Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/nfEFUPm3YqGp7FQGkGbFir0VX4k.roa
File:                     nfEFUPm3YqGp7FQGkGbFir0VX4k.roa (raw, json)
Hash identifier:          wcnZ1tdaEqbHq23LSrQJa3uBDPQRdB3Kf9OV1V7J1L8=
Subject key identifier:   9D:F1:05:50:F9:B7:62:A1:A9:EC:54:06:90:66:C5:8A:BD:15:5F:89
Certificate issuer:       /CN=845c58752f3336422ff0ee1726474591e7a41e5f
Certificate serial:       019424454B9C545F1ECD02E8822B7401A55D
Authority key identifier: 84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/nfEFUPm3YqGp7FQGkGbFir0VX4k.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5539
IP address blocks:        89.35.174.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4b:9c:54:5f:1e:cd:02:e8:82:2b:74:01:a5:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845c58752f3336422ff0ee1726474591e7a41e5f
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9df10550f9b762a1a9ec54069066c58abd155f89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:8f:25:72:6b:68:b1:84:6d:46:7b:fe:5b:b6:
                    29:09:40:a0:d7:6d:5b:2a:fe:bc:9e:55:e7:34:47:
                    76:d6:58:2f:c5:2c:07:a4:ca:43:d2:c2:f5:18:c7:
                    3a:6b:ac:b6:82:a0:b6:51:ac:60:94:89:ce:98:53:
                    87:72:d3:78:82:2b:ab:26:95:76:44:6e:e7:db:90:
                    00:96:2b:a3:5f:18:cb:d0:e8:bd:d2:af:67:9b:41:
                    95:59:1c:dc:c8:1b:37:0c:cf:1f:5b:f2:e3:da:f7:
                    1e:9e:e0:8d:bd:db:55:09:10:c0:9c:79:fb:69:de:
                    21:ce:f6:b4:01:3e:f3:70:ed:a0:a4:a4:95:1c:fe:
                    f8:fc:7c:32:26:99:45:6b:25:20:17:ab:4f:21:68:
                    f4:a8:7e:a2:5e:e8:52:04:3d:b2:aa:b3:07:7d:ed:
                    cd:b0:eb:c6:c7:52:ea:96:12:25:a4:1e:66:03:bb:
                    e6:a5:34:be:83:c1:0e:07:c0:01:4b:5c:6b:7d:26:
                    b8:c1:52:40:b5:e5:c8:18:39:7d:17:77:bf:1d:b0:
                    c8:a4:e0:35:8c:b8:8e:ae:87:8c:4f:d9:37:89:a5:
                    b2:56:13:92:61:63:a6:e6:b5:23:c9:4d:b6:77:53:
                    1d:a0:b2:3a:40:70:2d:b5:d4:73:34:97:bc:ad:23:
                    a2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:F1:05:50:F9:B7:62:A1:A9:EC:54:06:90:66:C5:8A:BD:15:5F:89
            X509v3 Authority Key Identifier:
                keyid:84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/nfEFUPm3YqGp7FQGkGbFir0VX4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:b1:90:f9:17:65:4d:1c:1f:c4:b6:f8:ab:6e:c0:98:3c:7f:
         44:55:ba:83:75:53:7b:ba:54:82:b9:43:ad:1f:6b:84:59:da:
         4e:0b:ef:7b:67:b6:b1:8c:c9:77:41:f8:41:2a:6c:dc:9f:fe:
         e5:92:98:57:a6:9e:4f:06:3b:d8:8d:a7:a1:ce:3a:03:6e:4a:
         cb:3a:0f:ea:92:32:5f:b9:9c:0b:37:b4:e6:d2:6c:64:31:4d:
         f8:9a:c9:fa:c2:3b:3f:d4:24:55:a7:ef:7a:25:4b:4a:7b:8f:
         97:55:6f:3f:7e:68:1c:41:4a:b4:48:10:b7:4c:a8:d7:84:86:
         3f:26:01:00:0d:eb:00:e9:d5:15:9b:82:42:34:a9:96:9a:7d:
         8e:c4:af:ef:6d:9d:9c:46:b1:c8:35:d5:b7:55:40:b2:b5:1b:
         86:07:9e:53:8d:03:c9:94:09:e1:32:3f:a4:97:9d:87:86:58:
         ee:29:16:d8:08:89:60:af:59:c8:98:23:47:33:af:59:e3:95:
         1d:9d:b8:d0:16:f1:48:43:82:84:8f:a1:f5:77:46:1b:c5:04:
         e3:f7:84:7e:bf:ad:e1:38:db:a3:7d:02:b8:71:38:f1:0a:83:
         9e:c7:e2:2f:a1:73:9a:79:c9:42:2d:7a:48:69:0a:2a:a6:f0:
         71:64:f1:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUucVF8ezQLogit0AaVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWM1ODc1MmYzMzM2NDIyZmYwZWUxNzI2NDc0NTkxZTdh
NDFlNWYwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGYxMDU1MGY5Yjc2MmExYTllYzU0MDY5MDY2YzU4YWJkMTU1Zjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhY8lcmtosYRtRnv+W7YpCUCg121b
Kv68nlXnNEd21lgvxSwHpMpD0sL1GMc6a6y2gqC2UaxglInOmFOHctN4giurJpV2
RG7n25AAliujXxjL0Oi90q9nm0GVWRzcyBs3DM8fW/Lj2vcenuCNvdtVCRDAnHn7
ad4hzva0AT7zcO2gpKSVHP74/HwyJplFayUgF6tPIWj0qH6iXuhSBD2yqrMHfe3N
sOvGx1LqlhIlpB5mA7vmpTS+g8EOB8ABS1xrfSa4wVJAteXIGDl9F3e/HbDIpOA1
jLiOroeMT9k3iaWyVhOSYWOm5rUjyU22d1MdoLI6QHAttdRzNJe8rSOi+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3xBVD5t2KhqexUBpBmxYq9FV+JMB8GA1UdIwQY
MBaAFIRcWHUvMzZCL/DuFyZHRZHnpB5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYt
ZjEzNGU1MWNjMDViLzEvbmZFRlVQbTNZcUdwN0ZRR2tHYkZpcjBWWDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYtZjEzNGU1MWNjMDVi
LzEvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSOuMA0G
CSqGSIb3DQEBCwUAA4IBAQAqsZD5F2VNHB/EtvirbsCYPH9EVbqDdVN7ulSCuUOt
H2uEWdpOC+97Z7axjMl3QfhBKmzcn/7lkphXpp5PBjvYjaehzjoDbkrLOg/qkjJf
uZwLN7Tm0mxkMU34msn6wjs/1CRVp+96JUtKe4+XVW8/fmgcQUq0SBC3TKjXhIY/
JgEADesA6dUVm4JCNKmWmn2OxK/vbZ2cRrHINdW3VUCytRuGB55TjQPJlAnhMj+k
l52HhljuKRbYCIlgr1nImCNHM69Z45UdnbjQFvFIQ4KEj6H1d0YbxQTj94R+v63h
ONujfQK4cTjxCoOex+IvoXOaeclCLXpIaQoqpvBxZPEn
-----END CERTIFICATE-----