Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/2z44fAwQyyEeWoKCF_G5EjvRE_Q.roa
File:                     2z44fAwQyyEeWoKCF_G5EjvRE_Q.roa (raw, json)
Hash identifier:          Z34LIfgBtYIlenX8BP2t8IUqfPpsJULSyBoNS38aJWk=
Subject key identifier:   DB:3E:38:7C:0C:10:CB:21:1E:5A:82:82:17:F1:B9:12:3B:D1:13:F4
Certificate issuer:       /CN=3eb903284a1d15dc158ad7182ea0bce786ceb2ad
Certificate serial:       019420682DBAAC5EB4D23845478C64F80C08
Authority key identifier: 3E:B9:03:28:4A:1D:15:DC:15:8A:D7:18:2E:A0:BC:E7:86:CE:B2:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/2z44fAwQyyEeWoKCF_G5EjvRE_Q.roa
Signing time:             Wed 01 Jan 2025 05:48:05 +0000
ROA not before:           Wed 01 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205677
IP address blocks:        89.31.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2d:ba:ac:5e:b4:d2:38:45:47:8c:64:f8:0c:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb903284a1d15dc158ad7182ea0bce786ceb2ad
        Validity
            Not Before: Jan  1 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db3e387c0c10cb211e5a828217f1b9123bd113f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4e:9f:f8:5e:89:bf:08:16:6e:1a:78:ac:91:
                    b4:97:96:68:a8:65:b5:fe:45:09:45:67:47:28:18:
                    5a:c7:ce:3f:b7:63:0c:bc:43:14:45:1c:b3:92:fc:
                    f5:32:9d:8e:9b:c9:21:3d:7c:11:93:f6:df:9e:50:
                    c3:b5:62:ec:3b:26:42:20:0c:95:a9:77:42:73:7a:
                    00:eb:85:02:fe:5a:fc:87:ce:cb:bd:62:5b:4a:69:
                    5f:0f:4b:69:b0:53:07:61:e0:67:83:de:13:28:d8:
                    d1:dd:a4:e0:52:88:ff:0d:2a:0f:cf:30:88:ec:68:
                    e1:4b:2b:17:5b:90:23:4a:f8:6d:a1:62:7c:43:d5:
                    0c:1d:06:54:da:2b:2a:ab:bc:4c:9c:ab:a6:6a:f0:
                    f3:bd:1b:06:25:eb:fb:6c:6f:f0:36:7a:08:ed:be:
                    2e:73:9a:b5:72:c8:30:8e:c7:28:ac:48:7e:b0:68:
                    50:31:7d:65:d6:6b:61:e7:b1:c5:bd:26:a2:c4:79:
                    05:b7:d0:2e:7d:af:75:41:3b:6e:6e:53:41:1f:e6:
                    65:43:83:aa:be:66:3f:09:a8:6a:63:fa:08:d6:30:
                    03:ef:70:ae:bd:1f:40:87:dd:16:cd:59:40:67:6b:
                    fb:5e:b5:34:dd:d7:e5:ea:82:84:db:43:79:ef:66:
                    35:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3E:38:7C:0C:10:CB:21:1E:5A:82:82:17:F1:B9:12:3B:D1:13:F4
            X509v3 Authority Key Identifier:
                keyid:3E:B9:03:28:4A:1D:15:DC:15:8A:D7:18:2E:A0:BC:E7:86:CE:B2:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/2z44fAwQyyEeWoKCF_G5EjvRE_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:a3:f8:f5:85:ac:e3:63:b1:f0:61:af:d0:39:dd:8c:4d:33:
         dd:c9:61:2b:af:5d:8a:85:cc:bd:48:bb:46:f5:34:ee:eb:71:
         bf:c0:e4:d5:89:35:27:a5:1c:0c:55:49:d2:ee:ea:3d:8b:23:
         37:a7:86:1a:ec:e4:61:d2:c9:06:2e:95:96:70:e3:66:e3:ff:
         ca:db:a3:1a:53:da:a1:df:e4:85:a7:b2:9e:54:b4:42:15:76:
         d6:9c:26:17:63:fa:c1:2c:ce:78:07:05:25:77:86:4a:71:e8:
         fe:0a:e5:17:bf:40:fe:72:5b:62:60:cc:3f:df:d9:b7:d9:b4:
         ee:5f:56:e1:4a:01:3e:13:32:44:6d:e9:c5:41:59:63:0b:c8:
         4d:be:a1:ee:e2:45:01:65:62:49:3c:70:10:77:76:2a:6c:39:
         8f:81:a5:52:d7:bf:56:6d:68:04:41:fb:81:4c:0f:e4:bf:4a:
         c6:04:82:55:c5:8e:1a:d0:c4:3c:63:6e:d6:ad:37:f9:e1:33:
         3b:43:5a:93:2a:30:29:57:80:f7:15:a0:50:b3:16:f8:ae:2e:
         65:57:cb:6b:ed:91:2a:a2:c5:df:cf:d8:42:7b:ff:ae:fb:de:
         c3:3d:05:d5:6e:32:ea:08:c1:c3:c0:58:5c:cc:dc:c5:fc:f1:
         17:40:d4:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaC26rF600jhFR4xk+AwIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjkwMzI4NGExZDE1ZGMxNThhZDcxODJlYTBiY2U3ODZj
ZWIyYWQwHhcNMjUwMTAxMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNlMzg3YzBjMTBjYjIxMWU1YTgyODIxN2YxYjkxMjNiZDExM2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAok6f+F6JvwgWbhp4rJG0l5ZoqGW1
/kUJRWdHKBhax84/t2MMvEMURRyzkvz1Mp2Om8khPXwRk/bfnlDDtWLsOyZCIAyV
qXdCc3oA64UC/lr8h87LvWJbSmlfD0tpsFMHYeBng94TKNjR3aTgUoj/DSoPzzCI
7GjhSysXW5AjSvhtoWJ8Q9UMHQZU2isqq7xMnKumavDzvRsGJev7bG/wNnoI7b4u
c5q1csgwjscorEh+sGhQMX1l1mth57HFvSaixHkFt9Aufa91QTtublNBH+ZlQ4Oq
vmY/CahqY/oI1jAD73CuvR9Ah90WzVlAZ2v7XrU03dfl6oKE20N572Y1UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs+OHwMEMshHlqCghfxuRI70RP0MB8GA1UdIwQY
MBaAFD65AyhKHRXcFYrXGC6gvOeGzrKtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJrREtFb2RGZHdWaXRjWUxxQzg1NGJPc3EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi85MmVhOWYtYjEyZS00ZGQ1LTliZDMt
Yjc3ZGM4ZGMxYzdlLzEvMno0NGZBd1F5eUVlV29LQ0ZfRzVFanZSRV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi85MmVhOWYtYjEyZS00ZGQ1LTliZDMtYjc3ZGM4ZGMxYzdl
LzEvUHJrREtFb2RGZHdWaXRjWUxxQzg1NGJPc3EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWR9AMA0G
CSqGSIb3DQEBCwUAA4IBAQCBo/j1hazjY7HwYa/QOd2MTTPdyWErr12Khcy9SLtG
9TTu63G/wOTViTUnpRwMVUnS7uo9iyM3p4Ya7ORh0skGLpWWcONm4//K26MaU9qh
3+SFp7KeVLRCFXbWnCYXY/rBLM54BwUld4ZKcej+CuUXv0D+cltiYMw/39m32bTu
X1bhSgE+EzJEbenFQVljC8hNvqHu4kUBZWJJPHAQd3YqbDmPgaVS179WbWgEQfuB
TA/kv0rGBIJVxY4a0MQ8Y27WrTf54TM7Q1qTKjApV4D3FaBQsxb4ri5lV8tr7ZEq
osXfz9hCe/+u+97DPQXVbjLqCMHDwFhczNzF/PEXQNS/
-----END CERTIFICATE-----