Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/4UNX1QWw9RSB7fLv066Ebp2MYc8.roa
File:                     4UNX1QWw9RSB7fLv066Ebp2MYc8.roa (raw, json)
Hash identifier:          gVMn1l/q+2qP/2fDjHvqoBGnGGRSv5lh+NVgqJxdqUo=
Subject key identifier:   E1:43:57:D5:05:B0:F5:14:81:ED:F2:EF:D3:AE:84:6E:9D:8C:61:CF
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C569FE2E330D9CD73AB3A58F8A671
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/4UNX1QWw9RSB7fLv066Ebp2MYc8.roa
Signing time:             Thu 02 Jan 2025 09:50:21 +0000
ROA not before:           Thu 02 Jan 2025 09:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8997
IP address blocks:        89.109.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:56:9f:e2:e3:30:d9:cd:73:ab:3a:58:f8:a6:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e14357d505b0f51481edf2efd3ae846e9d8c61cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0e:f0:b6:2b:90:fb:89:32:a3:3f:1c:73:73:
                    2f:f6:a7:87:c1:87:6a:33:48:9d:70:0d:6d:b2:d7:
                    ad:53:80:b1:ef:37:46:59:6f:b1:45:80:3c:b5:c6:
                    20:45:52:16:79:24:03:a6:32:78:27:a0:b2:7b:01:
                    27:a8:18:4a:44:83:0a:93:76:6e:7e:3c:53:da:df:
                    65:96:5e:72:1e:dc:b0:c9:71:fd:13:c2:7b:a5:01:
                    fa:c4:c5:5f:8b:ad:8b:b5:d5:70:4e:96:fb:95:04:
                    04:40:f7:46:d3:d8:90:1f:82:83:e4:5f:cc:c1:b5:
                    8e:c8:c6:dd:c4:30:2b:da:62:65:a0:1c:64:e8:7a:
                    6d:8c:20:3d:a8:45:19:5f:96:b8:dc:48:87:54:8e:
                    3e:7a:75:3f:bb:c6:b0:04:65:12:64:57:10:9e:06:
                    5f:d7:91:29:c1:c3:d8:3e:a5:cd:d3:f1:ca:a1:63:
                    8c:eb:44:b0:27:fc:83:cf:96:ef:60:fd:da:6f:47:
                    4a:cb:18:6d:18:90:91:17:11:55:2a:8a:9c:3c:af:
                    20:14:c2:c1:68:81:b3:57:5a:f3:a7:9a:6b:92:d2:
                    86:d9:40:9e:ca:58:d4:a1:34:e6:f7:fb:91:5c:42:
                    30:15:a3:aa:c3:f1:8d:00:f0:b0:39:b3:73:7e:4e:
                    90:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:43:57:D5:05:B0:F5:14:81:ED:F2:EF:D3:AE:84:6E:9D:8C:61:CF
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/4UNX1QWw9RSB7fLv066Ebp2MYc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.109.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         7c:27:e1:37:46:6d:15:6f:aa:e1:7d:4a:39:c6:d4:43:b0:9c:
         71:27:23:6e:a8:20:3f:4b:08:6a:c7:95:09:69:5f:93:aa:3e:
         bf:e7:9d:c7:84:bc:3b:71:44:37:29:61:8b:50:51:5a:64:67:
         28:72:f1:77:90:9b:27:2b:5b:2c:69:fa:ea:84:63:ab:34:9f:
         09:fa:c7:b1:2e:87:a7:e8:e7:e5:c6:34:0a:be:25:1c:cc:ec:
         fe:a8:bd:56:05:06:e2:e7:8b:be:46:13:c8:b3:f6:be:f5:95:
         94:55:e6:c6:8e:f4:45:11:56:f3:a4:42:9d:07:c9:70:dc:a3:
         44:9b:9f:82:51:e5:1f:83:f3:69:66:a0:73:50:30:86:38:e2:
         4c:36:15:ab:03:97:39:47:1a:51:56:65:b1:88:75:65:03:cf:
         a3:82:54:c0:a6:bf:d4:b7:17:da:bb:53:e9:8a:dd:93:e0:c9:
         da:dc:8f:01:7e:d4:08:fe:33:ce:b4:1e:36:da:54:40:b1:47:
         0c:7b:3c:23:6e:46:51:ab:69:fc:5e:5d:59:15:b8:24:2f:d1:
         1b:44:da:ae:25:a0:35:1b:fe:28:08:68:07:20:1b:25:87:23:
         33:4e:8b:ce:1b:8b:9d:fc:53:ce:56:e4:1f:44:05:d8:7e:c0:
         d6:0a:9d:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbFaf4uMw2c1zqzpY+KZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQzNTdkNTA1YjBmNTE0ODFlZGYyZWZkM2FlODQ2ZTlkOGM2MWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ7wtiuQ+4kyoz8cc3Mv9qeHwYdq
M0idcA1tstetU4Cx7zdGWW+xRYA8tcYgRVIWeSQDpjJ4J6CyewEnqBhKRIMKk3Zu
fjxT2t9lll5yHtywyXH9E8J7pQH6xMVfi62LtdVwTpb7lQQEQPdG09iQH4KD5F/M
wbWOyMbdxDAr2mJloBxk6HptjCA9qEUZX5a43EiHVI4+enU/u8awBGUSZFcQngZf
15EpwcPYPqXN0/HKoWOM60SwJ/yDz5bvYP3ab0dKyxhtGJCRFxFVKoqcPK8gFMLB
aIGzV1rzp5prktKG2UCeyljUoTTm9/uRXEIwFaOqw/GNAPCwObNzfk6QTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFDV9UFsPUUge3y79OuhG6djGHPMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvNFVOWDFRV3c5UlNCN2ZMdjA2NkVicDJNWWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHWW2AMA0G
CSqGSIb3DQEBCwUAA4IBAQB8J+E3Rm0Vb6rhfUo5xtRDsJxxJyNuqCA/Swhqx5UJ
aV+Tqj6/553HhLw7cUQ3KWGLUFFaZGcocvF3kJsnK1ssafrqhGOrNJ8J+sexLoen
6OflxjQKviUczOz+qL1WBQbi54u+RhPIs/a+9ZWUVebGjvRFEVbzpEKdB8lw3KNE
m5+CUeUfg/NpZqBzUDCGOOJMNhWrA5c5RxpRVmWxiHVlA8+jglTApr/Utxfau1Pp
it2T4Mna3I8BftQI/jPOtB422lRAsUcMezwjbkZRq2n8Xl1ZFbgkL9EbRNquJaA1
G/4oCGgHIBslhyMzTovOG4ud/FPOVuQfRAXYfsDWCp1e
-----END CERTIFICATE-----