Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/cSOzcJuJznyp0-yCo16vcwC-SO4.roa
File:                     cSOzcJuJznyp0-yCo16vcwC-SO4.roa (raw, json)
Hash identifier:          /BcpV3CpFg+yHnaLyG3CeUoFmA/RLptEV35Vt1SRJwQ=
Subject key identifier:   71:23:B3:70:9B:89:CE:7C:A9:D3:EC:82:A3:5E:AF:73:00:BE:48:EE
Certificate issuer:       /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial:       0194228DD087BA22256E3DC1CCED23C3813F
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/cSOzcJuJznyp0-yCo16vcwC-SO4.roa
Signing time:             Wed 01 Jan 2025 15:48:26 +0000
ROA not before:           Wed 01 Jan 2025 15:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9050
IP address blocks:        89.42.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:d0:87:ba:22:25:6e:3d:c1:cc:ed:23:c3:81:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
        Validity
            Not Before: Jan  1 15:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7123b3709b89ce7ca9d3ec82a35eaf7300be48ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:61:40:ed:b3:3e:f3:02:35:40:e8:1d:09:0c:
                    de:f6:c8:22:d7:1f:e0:9f:ca:e5:92:61:1f:99:cd:
                    e9:10:3c:ec:38:13:9d:e8:c2:f1:f5:6c:d2:d2:40:
                    e5:4f:9d:eb:3e:2a:73:71:83:7e:5a:d7:5d:38:72:
                    71:a1:6b:b0:1f:de:36:e5:d2:c9:15:bc:ef:29:e7:
                    45:d2:1d:fd:24:45:80:67:69:0e:57:8c:0d:ed:ab:
                    c0:c7:2c:81:27:1a:e4:89:fe:68:14:9b:06:7e:08:
                    80:de:2a:63:4b:1e:25:76:47:d0:cb:3a:cb:36:b9:
                    ce:b6:d9:03:a9:07:94:5c:03:1f:21:fa:db:05:7c:
                    9f:32:8e:b7:b9:44:35:24:23:8f:f6:d4:74:ad:6d:
                    90:e8:3f:8a:75:c3:8a:e0:c0:67:90:b3:1a:f0:75:
                    a8:ea:1c:d8:63:d2:e4:ed:02:47:01:b0:d6:0b:41:
                    a6:1a:2b:46:e5:28:31:94:27:7f:7b:f3:34:61:f6:
                    17:de:08:22:df:db:09:ff:d6:56:d4:5d:fd:b3:a2:
                    c6:47:14:2a:a1:5c:23:d6:f9:42:63:63:f1:1a:93:
                    22:ae:b5:81:b4:41:11:90:c1:bd:80:84:20:b5:be:
                    b6:54:b7:17:45:b4:7c:6e:09:87:9e:b3:c5:66:a1:
                    76:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:23:B3:70:9B:89:CE:7C:A9:D3:EC:82:A3:5E:AF:73:00:BE:48:EE
            X509v3 Authority Key Identifier:
                keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/cSOzcJuJznyp0-yCo16vcwC-SO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:df:ed:9b:af:4a:5f:8e:a1:62:c6:d2:67:5e:0c:f3:7f:cd:
         92:f2:83:c6:3e:af:16:7d:66:19:15:5c:37:d3:95:dd:28:24:
         0f:9a:96:cb:75:cd:79:b9:2d:43:12:0d:6b:b2:81:8d:cc:1b:
         38:9e:0b:9b:8e:5e:8a:51:83:9b:43:0f:f2:db:00:be:be:81:
         f3:27:74:02:2f:b8:8d:85:00:82:b1:a6:60:a9:24:a8:02:89:
         7e:b1:3f:6b:fc:fc:62:6d:47:90:d1:b9:5e:29:f3:84:31:54:
         6b:b3:24:71:86:b6:df:27:c6:f9:fd:b9:57:a4:02:67:b2:94:
         41:33:f7:25:e8:aa:41:1f:db:72:e2:ad:83:de:8d:b3:22:af:
         5f:32:e8:d1:04:47:8a:e3:88:b8:d7:da:8f:6b:a9:f5:f8:57:
         3e:30:bf:81:65:a3:30:77:fb:3f:76:98:39:c6:2c:52:70:20:
         90:ae:17:8b:8a:65:94:e4:89:6a:43:d5:a6:9e:86:7f:ae:e2:
         8d:3b:f2:81:56:f2:d2:39:88:b4:9d:08:a7:58:fe:f0:71:25:
         66:c9:58:6b:ef:b1:28:74:0f:5e:85:98:97:8c:43:fe:77:87:
         52:ae:1a:a3:32:40:bb:2b:41:ac:40:f1:bb:60:c5:0a:ec:e4:
         8f:8f:8b:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijdCHuiIlbj3BzO0jw4E/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjUwMTAxMTU0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTIzYjM3MDliODljZTdjYTlkM2VjODJhMzVlYWY3MzAwYmU0OGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimFA7bM+8wI1QOgdCQze9sgi1x/g
n8rlkmEfmc3pEDzsOBOd6MLx9WzS0kDlT53rPipzcYN+WtddOHJxoWuwH9425dLJ
FbzvKedF0h39JEWAZ2kOV4wN7avAxyyBJxrkif5oFJsGfgiA3ipjSx4ldkfQyzrL
NrnOttkDqQeUXAMfIfrbBXyfMo63uUQ1JCOP9tR0rW2Q6D+KdcOK4MBnkLMa8HWo
6hzYY9Lk7QJHAbDWC0GmGitG5SgxlCd/e/M0YfYX3ggi39sJ/9ZW1F39s6LGRxQq
oVwj1vlCY2PxGpMirrWBtEERkMG9gIQgtb62VLcXRbR8bgmHnrPFZqF2BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEjs3Cbic58qdPsgqNer3MAvkjuMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvY1NPemNKdUp6bnlwMC15Q28xNnZjd0MtU080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSoeMA0G
CSqGSIb3DQEBCwUAA4IBAQCo3+2br0pfjqFixtJnXgzzf82S8oPGPq8WfWYZFVw3
05XdKCQPmpbLdc15uS1DEg1rsoGNzBs4ngubjl6KUYObQw/y2wC+voHzJ3QCL7iN
hQCCsaZgqSSoAol+sT9r/PxibUeQ0bleKfOEMVRrsyRxhrbfJ8b5/blXpAJnspRB
M/cl6KpBH9ty4q2D3o2zIq9fMujRBEeK44i419qPa6n1+Fc+ML+BZaMwd/s/dpg5
xixScCCQrheLimWU5IlqQ9WmnoZ/ruKNO/KBVvLSOYi0nQinWP7wcSVmyVhr77Eo
dA9ehZiXjEP+d4dSrhqjMkC7K0GsQPG7YMUK7OSPj4sv
-----END CERTIFICATE-----