Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/k9HJTkafgF--72589k90a4lZbRo.roa
File:                     k9HJTkafgF--72589k90a4lZbRo.roa (raw, json)
Hash identifier:          RkTGERNMYFKpgq9NhwcvcVDU4yuwFnnQ3yyw3oDq0VI=
Subject key identifier:   93:D1:C9:4E:46:9F:80:5F:BE:EF:6E:7C:F6:4F:74:6B:89:59:6D:1A
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01957F390C2CBBD00C110AA1AB9E6827A479
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/k9HJTkafgF--72589k90a4lZbRo.roa
Signing time:             Mon 10 Mar 2025 08:43:19 +0000
ROA not before:           Mon 10 Mar 2025 08:43:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39238
IP address blocks:        89.23.114.0/24 maxlen: 24
                          2a11:91c0::/29 maxlen: 29
                          2a12:a345::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7f:39:0c:2c:bb:d0:0c:11:0a:a1:ab:9e:68:27:a4:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Mar 10 08:43:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93d1c94e469f805fbeef6e7cf64f746b89596d1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:52:d6:f0:0c:4d:df:f3:18:f0:ed:c3:ce:69:
                    3b:3c:9f:0f:43:5c:87:f3:71:eb:88:73:7d:e1:58:
                    ee:d0:aa:2e:dc:49:a4:ba:32:b1:aa:7f:2f:c6:4f:
                    d8:01:04:14:4c:b1:0b:05:82:b0:ff:3b:0a:8c:9d:
                    be:c3:d9:91:c6:d6:25:6c:75:0a:49:91:54:eb:bd:
                    3d:17:7b:4c:7c:4a:08:bb:0f:91:75:3a:47:cb:e7:
                    14:3e:87:76:04:3d:39:d8:8e:b8:75:59:c4:a0:86:
                    48:46:f9:64:16:2c:78:f4:1f:f8:61:46:7a:69:e6:
                    25:fb:b9:07:a3:58:13:0a:50:26:c9:71:95:b9:5b:
                    44:00:b2:a0:23:a4:c9:2d:f4:5a:92:84:dc:02:44:
                    42:3f:b8:32:d5:4d:4a:e4:f0:b8:95:47:84:93:30:
                    2c:54:ba:70:0e:83:ca:69:a4:bc:60:72:b0:d7:6c:
                    f4:08:2f:df:cf:21:e7:62:f7:0c:9a:30:75:eb:ce:
                    6e:b3:4a:4e:db:db:02:ff:e7:83:1c:cd:62:60:49:
                    bd:ca:73:dd:ee:89:ca:23:ad:03:4e:76:ca:c5:09:
                    95:cc:fd:33:61:99:56:5a:dc:51:16:3b:d7:f2:a3:
                    50:40:d0:7c:ca:cb:4d:97:e8:ff:50:be:e0:54:9d:
                    44:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:D1:C9:4E:46:9F:80:5F:BE:EF:6E:7C:F6:4F:74:6B:89:59:6D:1A
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/k9HJTkafgF--72589k90a4lZbRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.114.0/24
                IPv6:
                  2a11:91c0::/29
                  2a12:a345::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:05:62:6e:a3:02:77:36:a8:db:4a:7b:dd:87:f3:af:24:3b:
         aa:bb:37:6a:90:72:08:a1:86:77:df:4d:11:bd:1a:0f:41:78:
         83:21:ff:da:00:3a:75:fe:e0:dd:a1:f4:e3:1e:9c:24:ea:e5:
         60:40:bd:f8:d8:ea:2d:9a:88:a0:69:50:b3:29:17:7d:9d:06:
         fc:d5:01:9c:c2:d3:5f:cb:b4:e1:72:30:f0:c8:f2:21:69:47:
         75:72:83:ec:1c:13:37:51:1a:e1:04:3c:bd:6d:88:83:3b:f5:
         43:2b:34:7a:c3:5e:a5:e6:85:f7:16:32:6c:6b:51:eb:3a:db:
         ee:f4:02:95:93:6a:1c:eb:73:43:ff:36:a5:18:d3:07:0d:1a:
         5a:14:e6:5d:c4:f3:12:22:58:7b:a0:fe:00:b0:c4:e8:f7:f6:
         bc:f8:28:c0:b6:ca:88:38:86:03:89:c7:2e:5d:ea:dd:5f:18:
         c8:42:65:1c:7a:82:f2:5e:33:dd:d8:8e:22:db:fb:a6:d8:3e:
         51:ba:b9:d4:f5:ac:5e:aa:51:e5:83:f2:e6:05:e2:04:55:e9:
         8e:e1:cd:4f:75:25:bc:00:25:3b:59:79:5f:74:bb:2a:54:3d:
         85:dc:cc:e9:75:5a:7d:73:09:1e:46:75:7d:58:fc:9a:1a:48:
         26:c3:10:a1
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZV/OQwsu9AMEQqhq55oJ6R5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMzEwMDg0MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2QxYzk0ZTQ2OWY4MDVmYmVlZjZlN2NmNjRmNzQ2Yjg5NTk2ZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFLW8AxN3/MY8O3Dzmk7PJ8PQ1yH
83HriHN94Vju0Kou3EmkujKxqn8vxk/YAQQUTLELBYKw/zsKjJ2+w9mRxtYlbHUK
SZFU6709F3tMfEoIuw+RdTpHy+cUPod2BD052I64dVnEoIZIRvlkFix49B/4YUZ6
aeYl+7kHo1gTClAmyXGVuVtEALKgI6TJLfRakoTcAkRCP7gy1U1K5PC4lUeEkzAs
VLpwDoPKaaS8YHKw12z0CC/fzyHnYvcMmjB1685us0pO29sC/+eDHM1iYEm9ynPd
7onKI60DTnbKxQmVzP0zYZlWWtxRFjvX8qNQQNB8ystNl+j/UL7gVJ1EWwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJPRyU5Gn4Bfvu9ufPZPdGuJWW0aMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvazlISlRrYWZnRi0tNzI1ODlrOTBhNGxaYlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAWRdyMBQE
AgACMA4DBQMqEZHAAwUAKhKjRTANBgkqhkiG9w0BAQsFAAOCAQEAuwVibqMCdzao
20p73YfzryQ7qrs3apByCKGGd99NEb0aD0F4gyH/2gA6df7g3aH04x6cJOrlYEC9
+NjqLZqIoGlQsykXfZ0G/NUBnMLTX8u04XIw8MjyIWlHdXKD7BwTN1Ea4QQ8vW2I
gzv1Qys0esNepeaF9xYybGtR6zrb7vQClZNqHOtzQ/82pRjTBw0aWhTmXcTzEiJY
e6D+ALDE6Pf2vPgowLbKiDiGA4nHLl3q3V8YyEJlHHqC8l4z3diOItv7ptg+Ubq5
1PWsXqpR5YPy5gXiBFXpjuHNT3UlvAAlO1l5X3S7KlQ9hdzM6XVafXMJHkZ1fVj8
mhpIJsMQoQ==
-----END CERTIFICATE-----