Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/fR48VQDXb1tXA5q8olbHpzKvGTI.roa
File:                     fR48VQDXb1tXA5q8olbHpzKvGTI.roa (raw, json)
Hash identifier:          +9yD6Jy5GH9s1ivHLVmc0cmLZyNWxUp7UZw9QLfaciM=
Subject key identifier:   7D:1E:3C:55:00:D7:6F:5B:57:03:9A:BC:A2:56:C7:A7:32:AF:19:32
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       018CC500389219FE0D815F4001955E63F9D5
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/fR48VQDXb1tXA5q8olbHpzKvGTI.roa
Signing time:             Mon 01 Jan 2024 12:29:35 +0000
ROA not before:           Mon 01 Jan 2024 12:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213252
IP address blocks:        89.252.141.0/24 maxlen: 24
                          89.252.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:38:92:19:fe:0d:81:5f:40:01:95:5e:63:f9:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  1 12:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d1e3c5500d76f5b57039abca256c7a732af1932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e4:06:bc:84:7d:78:f8:d8:fb:73:92:51:1d:
                    e8:79:98:eb:47:c4:de:4b:ef:18:d1:1c:39:e5:9a:
                    c8:20:05:24:6b:33:ed:42:f9:c0:f7:33:6b:d4:6a:
                    46:30:90:39:1e:3e:31:f0:d5:70:42:12:83:ea:65:
                    bd:90:ac:48:43:49:6a:30:c8:a3:92:6c:40:fc:eb:
                    11:b2:a4:95:c9:ab:bd:f7:60:b7:4a:9a:f8:7b:91:
                    67:9d:f9:e3:58:37:0c:91:21:46:27:ab:ec:07:72:
                    64:e8:ad:9d:ea:6a:a4:97:44:8c:33:1f:d3:70:33:
                    aa:87:41:1f:cc:15:9c:3a:5d:cc:6a:0e:f6:b3:12:
                    ca:43:f8:36:7e:65:35:5b:e4:94:ec:db:e2:f2:97:
                    fa:2e:28:60:f1:5a:c4:e6:6e:18:76:9e:8e:61:a5:
                    85:04:24:48:48:9a:7f:39:2e:47:e0:4f:ff:03:bb:
                    9e:0f:14:c1:f3:d6:12:94:4b:6b:1c:58:70:9d:61:
                    27:64:6b:01:d0:6b:c2:7f:86:b3:31:c8:66:ce:28:
                    1a:b5:97:d2:c5:f1:ad:b7:07:b2:e4:6a:1a:11:95:
                    ef:8e:66:53:77:3a:79:e9:65:26:53:83:e5:9b:5a:
                    83:29:c1:37:da:58:fa:73:ec:7d:ca:48:37:00:14:
                    d9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:1E:3C:55:00:D7:6F:5B:57:03:9A:BC:A2:56:C7:A7:32:AF:19:32
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/fR48VQDXb1tXA5q8olbHpzKvGTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.141.0/24
                  89.252.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:a4:3a:22:92:72:ed:f1:9e:bf:fd:90:07:7f:ce:8b:df:a9:
         72:9f:5f:9c:e5:09:15:2b:e4:7c:52:b2:20:01:ce:3d:b5:11:
         1f:80:91:18:b7:85:46:62:4c:ec:62:0b:fb:01:5e:23:50:93:
         1b:a9:b8:1b:77:c1:7c:d4:11:74:5e:f4:cc:ac:bf:f5:80:18:
         ba:ed:4c:ac:80:c4:82:6f:da:1d:65:b2:e2:06:78:ff:b9:a9:
         f6:7e:d7:3d:d6:69:11:cc:84:85:38:ca:3a:66:95:82:e6:c6:
         ec:0f:57:51:c3:e3:21:9b:82:07:9b:9c:83:9f:8a:e1:51:3d:
         55:4c:f0:72:a8:ef:c4:f6:d5:0f:16:23:d2:2b:5e:8e:9a:1b:
         f5:43:81:cd:ac:5a:85:55:13:b5:90:d4:6c:b3:c6:bb:89:7e:
         aa:ca:e6:8f:71:f4:3e:70:54:8b:3e:bd:7d:2b:1d:e4:9e:94:
         d7:08:bb:32:4f:ce:09:b5:4f:51:ed:49:6e:4f:22:dd:e8:1d:
         e3:ff:8f:0b:dc:0e:40:80:ac:25:27:86:b6:b9:2c:6c:65:79:
         30:8e:37:1d:29:27:be:73:55:3f:05:be:17:d5:3e:64:a8:02:
         14:bb:3f:44:3e:3a:3e:61:c4:17:be:fb:f8:28:34:48:69:ee:
         90:3c:87:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFADiSGf4NgV9AAZVeY/nVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjQwMTAxMTIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDFlM2M1NTAwZDc2ZjViNTcwMzlhYmNhMjU2YzdhNzMyYWYxOTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuQGvIR9ePjY+3OSUR3oeZjrR8Te
S+8Y0Rw55ZrIIAUkazPtQvnA9zNr1GpGMJA5Hj4x8NVwQhKD6mW9kKxIQ0lqMMij
kmxA/OsRsqSVyau992C3Spr4e5FnnfnjWDcMkSFGJ6vsB3Jk6K2d6mqkl0SMMx/T
cDOqh0EfzBWcOl3Mag72sxLKQ/g2fmU1W+SU7Nvi8pf6Lihg8VrE5m4Ydp6OYaWF
BCRISJp/OS5H4E//A7ueDxTB89YSlEtrHFhwnWEnZGsB0GvCf4azMchmzigatZfS
xfGttwey5GoaEZXvjmZTdzp56WUmU4Plm1qDKcE32lj6c+x9ykg3ABTZgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH0ePFUA129bVwOavKJWx6cyrxkyMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvZlI0OFZRRFhiMXRYQTVxOG9sYkhwekt2R1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfyNAwQA
WfyZMA0GCSqGSIb3DQEBCwUAA4IBAQBHpDoiknLt8Z6//ZAHf86L36lyn1+c5QkV
K+R8UrIgAc49tREfgJEYt4VGYkzsYgv7AV4jUJMbqbgbd8F81BF0XvTMrL/1gBi6
7UysgMSCb9odZbLiBnj/uan2ftc91mkRzISFOMo6ZpWC5sbsD1dRw+Mhm4IHm5yD
n4rhUT1VTPByqO/E9tUPFiPSK16Omhv1Q4HNrFqFVRO1kNRss8a7iX6qyuaPcfQ+
cFSLPr19Kx3knpTXCLsyT84JtU9R7UluTyLd6B3j/48L3A5AgKwlJ4a2uSxsZXkw
jjcdKSe+c1U/Bb4X1T5kqAIUuz9EPjo+YcQXvvv4KDRIae6QPIfG
-----END CERTIFICATE-----