Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/aNZOgbC2ct7oBfvfODiPTTzSje4.roa
File:                     aNZOgbC2ct7oBfvfODiPTTzSje4.roa (raw, json)
Hash identifier:          REnD2uLHHDzM+UgqTv+vmaX5vz4XYKoCVVSGMH/Czts=
Subject key identifier:   68:D6:4E:81:B0:B6:72:DE:E8:05:FB:DF:38:38:8F:4D:3C:D2:8D:EE
Certificate issuer:       /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial:       019422FBFD42C43866BE8DAEE1E7C572312E
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/aNZOgbC2ct7oBfvfODiPTTzSje4.roa
Signing time:             Wed 01 Jan 2025 17:48:47 +0000
ROA not before:           Wed 01 Jan 2025 17:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212642
IP address blocks:        89.221.111.0/24 maxlen: 24
                          2a00:1e1f:ff00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 17:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:fd:42:c4:38:66:be:8d:ae:e1:e7:c5:72:31:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
        Validity
            Not Before: Jan  1 17:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68d64e81b0b672dee805fbdf38388f4d3cd28dee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ac:29:8b:ee:69:8a:fb:b3:e0:74:61:51:7c:
                    f5:c5:94:8d:35:a1:bd:b3:25:56:ea:25:b4:e2:a0:
                    6d:07:ab:8f:79:ac:ae:36:27:70:d5:ae:2a:9d:8c:
                    ea:94:3d:69:78:50:e4:3d:bd:fd:12:0b:be:d5:61:
                    22:26:9a:86:c5:d2:cc:b0:ce:03:27:1b:63:d6:17:
                    57:b1:a1:79:20:9e:8a:e6:fe:fe:19:30:52:c5:b4:
                    1a:4a:69:cb:b0:70:ab:28:71:f4:72:58:c8:d6:4f:
                    d3:a4:b8:08:73:1c:ec:d2:7e:ad:a2:51:0f:3e:7c:
                    86:1d:d4:02:93:45:db:a4:5e:a8:0e:97:80:10:ad:
                    3c:2a:d3:5b:53:7e:3b:30:1d:f1:29:34:2f:c0:9c:
                    52:1a:7a:11:6f:0a:f9:bf:ba:17:b3:05:ce:fc:bc:
                    b0:e8:ab:2d:fb:27:3d:28:0f:fb:10:fc:38:37:c3:
                    d8:19:53:c1:c3:d7:64:1c:3d:fa:14:06:86:d1:ec:
                    a6:2c:71:09:98:fa:91:97:9a:eb:d3:c3:01:08:fd:
                    a3:10:a2:43:3e:93:4a:ba:47:59:d6:64:e3:4f:eb:
                    f7:56:07:12:86:10:8a:f7:d6:c9:01:ee:60:b7:91:
                    3d:48:ec:10:2e:dd:a4:ad:d9:0b:f1:79:28:2f:62:
                    e2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D6:4E:81:B0:B6:72:DE:E8:05:FB:DF:38:38:8F:4D:3C:D2:8D:EE
            X509v3 Authority Key Identifier:
                keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/aNZOgbC2ct7oBfvfODiPTTzSje4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.221.111.0/24
                IPv6:
                  2a00:1e1f:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:f2:0f:59:70:a9:cf:00:da:7d:74:b6:df:dd:2a:7d:11:f0:
         0a:c5:9e:36:45:94:4f:c6:a4:8a:67:3e:d7:f0:af:03:8a:f5:
         73:1b:fc:ee:4e:98:b3:79:26:ce:57:b6:4e:61:5d:66:cb:44:
         cd:c9:66:96:01:36:71:c1:c9:d9:d5:14:b0:a8:71:ff:5a:2c:
         e6:e3:07:ff:87:b9:12:0c:01:c6:b3:f2:fa:7f:c2:7e:aa:0c:
         a3:70:d3:f1:ba:e3:ab:2a:52:1a:fb:00:4b:da:93:f6:fc:b1:
         5c:34:91:8b:50:34:e4:43:e7:53:33:2b:2d:bf:90:9c:49:f6:
         b9:0a:29:d5:ce:b5:48:9b:8d:48:f9:a6:f9:24:22:92:64:9c:
         03:1d:68:ad:61:6c:67:01:72:06:91:08:03:31:37:95:09:52:
         cd:42:ac:74:8e:c8:bb:37:3e:70:76:c8:19:56:bf:ae:94:bf:
         bb:83:b8:48:4f:61:04:e7:ac:7b:dd:95:1d:12:c8:21:d0:a2:
         d9:5a:f7:be:2b:de:0b:45:88:7e:0d:8e:b9:ea:cc:5b:5d:78:
         50:dd:38:36:c6:9d:c2:84:91:d1:b2:90:26:a0:f2:2c:57:e6:
         87:ef:cf:4a:97:04:8c:56:56:c5:00:00:36:65:33:00:1e:7e:
         e1:d3:9e:60
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQi+/1CxDhmvo2u4efFcjEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjUwMTAxMTc0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ2NGU4MWIwYjY3MmRlZTgwNWZiZGYzODM4OGY0ZDNjZDI4ZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqwpi+5pivuz4HRhUXz1xZSNNaG9
syVW6iW04qBtB6uPeayuNidw1a4qnYzqlD1peFDkPb39Egu+1WEiJpqGxdLMsM4D
Jxtj1hdXsaF5IJ6K5v7+GTBSxbQaSmnLsHCrKHH0cljI1k/TpLgIcxzs0n6tolEP
PnyGHdQCk0XbpF6oDpeAEK08KtNbU347MB3xKTQvwJxSGnoRbwr5v7oXswXO/Lyw
6Kst+yc9KA/7EPw4N8PYGVPBw9dkHD36FAaG0eymLHEJmPqRl5rr08MBCP2jEKJD
PpNKukdZ1mTjT+v3VgcShhCK99bJAe5gt5E9SOwQLt2krdkL8XkoL2LibQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFGjWToGwtnLe6AX73zg4j0080o3uMB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEvYU5aT2diQzJjdDdvQmZ2Zk9EaVBUVHpTamU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAWd1vMA4E
AgACMAgDBgAqAB4f/zANBgkqhkiG9w0BAQsFAAOCAQEAxPIPWXCpzwDafXS2390q
fRHwCsWeNkWUT8akimc+1/CvA4r1cxv87k6Ys3kmzle2TmFdZstEzclmlgE2ccHJ
2dUUsKhx/1os5uMH/4e5EgwBxrPy+n/CfqoMo3DT8brjqypSGvsAS9qT9vyxXDSR
i1A05EPnUzMrLb+QnEn2uQop1c61SJuNSPmm+SQikmScAx1orWFsZwFyBpEIAzE3
lQlSzUKsdI7Iuzc+cHbIGVa/rpS/u4O4SE9hBOese92VHRLIIdCi2Vr3viveC0WI
fg2OuerMW114UN04NsadwoSR0bKQJqDyLFfmh+/PSpcEjFZWxQAANmUzAB5+4dOe
YA==
-----END CERTIFICATE-----