Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/M29MZHaUVWtK3najarc1yezWgKc.roa
File:                     M29MZHaUVWtK3najarc1yezWgKc.roa (raw, json)
Hash identifier:          DgsfcRzAIkNIxHuMwWB3b5pmyNDgSLwh6M/sC1bq7QQ=
Subject key identifier:   33:6F:4C:64:76:94:55:6B:4A:DE:76:A3:6A:B7:35:C9:EC:D6:80:A7
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       0196FC8AC4AF0501B5ADDAB5766624695BB2
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/M29MZHaUVWtK3najarc1yezWgKc.roa
Signing time:             Fri 23 May 2025 09:47:54 +0000
ROA not before:           Fri 23 May 2025 09:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        89.18.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:8a:c4:af:05:01:b5:ad:da:b5:76:66:24:69:5b:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: May 23 09:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=336f4c647694556b4ade76a36ab735c9ecd680a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ca:df:1e:b3:b8:be:71:44:19:a2:70:82:35:
                    8a:4c:20:9a:4b:f2:05:0b:e1:8b:72:bc:ce:ff:07:
                    e4:00:1b:af:ee:94:90:61:2a:d3:0a:96:05:d7:9b:
                    25:f8:86:99:1f:d7:bf:27:3e:66:bf:af:40:e3:d2:
                    5a:6f:74:f4:cf:f9:7d:b2:fd:7b:c3:0a:72:8c:af:
                    59:72:65:50:7b:2f:36:55:c4:a6:25:15:8f:68:c2:
                    92:6f:f2:ec:9d:fe:2b:b9:8b:12:32:c3:b9:74:80:
                    40:89:42:d5:5b:5f:d3:fc:48:19:b4:67:2b:a6:9c:
                    f5:80:1b:47:23:72:97:10:bb:ef:f1:2a:19:04:60:
                    79:07:5c:c4:b9:30:cd:e9:1e:2a:85:91:ff:31:08:
                    d5:f5:f8:a3:39:57:a2:c9:1d:75:08:fd:f6:ba:59:
                    3c:43:4d:5e:ba:d8:fc:57:c6:49:1e:07:0a:66:0c:
                    40:68:9c:e3:54:ab:8e:2c:a3:e8:98:4f:74:86:b5:
                    71:79:43:2c:08:02:0d:1e:28:46:25:d5:59:61:07:
                    c1:ca:50:88:bb:bc:7d:53:25:df:fa:e5:38:d4:6b:
                    8c:a9:ec:6c:9d:14:e4:9b:e3:1a:37:2e:33:ab:5a:
                    c8:a2:0a:40:34:31:45:af:5d:8b:78:88:ae:ea:a7:
                    fb:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:6F:4C:64:76:94:55:6B:4A:DE:76:A3:6A:B7:35:C9:EC:D6:80:A7
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/M29MZHaUVWtK3najarc1yezWgKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:6a:0a:b9:73:c3:6f:2b:71:26:79:54:ba:58:34:fa:82:f3:
         74:75:3f:60:7a:be:9b:29:a0:03:7e:d3:c6:e4:50:4f:c0:c9:
         8f:e3:9a:d5:1d:35:61:25:7e:24:fe:c1:d5:92:fa:21:8d:96:
         bf:d1:73:98:47:b6:d6:df:69:93:43:08:50:27:ac:bc:c4:5f:
         5c:8c:f5:0a:a5:a2:3a:c0:ef:4a:f2:3f:31:6b:5f:99:20:a8:
         f3:76:c3:52:99:63:14:07:26:05:38:34:95:23:d0:5c:ac:a5:
         0a:40:cf:0a:0b:95:6d:d9:8e:6a:15:cb:b3:84:c6:97:01:c3:
         f0:e3:ad:3c:b1:c0:42:32:0c:7d:f1:6f:f9:a2:a6:ef:6f:bd:
         b9:89:d3:bd:c3:77:56:c7:bc:43:16:c9:c6:ea:5f:14:42:4a:
         17:33:73:de:97:eb:3d:b5:07:8e:87:84:8d:9b:1f:6f:78:9e:
         54:a7:bf:73:01:51:79:29:a6:33:75:5b:72:df:93:e9:2b:bd:
         76:0a:df:01:b7:1b:14:7f:52:7d:0a:27:11:a1:d2:b6:84:1c:
         a8:4d:c7:6e:0d:24:22:11:29:e2:92:11:f6:05:cf:92:8d:b6:
         2f:31:70:69:db:f4:cb:fd:92:3c:9a:10:1d:d9:a8:85:23:07:
         2e:51:d3:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb8isSvBQG1rdq1dmYkaVuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUwNTIzMDk0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzZmNGM2NDc2OTQ1NTZiNGFkZTc2YTM2YWI3MzVjOWVjZDY4MGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcrfHrO4vnFEGaJwgjWKTCCaS/IF
C+GLcrzO/wfkABuv7pSQYSrTCpYF15sl+IaZH9e/Jz5mv69A49Jab3T0z/l9sv17
wwpyjK9ZcmVQey82VcSmJRWPaMKSb/Lsnf4ruYsSMsO5dIBAiULVW1/T/EgZtGcr
ppz1gBtHI3KXELvv8SoZBGB5B1zEuTDN6R4qhZH/MQjV9fijOVeiyR11CP32ulk8
Q01eutj8V8ZJHgcKZgxAaJzjVKuOLKPomE90hrVxeUMsCAINHihGJdVZYQfBylCI
u7x9UyXf+uU41GuMqexsnRTkm+MaNy4zq1rIogpANDFFr12LeIiu6qf7AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNvTGR2lFVrSt52o2q3Ncns1oCnMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvTTI5TVpIYVVWV3RLM25hamFyYzF5ZXpXZ0tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI4MA0G
CSqGSIb3DQEBCwUAA4IBAQBSagq5c8NvK3EmeVS6WDT6gvN0dT9ger6bKaADftPG
5FBPwMmP45rVHTVhJX4k/sHVkvohjZa/0XOYR7bW32mTQwhQJ6y8xF9cjPUKpaI6
wO9K8j8xa1+ZIKjzdsNSmWMUByYFODSVI9BcrKUKQM8KC5Vt2Y5qFcuzhMaXAcPw
4608scBCMgx98W/5oqbvb725idO9w3dWx7xDFsnG6l8UQkoXM3Pel+s9tQeOh4SN
mx9veJ5Up79zAVF5KaYzdVty35PpK712Ct8BtxsUf1J9CicRodK2hByoTcduDSQi
ESnikhH2Bc+SjbYvMXBp2/TL/ZI8mhAd2aiFIwcuUdPe
-----END CERTIFICATE-----