIMW0UdYjS1ch9JVdGOIb9ld0wqIudcyph
f7oToGFJRfkUXmnsqa0EJ7D0w0nntxRQVE0BCk8EY4Ut1YFTyBgnDLpGsLXLmD/4
VC3+5o1eAX1OXZNgzOuCnSVAkrlJZESGs/MnE4CCSNeZg7BGAMxWG9VvniU2Ag/E
/M+w6HtDP1f/PvrZZMSE4xmtCj+bqLnZMJAUTEekPuCXYnDSpyAA4ed8S0cqmUYZ
nEk2xNFXCz/LKcJ1A+ryfGNKZHOqePqMgCtKfBE1Wr/1VYoJOPS+3dvLxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgVBrR4GvvdVjmssTGexDd7AKFBMB8GA1UdIwQY
MBaAFMPAWR4utJ0FWeb85+4qqB8PWbpvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQt
ZTM0MDcxNzQ2NjNiLzEvMkJVR3RIZ2EtOTFXT2F5eE1aN0VOM3NBb1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQtZTM0MDcxNzQ2NjNi
LzEvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSJbMA0G
CSqGSIb3DQEBCwUAA4IBAQCEnP2Iz+n0n6Y5wnIHyATSBpyEWx/u3rKeO3y1c3Pj
5gYXVaza1Eegit8uZ21QfkMpfuieBTSSEcQGkoFTAZF9XzCf5Iiw1LhWZcyVt9es
4igAAS9uau1Csz4RQKLno0eXXi+0sC8zUyO84y0xZNyUpWM9hX6kv9RkRpKubGMo
illvXVqJ0EouwSvOxY442l07RKgMkAiE3m8QV/eZW5Tbbo+cymaCt32aWvXjfQyk
JfIBRqfqsrm9PymYgSiq3j7NOVGTk4IkzN/7f4uXgC37rKr6KNwA94CiLyV3486k
YtAkFgDKshy9Vr5unDFK7S9TK0HRO32eUt9exnrx3vcH
-----END CERTIFICATE-----