Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/huLLn7xrE3DWANwTQ6drS7GFFXk.roa
File:                     huLLn7xrE3DWANwTQ6drS7GFFXk.roa (raw, json)
Hash identifier:          +N6FRVjf1gbVm1vh95bmsypXCPeAJskro2vROSbXjhw=
Subject key identifier:   86:E2:CB:9F:BC:6B:13:70:D6:00:DC:13:43:A7:6B:4B:B1:85:15:79
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018E316D866B65695205F220F6598BD9D23C
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/huLLn7xrE3DWANwTQ6drS7GFFXk.roa
Signing time:             Tue 12 Mar 2024 06:50:45 +0000
ROA not before:           Tue 12 Mar 2024 06:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        89.47.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 10:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:6d:86:6b:65:69:52:05:f2:20:f6:59:8b:d9:d2:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Mar 12 06:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86e2cb9fbc6b1370d600dc1343a76b4bb1851579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4d:ca:04:6a:a4:21:fd:1d:18:88:8e:24:d6:
                    07:d5:5e:2d:bf:39:fc:f4:2e:61:29:d9:ba:8a:56:
                    dc:9b:2f:b8:0d:88:17:f4:55:e4:0d:a7:9b:8a:4e:
                    ee:74:a8:0e:d1:9e:fe:65:5b:09:e2:2a:72:11:51:
                    eb:67:e3:a3:ed:cf:ea:05:15:b4:f5:b5:f3:0d:1a:
                    3b:6b:69:7d:d2:3e:ae:6d:74:ab:5a:ea:20:05:8b:
                    43:89:24:83:e2:68:12:bf:11:f7:55:97:30:73:15:
                    10:45:e6:07:be:79:d8:8b:9c:db:08:3f:f1:02:3f:
                    45:3d:f7:f7:cc:72:32:a0:9a:01:e9:3e:ea:45:90:
                    3c:3a:38:58:fb:1a:2d:02:00:05:33:cd:c1:ec:57:
                    73:59:79:88:ae:6c:a6:83:ba:20:f9:ed:f4:10:38:
                    f1:a4:0a:7a:90:7d:93:11:50:69:bb:c6:ed:6d:2a:
                    3d:41:81:ac:9b:61:8b:8a:20:eb:73:3a:e7:de:19:
                    eb:1f:1a:2d:da:67:fa:5c:7f:21:51:fc:95:f6:79:
                    2b:0e:4a:4c:bd:f2:6c:cb:47:dd:28:e4:dd:b7:f8:
                    b0:14:f1:31:b0:14:df:a3:9a:e9:9c:4e:df:6f:91:
                    39:a6:9e:98:95:06:fd:9e:22:2a:35:d8:38:e4:72:
                    86:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E2:CB:9F:BC:6B:13:70:D6:00:DC:13:43:A7:6B:4B:B1:85:15:79
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/huLLn7xrE3DWANwTQ6drS7GFFXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:06:ec:78:88:26:14:ee:b7:9b:b8:3c:69:5f:c5:9e:92:02:
         35:9e:8b:29:93:4b:1c:e7:7a:58:49:c6:d7:16:16:b1:81:8c:
         f6:62:a6:23:be:dd:92:42:69:12:d9:de:95:93:ee:00:15:54:
         db:61:e7:39:41:58:72:ca:ff:46:02:f3:e4:b9:25:fc:dd:18:
         af:08:3a:c8:4c:c8:86:23:0a:21:a0:58:0a:5a:b0:41:44:2f:
         2e:e7:ab:db:8b:9f:21:b5:93:df:68:84:4e:9c:c8:85:50:fd:
         ff:d8:80:fc:82:3e:08:93:e4:7d:d0:5e:0e:5f:f7:79:72:3f:
         c1:ee:ef:f5:5a:ed:45:b5:78:e3:63:2a:b7:02:2e:75:f8:bc:
         54:4f:18:7e:5f:1d:ea:bb:40:80:d6:ba:dc:76:bb:99:3f:6b:
         4a:d0:52:4b:5e:45:32:51:66:cf:ba:b2:56:3a:e7:c0:5e:09:
         f4:dd:1f:c1:9a:d3:34:29:dc:63:f2:10:5d:d0:02:5c:05:1d:
         f0:d8:a2:0f:68:a4:73:27:c2:f2:de:81:c0:38:32:f9:1d:ef:
         a7:00:4a:dc:46:70:d9:23:21:91:25:7c:99:c1:d3:9d:6f:77:
         ce:3e:3b:ae:da:9d:7f:ed:ee:d1:a0:a2:90:54:45:95:77:36:
         45:14:8f:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4xbYZrZWlSBfIg9lmL2dI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMzEyMDY1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmUyY2I5ZmJjNmIxMzcwZDYwMGRjMTM0M2E3NmI0YmIxODUxNTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmE3KBGqkIf0dGIiOJNYH1V4tvzn8
9C5hKdm6ilbcmy+4DYgX9FXkDaebik7udKgO0Z7+ZVsJ4ipyEVHrZ+Oj7c/qBRW0
9bXzDRo7a2l90j6ubXSrWuogBYtDiSSD4mgSvxH3VZcwcxUQReYHvnnYi5zbCD/x
Aj9FPff3zHIyoJoB6T7qRZA8OjhY+xotAgAFM83B7FdzWXmIrmymg7og+e30EDjx
pAp6kH2TEVBpu8btbSo9QYGsm2GLiiDrczrn3hnrHxot2mf6XH8hUfyV9nkrDkpM
vfJsy0fdKOTdt/iwFPExsBTfo5rpnE7fb5E5pp6YlQb9niIqNdg45HKGLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbiy5+8axNw1gDcE0Ona0uxhRV5MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvaHVMTG43eHJFM0RXQU53VFE2ZHJTN0dGRlhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS/5MA0G
CSqGSIb3DQEBCwUAA4IBAQCcBux4iCYU7rebuDxpX8WekgI1nospk0sc53pYScbX
FhaxgYz2YqYjvt2SQmkS2d6Vk+4AFVTbYec5QVhyyv9GAvPkuSX83RivCDrITMiG
IwohoFgKWrBBRC8u56vbi58htZPfaIROnMiFUP3/2ID8gj4Ik+R90F4OX/d5cj/B
7u/1Wu1FtXjjYyq3Ai51+LxUTxh+Xx3qu0CA1rrcdruZP2tK0FJLXkUyUWbPurJW
OufAXgn03R/BmtM0Kdxj8hBd0AJcBR3w2KIPaKRzJ8Ly3oHAODL5He+nAErcRnDZ
IyGRJXyZwdOdb3fOPjuu2p1/7e7RoKKQVEWVdzZFFI/d
-----END CERTIFICATE-----