Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wr1QjjbaIx8zS-gf7sfmtC6EaUg.roa
File:                     wr1QjjbaIx8zS-gf7sfmtC6EaUg.roa (raw, json)
Hash identifier:          Ku8TT9Iv1vaF97HhehSBh3VCqIIIMAGFRU8uS6/XagY=
Subject key identifier:   C2:BD:50:8E:36:DA:23:1F:33:4B:E8:1F:EE:C7:E6:B4:2E:84:69:48
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019427B55F4BD34E69037BC3E8A2871FEB2A
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wr1QjjbaIx8zS-gf7sfmtC6EaUg.roa
Signing time:             Thu 02 Jan 2025 15:49:45 +0000
ROA not before:           Thu 02 Jan 2025 15:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34858
IP address blocks:        89.23.121.0/24 maxlen: 24
                          192.145.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5f:4b:d3:4e:69:03:7b:c3:e8:a2:87:1f:eb:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  2 15:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2bd508e36da231f334be81feec7e6b42e846948
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2a:e8:14:ba:7c:cb:8f:ed:6f:18:14:f6:e1:
                    6c:ff:e4:b2:ce:8f:b6:3d:1c:25:7c:15:1b:bb:11:
                    08:ff:50:ed:32:c3:5e:2c:f7:ed:d6:c6:b9:ce:fb:
                    87:b2:00:37:ba:8e:4b:0b:fb:66:81:b2:8c:d2:11:
                    e4:e3:30:72:a2:d8:89:61:a5:b3:3d:f9:71:03:7c:
                    70:80:64:98:af:ff:83:f7:5c:ab:3a:26:1a:a0:68:
                    70:b9:c0:fa:b2:37:3b:eb:22:13:a8:74:35:ea:dd:
                    cf:12:cf:4d:b0:b4:3d:98:2f:55:8f:2b:11:ee:ab:
                    84:83:a2:9c:7d:aa:74:61:6e:15:9a:09:33:1a:57:
                    be:6a:f5:e6:ec:7a:79:c9:0b:5b:6b:65:2f:0a:38:
                    5f:7b:c3:5b:80:f8:06:30:ce:53:da:5a:9a:aa:73:
                    00:a2:cb:b9:c6:72:80:65:81:d4:c5:8c:37:2f:1d:
                    7b:e1:89:f7:b2:33:87:f0:33:bd:f9:21:48:8c:d0:
                    3c:5f:70:42:a3:ea:f2:18:9a:ed:2f:c6:88:c2:69:
                    4d:a8:f8:fe:a2:ee:63:00:21:4c:fb:ce:4b:37:f7:
                    d0:03:03:0b:3a:32:6a:ac:51:29:de:41:66:a1:a8:
                    f1:ae:98:44:f8:04:a5:ec:68:07:73:64:ce:5f:40:
                    3b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:BD:50:8E:36:DA:23:1F:33:4B:E8:1F:EE:C7:E6:B4:2E:84:69:48
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wr1QjjbaIx8zS-gf7sfmtC6EaUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.121.0/24
                  192.145.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:68:0f:3f:02:47:bf:22:bb:b8:47:19:fa:4e:72:14:fc:94:
         c1:b6:b4:05:3a:33:65:65:17:25:87:85:31:66:59:9b:72:1b:
         4e:1b:56:90:1c:5d:f6:11:ac:75:22:ed:f5:59:60:d3:fd:8a:
         a6:ae:03:8d:d6:04:16:76:51:71:be:29:bd:b1:6e:bf:61:84:
         82:3f:e1:26:46:3a:0c:31:24:50:53:c7:73:8f:60:06:8c:0f:
         d4:f2:15:f8:db:db:46:a7:a8:f8:a8:1a:05:be:e3:59:cf:cb:
         87:47:24:74:96:9c:5b:47:10:3d:99:62:13:8d:e3:1d:66:88:
         24:b6:56:05:3d:00:70:4c:e2:65:0b:39:46:79:fb:4b:23:54:
         2a:18:e7:1f:89:00:cf:d2:4f:c7:c6:51:49:4d:67:14:74:4d:
         18:0e:87:df:d2:d6:dc:0b:b7:93:82:bd:d3:e1:ac:46:88:b4:
         ea:d1:a4:fb:a0:53:34:0b:fe:8d:0d:f6:38:57:6f:fb:4d:16:
         6f:bd:37:ee:71:db:d8:a7:35:62:9c:1a:53:46:88:62:73:95:
         14:08:23:d5:08:d0:f3:45:48:56:c1:a2:26:bf:39:49:6a:32:
         1d:4b:98:bc:c2:a5:ff:e3:b8:06:15:9c:1c:7d:a0:89:b3:7c:
         0d:46:64:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntV9L005pA3vD6KKHH+sqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMTAyMTU0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmJkNTA4ZTM2ZGEyMzFmMzM0YmU4MWZlZWM3ZTZiNDJlODQ2OTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCroFLp8y4/tbxgU9uFs/+Syzo+2
PRwlfBUbuxEI/1DtMsNeLPft1sa5zvuHsgA3uo5LC/tmgbKM0hHk4zByotiJYaWz
PflxA3xwgGSYr/+D91yrOiYaoGhwucD6sjc76yITqHQ16t3PEs9NsLQ9mC9VjysR
7quEg6Kcfap0YW4VmgkzGle+avXm7Hp5yQtba2UvCjhfe8NbgPgGMM5T2lqaqnMA
osu5xnKAZYHUxYw3Lx174Yn3sjOH8DO9+SFIjNA8X3BCo+ryGJrtL8aIwmlNqPj+
ou5jACFM+85LN/fQAwMLOjJqrFEp3kFmoajxrphE+ASl7GgHc2TOX0A7zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMK9UI422iMfM0voH+7H5rQuhGlIMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvd3IxUWpqYmFJeDh6Uy1nZjdzZm10QzZFYVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRd5AwQA
wJFgMA0GCSqGSIb3DQEBCwUAA4IBAQBeaA8/Ake/Iru4Rxn6TnIU/JTBtrQFOjNl
ZRclh4UxZlmbchtOG1aQHF32Eax1Iu31WWDT/YqmrgON1gQWdlFxvim9sW6/YYSC
P+EmRjoMMSRQU8dzj2AGjA/U8hX429tGp6j4qBoFvuNZz8uHRyR0lpxbRxA9mWIT
jeMdZogktlYFPQBwTOJlCzlGeftLI1QqGOcfiQDP0k/HxlFJTWcUdE0YDoff0tbc
C7eTgr3T4axGiLTq0aT7oFM0C/6NDfY4V2/7TRZvvTfucdvYpzVinBpTRohic5UU
CCPVCNDzRUhWwaImvzlJajIdS5i8wqX/47gGFZwcfaCJs3wNRmS7
-----END CERTIFICATE-----