Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5duPmqwXQoarjhRREa9M12q0LMI.roa
File:                     5duPmqwXQoarjhRREa9M12q0LMI.roa (raw, json)
Hash identifier:          zmiFXyZAg+aBE4YlbQqa7EOu9c6/Mmqa7UXhDEeFpq4=
Subject key identifier:   E5:DB:8F:9A:AC:17:42:86:AB:8E:14:51:11:AF:4C:D7:6A:B4:2C:C2
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019427B571C2398F4DF3B0606C1DE996F671
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5duPmqwXQoarjhRREa9M12q0LMI.roa
Signing time:             Thu 02 Jan 2025 15:49:50 +0000
ROA not before:           Thu 02 Jan 2025 15:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211134
IP address blocks:        89.23.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:71:c2:39:8f:4d:f3:b0:60:6c:1d:e9:96:f6:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  2 15:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5db8f9aac174286ab8e145111af4cd76ab42cc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:1b:b4:61:f0:ea:b7:41:d2:20:c3:8d:48:87:
                    3f:e6:b5:bd:e8:6a:0c:9d:df:8d:91:18:61:28:77:
                    4a:b0:55:9a:cc:74:fc:d0:c0:02:8b:48:a0:a9:c8:
                    75:eb:13:e6:27:36:ce:35:f6:1f:a5:f0:76:db:76:
                    51:00:d3:ae:ba:b9:e3:e2:50:f2:23:94:b8:83:8c:
                    93:8b:4e:e4:3f:2f:22:a6:8c:32:90:33:a9:b5:ca:
                    d3:af:ea:84:b0:d0:1d:f0:7d:d8:79:4f:c7:f7:e4:
                    d3:70:b0:58:33:8b:6a:48:b6:ed:ed:96:5b:96:67:
                    91:9b:30:28:be:2c:a3:93:ce:74:b6:f2:3a:57:fb:
                    d1:2e:93:a7:4b:71:24:8a:ed:a9:33:52:b9:0e:a8:
                    48:39:c5:db:9f:c7:c8:55:94:da:ac:64:79:5a:fe:
                    68:01:17:3e:65:c7:5f:2d:7e:0a:e3:89:2f:9c:1f:
                    ab:35:9b:12:f0:8d:03:3e:ad:2e:37:0a:c3:a5:22:
                    ae:91:79:d6:fd:aa:0a:19:ef:0f:ce:3b:e4:8b:bb:
                    16:18:b5:21:d1:e6:9f:28:80:38:24:46:58:d4:35:
                    e8:14:5a:c5:d4:de:3d:7f:0e:dd:ed:03:f8:ea:bd:
                    3e:26:de:91:c7:84:f4:e5:5b:7c:67:4c:66:e2:a9:
                    fc:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:DB:8F:9A:AC:17:42:86:AB:8E:14:51:11:AF:4C:D7:6A:B4:2C:C2
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5duPmqwXQoarjhRREa9M12q0LMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:81:91:5f:af:ee:6d:d9:2a:f9:ca:f1:27:57:1a:76:38:f7:
         1a:59:9a:11:bc:88:4f:63:88:91:e0:f4:68:a4:03:b1:5e:7d:
         5e:f3:62:27:9f:f4:7a:a3:83:e8:7e:0b:ea:f2:0d:0d:73:e4:
         21:5a:d1:1c:2a:43:d2:b1:53:4a:5b:8a:4d:2d:ff:63:49:36:
         ff:c1:db:34:f8:f8:38:fb:14:9f:6a:5f:0c:e5:28:da:1a:ff:
         13:fe:0f:62:c4:55:ec:d7:cc:df:26:9d:ea:a8:4f:d6:d5:39:
         09:52:79:bb:27:92:bf:f3:27:78:20:89:04:d1:bf:05:df:4a:
         29:27:95:32:fc:eb:4b:4c:68:2a:01:fb:08:7f:71:ce:65:68:
         19:b6:6d:d5:b2:ee:18:5c:d4:3b:b1:51:9c:13:f4:4b:ef:49:
         74:d4:60:33:7f:20:0c:32:ff:90:02:ab:d1:fb:5a:36:04:8e:
         e4:0e:90:1e:e0:d1:58:c1:31:91:41:8c:fc:76:fc:d6:f3:af:
         67:f0:43:56:97:73:c3:71:b2:dc:4f:b2:7b:4e:19:3f:93:71:
         1d:50:65:53:7e:81:c4:6d:c2:ba:5d:3e:dc:27:78:14:22:72:
         49:9c:60:a0:b0:7a:a5:9e:21:4c:07:33:3a:82:07:bd:ce:ab:
         c0:cc:0b:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXHCOY9N87BgbB3plvZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMTAyMTU0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWRiOGY5YWFjMTc0Mjg2YWI4ZTE0NTExMWFmNGNkNzZhYjQyY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hu0YfDqt0HSIMONSIc/5rW96GoM
nd+NkRhhKHdKsFWazHT80MACi0igqch16xPmJzbONfYfpfB223ZRANOuurnj4lDy
I5S4g4yTi07kPy8ipowykDOptcrTr+qEsNAd8H3YeU/H9+TTcLBYM4tqSLbt7ZZb
lmeRmzAoviyjk850tvI6V/vRLpOnS3Ekiu2pM1K5DqhIOcXbn8fIVZTarGR5Wv5o
ARc+ZcdfLX4K44kvnB+rNZsS8I0DPq0uNwrDpSKukXnW/aoKGe8Pzjvki7sWGLUh
0eafKIA4JEZY1DXoFFrF1N49fw7d7QP46r0+Jt6Rx4T05Vt8Z0xm4qn8TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXbj5qsF0KGq44UURGvTNdqtCzCMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvNWR1UG1xd1hRb2FyamhSUkVhOU0xMnEwTE1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRd6MA0G
CSqGSIb3DQEBCwUAA4IBAQCWgZFfr+5t2Sr5yvEnVxp2OPcaWZoRvIhPY4iR4PRo
pAOxXn1e82Inn/R6o4Pofgvq8g0Nc+QhWtEcKkPSsVNKW4pNLf9jSTb/wds0+Pg4
+xSfal8M5SjaGv8T/g9ixFXs18zfJp3qqE/W1TkJUnm7J5K/8yd4IIkE0b8F30op
J5Uy/OtLTGgqAfsIf3HOZWgZtm3Vsu4YXNQ7sVGcE/RL70l01GAzfyAMMv+QAqvR
+1o2BI7kDpAe4NFYwTGRQYz8dvzW869n8ENWl3PDcbLcT7J7Thk/k3EdUGVTfoHE
bcK6XT7cJ3gUInJJnGCgsHqlniFMBzM6gge9zqvAzAvD
-----END CERTIFICATE-----