Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/S1nE70948dC5DoQ6HvBbscWKaKw.roa
File:                     S1nE70948dC5DoQ6HvBbscWKaKw.roa (raw, json)
Hash identifier:          rrKy+sC3QNlyr1Y5CMFJM8t+NCjq84nz7sTi50q+o50=
Subject key identifier:   4B:59:C4:EF:4F:78:F1:D0:B9:0E:84:3A:1E:F0:5B:B1:C5:8A:68:AC
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       019537B23D5B9A7D58E54BA58A37FDD666FC
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/S1nE70948dC5DoQ6HvBbscWKaKw.roa
Signing time:             Mon 24 Feb 2025 11:23:02 +0000
ROA not before:           Mon 24 Feb 2025 11:23:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207252
IP address blocks:        89.18.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:37:b2:3d:5b:9a:7d:58:e5:4b:a5:8a:37:fd:d6:66:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: Feb 24 11:23:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b59c4ef4f78f1d0b90e843a1ef05bb1c58a68ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ba:f0:18:86:d6:82:09:98:0e:26:71:58:fe:
                    c5:b3:d2:73:9d:13:9b:23:ed:ee:9c:6c:fa:08:28:
                    95:c6:9d:63:72:5d:80:5c:5c:9c:c6:c3:bf:b3:d6:
                    93:2b:95:56:72:ea:87:66:73:79:4d:77:e4:2d:d2:
                    94:c0:4f:4e:83:98:d3:3b:fd:57:e1:cc:0b:92:57:
                    a2:f9:ed:14:a3:88:13:ab:ba:60:71:74:4d:5c:c6:
                    f6:57:53:83:8e:54:ce:d4:f4:ae:e6:13:85:58:15:
                    08:c1:83:df:73:a5:72:e0:d0:1d:93:c8:b0:1a:44:
                    b5:b5:79:9a:cd:d1:16:76:e9:56:00:c0:0f:05:bc:
                    ba:83:93:db:95:0a:c9:d3:8a:94:d4:24:4f:83:83:
                    2d:e5:c9:d5:a6:fa:08:78:5e:00:89:cc:3e:fa:91:
                    35:8a:76:14:6f:d6:3c:be:3b:0e:56:b9:08:cc:a1:
                    29:f1:ff:92:07:dc:6f:2f:06:3f:43:31:b6:91:5b:
                    e8:db:f7:0c:b9:13:16:3c:32:92:ff:f3:b8:30:b9:
                    f9:0a:48:f8:f0:27:ca:26:59:ee:9d:9b:8c:63:e4:
                    70:7a:f7:f1:ed:59:8a:d3:38:e8:69:ef:e4:a6:90:
                    5a:20:6b:2a:20:86:ba:b0:4b:bf:c8:0c:69:31:98:
                    fd:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:59:C4:EF:4F:78:F1:D0:B9:0E:84:3A:1E:F0:5B:B1:C5:8A:68:AC
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/S1nE70948dC5DoQ6HvBbscWKaKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:cf:f3:db:74:86:7f:85:f7:71:8c:3d:04:8e:79:e2:98:05:
         11:11:98:4e:06:3a:28:f3:5c:a1:07:8a:a1:81:d2:8d:f9:4d:
         26:d7:22:04:ba:e2:e4:ca:73:4a:f9:3a:0b:11:b4:65:1e:d0:
         51:d4:e5:b9:6e:c5:24:b8:a1:f7:e1:af:b9:5e:5e:57:87:13:
         87:9a:08:4d:44:45:b9:a1:c0:5d:d7:12:c5:43:11:4f:45:b2:
         a6:19:66:b0:b7:d3:d4:25:bc:c3:98:5d:bf:6a:cb:7e:fe:2d:
         f9:9b:f8:0c:12:fb:27:72:5a:80:23:bb:97:cd:a4:4d:57:9c:
         77:3c:27:58:2e:da:8e:d2:28:f5:aa:dd:b7:c5:a4:b7:08:8b:
         13:6f:bb:f8:b2:56:49:f0:8f:48:84:92:ee:64:a1:4d:d5:1c:
         66:32:9a:0e:cb:6d:f1:7e:37:01:db:b7:3e:3d:be:89:36:ec:
         27:71:43:69:02:6f:44:99:e6:5a:bb:c7:07:3f:23:11:3e:56:
         25:b4:66:b1:35:c4:bd:46:94:94:65:ec:4d:57:24:5d:d4:a2:
         df:73:83:f6:0d:45:c8:20:f6:18:27:1c:0e:22:78:2d:ac:a2:
         19:1a:be:e5:95:d2:a3:9f:cd:50:10:82:03:80:07:aa:b3:84:
         4f:e4:0a:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU3sj1bmn1Y5Uulijf91mb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUwMjI0MTEyMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjU5YzRlZjRmNzhmMWQwYjkwZTg0M2ExZWYwNWJiMWM1OGE2OGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorrwGIbWggmYDiZxWP7Fs9JznROb
I+3unGz6CCiVxp1jcl2AXFycxsO/s9aTK5VWcuqHZnN5TXfkLdKUwE9Og5jTO/1X
4cwLklei+e0Uo4gTq7pgcXRNXMb2V1ODjlTO1PSu5hOFWBUIwYPfc6Vy4NAdk8iw
GkS1tXmazdEWdulWAMAPBby6g5PblQrJ04qU1CRPg4Mt5cnVpvoIeF4Aicw++pE1
inYUb9Y8vjsOVrkIzKEp8f+SB9xvLwY/QzG2kVvo2/cMuRMWPDKS//O4MLn5Ckj4
8CfKJlnunZuMY+Rwevfx7VmK0zjoae/kppBaIGsqIIa6sEu/yAxpMZj9awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtZxO9PePHQuQ6EOh7wW7HFimisMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvUzFuRTcwOTQ4ZEM1RG9RNkh2QmJzY1dLYUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI8MA0G
CSqGSIb3DQEBCwUAA4IBAQAvz/PbdIZ/hfdxjD0EjnnimAUREZhOBjoo81yhB4qh
gdKN+U0m1yIEuuLkynNK+ToLEbRlHtBR1OW5bsUkuKH34a+5Xl5XhxOHmghNREW5
ocBd1xLFQxFPRbKmGWawt9PUJbzDmF2/ast+/i35m/gMEvsnclqAI7uXzaRNV5x3
PCdYLtqO0ij1qt23xaS3CIsTb7v4slZJ8I9IhJLuZKFN1RxmMpoOy23xfjcB27c+
Pb6JNuwncUNpAm9EmeZau8cHPyMRPlYltGaxNcS9RpSUZexNVyRd1KLfc4P2DUXI
IPYYJxwOIngtrKIZGr7lldKjn81QEIIDgAeqs4RP5ApT
-----END CERTIFICATE-----