Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/89qLG1K07SoB9KnzvBmCV6QFSkI.roa
File:                     89qLG1K07SoB9KnzvBmCV6QFSkI.roa (raw, json)
Hash identifier:          +0xILp3yJ9G90xUu2Ml6EPqNrjSk0rDe+FJWrTAlYPw=
Subject key identifier:   F3:DA:8B:1B:52:B4:ED:2A:01:F4:A9:F3:BC:19:82:57:A4:05:4A:42
Certificate issuer:       /CN=06cc2a26b31ac24bc5295d24a8e13071f2ff0d61
Certificate serial:       019426D9F82D77DC4F7DA41605C4E78FE762
Authority key identifier: 06:CC:2A:26:B3:1A:C2:4B:C5:29:5D:24:A8:E1:30:71:F2:FF:0D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/89qLG1K07SoB9KnzvBmCV6QFSkI.roa
Signing time:             Thu 02 Jan 2025 11:50:06 +0000
ROA not before:           Thu 02 Jan 2025 11:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        81.30.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f8:2d:77:dc:4f:7d:a4:16:05:c4:e7:8f:e7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06cc2a26b31ac24bc5295d24a8e13071f2ff0d61
        Validity
            Not Before: Jan  2 11:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3da8b1b52b4ed2a01f4a9f3bc198257a4054a42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:06:21:da:86:46:48:f4:61:92:db:e9:74:05:
                    58:4f:ad:ac:56:48:28:96:6f:64:d4:98:41:76:19:
                    4b:dd:81:35:e8:49:5c:05:3e:51:d1:53:ec:a8:8c:
                    8f:14:0d:eb:a8:76:cd:93:c9:1d:55:5a:d3:a9:ce:
                    ee:ae:39:b8:10:3c:a9:24:ef:46:dc:36:d5:d1:cd:
                    63:98:a6:3a:6b:61:0e:c8:b6:8f:e9:f9:ba:b1:ff:
                    09:a2:a9:03:ee:31:c4:4b:83:ac:a0:c3:57:ed:06:
                    58:8b:56:99:45:73:af:f8:18:d5:8f:d9:62:f8:44:
                    b3:71:04:7e:62:6a:28:cb:4e:8b:e2:2a:4c:57:c3:
                    b9:4c:19:2d:0e:d7:e9:fb:56:e5:2d:27:20:c1:15:
                    7d:a4:8e:cb:3f:ba:11:3e:f2:ee:5d:20:78:0b:b7:
                    b4:bc:d1:52:e1:3d:29:e9:ec:ee:cc:6f:f0:90:e3:
                    e1:34:fe:fb:3d:08:02:75:8c:b9:37:3e:7b:ff:22:
                    64:1d:55:f5:b3:76:16:d3:7f:5b:43:f5:14:59:38:
                    0d:8f:13:b6:62:fc:13:0f:53:cf:f5:d5:9c:c8:0f:
                    29:94:70:ce:59:8f:50:41:77:25:15:d7:48:74:14:
                    d1:7b:56:52:57:55:9b:44:79:63:4a:57:65:dc:b7:
                    88:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:DA:8B:1B:52:B4:ED:2A:01:F4:A9:F3:BC:19:82:57:A4:05:4A:42
            X509v3 Authority Key Identifier:
                keyid:06:CC:2A:26:B3:1A:C2:4B:C5:29:5D:24:A8:E1:30:71:F2:FF:0D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/89qLG1K07SoB9KnzvBmCV6QFSkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:e7:de:f8:4a:28:e1:71:97:3e:4a:7f:e7:61:16:9c:65:e5:
         99:a8:51:d4:e3:61:f2:61:8c:c0:f9:f8:0f:52:d8:39:69:9e:
         09:fc:de:2a:6e:6a:fa:dc:6e:19:36:dd:7d:c5:cc:ea:0c:95:
         4f:d7:ec:15:1e:4b:99:e5:ba:a2:a5:73:49:f8:87:b5:f9:5a:
         3a:9f:d8:14:ec:0f:d9:79:3f:49:d9:06:d3:15:c1:93:12:a3:
         9c:86:25:6f:8e:89:0d:bd:5e:f9:03:a1:0c:e6:3f:91:65:dc:
         14:17:53:85:e8:5c:67:b1:ab:f7:d4:9b:77:69:ba:c6:2c:45:
         69:39:d7:86:a6:03:cf:39:fa:db:53:a4:c2:58:18:35:ba:e1:
         19:55:20:65:85:e5:0f:d1:34:e0:6c:70:29:77:f9:23:b6:b2:
         f4:e6:e8:32:ec:32:10:11:78:74:df:35:dc:c3:12:4f:e9:7d:
         bf:ed:14:fd:3d:4e:7c:a1:65:4f:83:8e:03:15:eb:cf:79:19:
         6d:f8:0a:41:63:ed:43:37:23:f2:4d:8b:b9:39:ea:ee:72:a5:
         95:c9:d9:e1:65:83:29:19:7a:b5:8c:7a:e4:26:fa:fc:c8:ca:
         ab:d9:70:74:a0:10:64:d3:49:82:58:4d:85:5f:7e:5d:bb:d7:
         be:c1:d9:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2fgtd9xPfaQWBcTnj+diMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2Y2MyYTI2YjMxYWMyNGJjNTI5NWQyNGE4ZTEzMDcxZjJm
ZjBkNjEwHhcNMjUwMTAyMTE1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2RhOGIxYjUyYjRlZDJhMDFmNGE5ZjNiYzE5ODI1N2E0MDU0YTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAYh2oZGSPRhktvpdAVYT62sVkgo
lm9k1JhBdhlL3YE16ElcBT5R0VPsqIyPFA3rqHbNk8kdVVrTqc7urjm4EDypJO9G
3DbV0c1jmKY6a2EOyLaP6fm6sf8JoqkD7jHES4OsoMNX7QZYi1aZRXOv+BjVj9li
+ESzcQR+Ymooy06L4ipMV8O5TBktDtfp+1blLScgwRV9pI7LP7oRPvLuXSB4C7e0
vNFS4T0p6ezuzG/wkOPhNP77PQgCdYy5Nz57/yJkHVX1s3YW039bQ/UUWTgNjxO2
YvwTD1PP9dWcyA8plHDOWY9QQXclFddIdBTRe1ZSV1WbRHljSldl3LeI+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPaixtStO0qAfSp87wZglekBUpCMB8GA1UdIwQY
MBaAFAbMKiazGsJLxSldJKjhMHHy/w1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnN3cUpyTWF3a3ZGS1Ywa3FPRXdjZkxfRFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8xY2ZjOGEtMjdhMC00ZDc5LTgxNGYt
ZmQ4NDIxYmYyYmE5LzEvODlxTEcxSzA3U29COUtuenZCbUNWNlFGU2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8xY2ZjOGEtMjdhMC00ZDc5LTgxNGYtZmQ4NDIxYmYyYmE5
LzEvQnN3cUpyTWF3a3ZGS1Ywa3FPRXdjZkxfRFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5mMA0G
CSqGSIb3DQEBCwUAA4IBAQAT5974SijhcZc+Sn/nYRacZeWZqFHU42HyYYzA+fgP
Utg5aZ4J/N4qbmr63G4ZNt19xczqDJVP1+wVHkuZ5bqipXNJ+Ie1+Vo6n9gU7A/Z
eT9J2QbTFcGTEqOchiVvjokNvV75A6EM5j+RZdwUF1OF6Fxnsav31Jt3abrGLEVp
OdeGpgPPOfrbU6TCWBg1uuEZVSBlheUP0TTgbHApd/kjtrL05ugy7DIQEXh03zXc
wxJP6X2/7RT9PU58oWVPg44DFevPeRlt+ApBY+1DNyPyTYu5OerucqWVydnhZYMp
GXq1jHrkJvr8yMqr2XB0oBBk00mCWE2FX35du9e+wdkI
-----END CERTIFICATE-----