Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/tVe9NnJO2Z95ZTZ1L61RChKUAa0.roa
File:                     tVe9NnJO2Z95ZTZ1L61RChKUAa0.roa (raw, json)
Hash identifier:          f4jqfRGm53uIrMSNBpcr7YiVL+9kyYDEvd948D1JBYA=
Subject key identifier:   B5:57:BD:36:72:4E:D9:9F:79:65:36:75:2F:AD:51:0A:12:94:01:AD
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       019715DBC97FF88E19E036D9A070F9F25770
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/tVe9NnJO2Z95ZTZ1L61RChKUAa0.roa
Signing time:             Wed 28 May 2025 07:46:54 +0000
ROA not before:           Wed 28 May 2025 07:46:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        89.18.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:db:c9:7f:f8:8e:19:e0:36:d9:a0:70:f9:f2:57:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: May 28 07:46:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b557bd36724ed99f796536752fad510a129401ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a0:ef:b6:0c:2f:44:c2:70:1d:c6:38:5c:28:
                    27:b0:de:4d:ee:97:0f:6e:76:5d:fa:79:8e:46:6a:
                    5a:40:e4:37:38:bf:1e:09:d8:d2:fe:fa:ac:a6:e9:
                    b6:fb:12:e6:7b:48:2a:c0:50:61:4d:97:36:0e:97:
                    1e:e9:b0:ea:ad:80:eb:bb:52:ef:b6:1c:1f:e1:af:
                    ec:aa:3a:3f:90:fe:6e:08:b2:63:37:46:42:31:8d:
                    75:4a:6e:bf:fb:4e:ab:0d:f4:d9:c6:65:8d:49:4d:
                    06:11:19:41:11:98:0a:28:f0:55:90:68:39:94:a2:
                    1f:9d:98:af:d6:89:6e:e6:3c:fd:67:bc:a2:88:18:
                    da:f2:f3:81:1a:58:69:c4:75:32:b5:ae:c9:99:91:
                    0c:cb:14:9b:66:1b:64:6e:51:c8:d8:2d:02:ef:8a:
                    5f:31:2d:26:a7:e8:85:4d:7c:5b:70:da:81:db:7b:
                    60:66:21:37:99:09:d7:ff:7e:0a:a5:57:59:29:35:
                    b4:8c:29:e8:b7:a8:c7:ca:d5:99:9e:07:e7:c0:b9:
                    6d:b4:c7:2a:61:39:d6:7a:1e:0e:9f:be:c6:06:60:
                    82:c7:e0:66:1e:90:65:f1:30:89:07:53:35:40:7b:
                    ae:97:57:2e:dc:9d:16:64:a8:bc:46:4e:f2:08:ef:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:57:BD:36:72:4E:D9:9F:79:65:36:75:2F:AD:51:0A:12:94:01:AD
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/tVe9NnJO2Z95ZTZ1L61RChKUAa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:f4:68:c4:e1:12:49:31:a2:6b:dd:97:36:d4:2a:6d:59:a3:
         89:42:d4:1e:a9:f5:c1:2c:8b:d7:4e:26:b1:6e:9f:f9:f8:4e:
         b8:4c:1f:a6:5b:d3:f3:42:86:fa:f0:e8:5c:dd:20:64:88:ad:
         d6:1f:da:a2:d7:d6:23:4f:bd:fa:0e:f1:0e:96:c7:4a:0d:df:
         e8:66:f1:95:48:f0:bb:43:90:3e:f0:b0:30:14:d0:4e:ce:77:
         07:94:9f:ec:1e:d0:8f:12:ac:d9:56:1f:ef:2b:5e:b6:b9:2c:
         bf:c3:d3:dd:40:e1:7d:15:e6:08:85:8a:55:c3:ad:26:8d:82:
         11:b9:12:0d:b0:17:a7:11:50:99:ed:91:8f:f7:a3:b0:35:da:
         1c:af:d7:e7:8c:a1:ed:fa:81:cd:49:18:6d:15:16:e3:73:5c:
         33:50:7f:0d:1a:43:a5:ca:a8:e0:45:dd:aa:46:ef:44:8e:12:
         e0:8a:4b:09:34:0c:38:21:65:db:c1:8e:4c:39:64:a1:68:89:
         ba:91:5b:b5:f0:53:78:b5:c3:90:f9:e4:9c:c6:25:d6:a2:37:
         49:f4:43:ae:2f:27:82:b4:1b:df:23:26:e7:8b:0a:66:0c:2c:
         97:b5:20:10:cd:ed:67:22:e6:f2:db:02:c4:54:b0:db:27:7d:
         b2:01:2e:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcV28l/+I4Z4DbZoHD58ldwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUwNTI4MDc0NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTU3YmQzNjcyNGVkOTlmNzk2NTM2NzUyZmFkNTEwYTEyOTQwMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaDvtgwvRMJwHcY4XCgnsN5N7pcP
bnZd+nmORmpaQOQ3OL8eCdjS/vqspum2+xLme0gqwFBhTZc2Dpce6bDqrYDru1Lv
thwf4a/sqjo/kP5uCLJjN0ZCMY11Sm6/+06rDfTZxmWNSU0GERlBEZgKKPBVkGg5
lKIfnZiv1olu5jz9Z7yiiBja8vOBGlhpxHUyta7JmZEMyxSbZhtkblHI2C0C74pf
MS0mp+iFTXxbcNqB23tgZiE3mQnX/34KpVdZKTW0jCnot6jHytWZngfnwLlttMcq
YTnWeh4On77GBmCCx+BmHpBl8TCJB1M1QHuul1cu3J0WZKi8Rk7yCO9EzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVXvTZyTtmfeWU2dS+tUQoSlAGtMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvdFZlOU5uSk8yWjk1WlRaMUw2MVJDaEtVQWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI0MA0G
CSqGSIb3DQEBCwUAA4IBAQAp9GjE4RJJMaJr3Zc21CptWaOJQtQeqfXBLIvXTiax
bp/5+E64TB+mW9PzQob68Ohc3SBkiK3WH9qi19YjT736DvEOlsdKDd/oZvGVSPC7
Q5A+8LAwFNBOzncHlJ/sHtCPEqzZVh/vK162uSy/w9PdQOF9FeYIhYpVw60mjYIR
uRINsBenEVCZ7ZGP96OwNdocr9fnjKHt+oHNSRhtFRbjc1wzUH8NGkOlyqjgRd2q
Ru9EjhLgiksJNAw4IWXbwY5MOWShaIm6kVu18FN4tcOQ+eScxiXWojdJ9EOuLyeC
tBvfIybniwpmDCyXtSAQze1nIuby2wLEVLDbJ32yAS7a
-----END CERTIFICATE-----