Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/s8x3Zl1NTIQSd2VaNW3r7mX9Qt0.roa
File:                     s8x3Zl1NTIQSd2VaNW3r7mX9Qt0.roa (raw, json)
Hash identifier:          955pA2YQRo69WOfGT4zy28ccgCxBC3J2614wD9x3OY4=
Subject key identifier:   B3:CC:77:66:5D:4D:4C:84:12:77:65:5A:35:6D:EB:EE:65:FD:42:DD
Certificate issuer:       /CN=3eb903284a1d15dc158ad7182ea0bce786ceb2ad
Certificate serial:       019420682E270628408323770A327715BA6E
Authority key identifier: 3E:B9:03:28:4A:1D:15:DC:15:8A:D7:18:2E:A0:BC:E7:86:CE:B2:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/s8x3Zl1NTIQSd2VaNW3r7mX9Qt0.roa
Signing time:             Wed 01 Jan 2025 05:48:05 +0000
ROA not before:           Wed 01 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208404
IP address blocks:        89.31.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2e:27:06:28:40:83:23:77:0a:32:77:15:ba:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb903284a1d15dc158ad7182ea0bce786ceb2ad
        Validity
            Not Before: Jan  1 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3cc77665d4d4c841277655a356debee65fd42dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:41:88:01:9b:b9:27:69:e2:ae:38:ff:e9:75:
                    f4:f6:d9:2c:58:44:42:d3:68:36:d5:67:de:c6:a4:
                    a8:02:86:4d:81:7f:27:8d:03:66:0c:c5:58:53:c6:
                    ae:e5:a0:25:24:c8:71:70:a2:33:b1:fe:1a:93:d4:
                    1b:ec:6d:a7:1c:4a:f9:93:81:e4:f2:6a:1c:33:50:
                    ea:c7:a5:23:2c:21:6a:dd:57:53:21:85:35:a1:1e:
                    e6:2a:4d:80:08:13:df:6f:59:25:12:31:e0:67:fb:
                    cd:48:14:ba:34:3b:07:0f:f9:ad:fd:77:29:05:19:
                    af:e5:3b:7d:e2:23:66:ab:91:cd:3d:fd:a4:dc:c9:
                    61:dc:52:65:ed:70:53:22:d6:7d:03:8b:75:0f:54:
                    b6:d2:86:7b:e6:bd:33:40:f7:dd:cb:bd:c0:7a:ad:
                    1e:90:05:c5:3d:9d:f6:a8:03:34:eb:4e:43:67:2d:
                    13:75:24:96:b0:53:51:f5:d5:6c:7f:4e:72:9e:05:
                    28:ba:d0:97:15:e6:d9:f5:3d:bf:f3:8b:41:40:44:
                    d4:e5:28:f9:23:77:64:64:11:12:70:b9:ad:df:af:
                    7f:6a:89:00:65:5d:8c:ab:3b:67:27:30:05:3e:9e:
                    0c:7e:ec:47:34:5d:47:c8:99:44:0b:91:34:64:f3:
                    01:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:CC:77:66:5D:4D:4C:84:12:77:65:5A:35:6D:EB:EE:65:FD:42:DD
            X509v3 Authority Key Identifier:
                keyid:3E:B9:03:28:4A:1D:15:DC:15:8A:D7:18:2E:A0:BC:E7:86:CE:B2:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/s8x3Zl1NTIQSd2VaNW3r7mX9Qt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:66:bb:95:c8:d1:08:c2:bc:ce:ed:e9:63:3c:84:77:0d:c8:
         1b:7a:9d:f6:f0:4b:62:5b:84:e9:15:dc:80:fa:55:22:27:ff:
         56:e5:1a:26:00:63:1c:d8:c7:58:54:d8:ea:df:e1:63:00:3a:
         1a:96:95:21:fa:c2:d3:bb:58:b7:75:35:92:9d:ad:34:e4:62:
         8d:9a:2b:a3:b7:1e:87:ac:68:ec:55:5c:12:43:b1:59:7c:3a:
         a0:23:c3:2e:89:c0:a1:eb:9e:61:49:68:fb:18:09:df:52:60:
         db:a8:5d:1e:c2:69:97:7b:3c:e6:d0:60:8a:b1:9d:b4:d6:b6:
         19:ad:a0:20:b5:35:5d:50:d9:44:a7:11:5a:b3:4c:22:10:95:
         64:6f:49:1b:5e:06:62:6a:b8:2f:03:15:1a:24:1b:ea:db:1b:
         48:67:dd:62:fc:5f:4e:b5:f6:4e:e0:2d:5f:75:95:c1:f7:c0:
         f4:af:05:02:2c:0b:77:19:15:fd:5c:66:80:73:1b:0c:c6:76:
         5c:c9:14:1e:97:d6:d1:a6:f5:6f:a5:14:17:1b:8a:a9:d2:4e:
         18:9d:8c:61:a2:9f:95:5f:27:5c:1f:b6:77:50:cd:a9:54:39:
         bb:ca:4e:a0:a6:83:05:12:d1:03:46:b8:b2:16:b5:f3:51:a7:
         62:36:6a:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaC4nBihAgyN3CjJ3FbpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjkwMzI4NGExZDE1ZGMxNThhZDcxODJlYTBiY2U3ODZj
ZWIyYWQwHhcNMjUwMTAxMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2NjNzc2NjVkNGQ0Yzg0MTI3NzY1NWEzNTZkZWJlZTY1ZmQ0MmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkGIAZu5J2nirjj/6XX09tksWERC
02g21WfexqSoAoZNgX8njQNmDMVYU8au5aAlJMhxcKIzsf4ak9Qb7G2nHEr5k4Hk
8mocM1Dqx6UjLCFq3VdTIYU1oR7mKk2ACBPfb1klEjHgZ/vNSBS6NDsHD/mt/Xcp
BRmv5Tt94iNmq5HNPf2k3Mlh3FJl7XBTItZ9A4t1D1S20oZ75r0zQPfdy73Aeq0e
kAXFPZ32qAM0605DZy0TdSSWsFNR9dVsf05yngUoutCXFebZ9T2/84tBQETU5Sj5
I3dkZBEScLmt369/aokAZV2MqztnJzAFPp4MfuxHNF1HyJlEC5E0ZPMBmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPMd2ZdTUyEEndlWjVt6+5l/ULdMB8GA1UdIwQY
MBaAFD65AyhKHRXcFYrXGC6gvOeGzrKtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJrREtFb2RGZHdWaXRjWUxxQzg1NGJPc3EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi85MmVhOWYtYjEyZS00ZGQ1LTliZDMt
Yjc3ZGM4ZGMxYzdlLzEvczh4M1psMU5USVFTZDJWYU5XM3I3bVg5UXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi85MmVhOWYtYjEyZS00ZGQ1LTliZDMtYjc3ZGM4ZGMxYzdl
LzEvUHJrREtFb2RGZHdWaXRjWUxxQzg1NGJPc3EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWR9CMA0G
CSqGSIb3DQEBCwUAA4IBAQCOZruVyNEIwrzO7eljPIR3Dcgbep328EtiW4TpFdyA
+lUiJ/9W5RomAGMc2MdYVNjq3+FjADoalpUh+sLTu1i3dTWSna005GKNmiujtx6H
rGjsVVwSQ7FZfDqgI8MuicCh655hSWj7GAnfUmDbqF0ewmmXezzm0GCKsZ201rYZ
raAgtTVdUNlEpxFas0wiEJVkb0kbXgZiargvAxUaJBvq2xtIZ91i/F9OtfZO4C1f
dZXB98D0rwUCLAt3GRX9XGaAcxsMxnZcyRQel9bRpvVvpRQXG4qp0k4YnYxhop+V
XydcH7Z3UM2pVDm7yk6gpoMFEtEDRriyFrXzUadiNmq5
-----END CERTIFICATE-----