Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZJrrFOmDx5-IsFbK0DyjJq5cj5I.roa
File:                     ZJrrFOmDx5-IsFbK0DyjJq5cj5I.roa (raw, json)
Hash identifier:          c/IejCRt635z1aojES1VrcWgDWYKQJdYDQILqEheOqc=
Subject key identifier:   64:9A:EB:14:E9:83:C7:9F:88:B0:56:CA:D0:3C:A3:26:AE:5C:8F:92
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01963F8D0D03DB0DF2F9549366BD9B2D48A5
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZJrrFOmDx5-IsFbK0DyjJq5cj5I.roa
Signing time:             Wed 16 Apr 2025 17:02:10 +0000
ROA not before:           Wed 16 Apr 2025 17:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213519
IP address blocks:        89.144.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3f:8d:0d:03:db:0d:f2:f9:54:93:66:bd:9b:2d:48:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 16 17:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=649aeb14e983c79f88b056cad03ca326ae5c8f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:18:8b:08:7b:68:0d:7b:4c:18:84:aa:60:2d:
                    6e:f9:d1:b3:82:bf:ed:a0:01:07:d2:e6:b5:eb:20:
                    cc:58:f7:aa:31:89:1c:57:cc:18:6a:e4:8a:ad:31:
                    4b:3f:34:59:80:de:01:f2:2a:d9:ce:b5:d4:82:0f:
                    de:25:ab:9e:ad:bc:5a:f3:89:7a:d3:6c:54:34:60:
                    33:90:e0:ec:32:fd:60:3b:58:45:0a:43:29:c6:8d:
                    b8:5e:8e:a6:85:dd:d7:5e:2b:f3:dc:9e:d5:b0:57:
                    1b:58:48:d2:e4:e8:d0:78:50:c0:b2:82:a4:d4:8f:
                    a6:66:44:db:4e:98:20:a0:a4:a0:b2:1a:b6:fb:56:
                    0c:80:85:ab:fd:85:6e:3c:dc:0a:d0:63:9c:23:5b:
                    84:18:3a:7a:6a:65:1a:0e:5c:b9:c4:bc:b7:3c:30:
                    78:8e:6d:d8:ff:ac:94:21:65:f7:22:9f:af:da:bc:
                    86:02:28:19:6a:fc:62:39:d6:06:f6:1c:71:ec:9d:
                    c9:61:3d:39:9b:a4:c5:78:da:6b:54:cf:22:ac:42:
                    aa:54:f5:78:9e:7c:15:1c:71:30:79:56:79:54:05:
                    6d:11:3e:c5:e2:45:eb:b2:5c:e2:dd:1e:61:35:c3:
                    1d:9b:b6:85:49:48:f3:ba:86:2a:d6:dd:21:7f:e3:
                    f5:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:9A:EB:14:E9:83:C7:9F:88:B0:56:CA:D0:3C:A3:26:AE:5C:8F:92
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZJrrFOmDx5-IsFbK0DyjJq5cj5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:d8:de:2d:60:80:1c:ac:4c:d6:3a:fb:f1:7d:86:2a:a3:55:
         ab:30:aa:df:8c:f2:47:03:dd:ce:0a:20:4e:0a:2c:aa:5e:76:
         79:51:de:2e:8c:24:c2:c2:88:0c:ca:ad:cb:14:5c:47:bc:08:
         75:68:64:b3:96:9e:32:d5:f8:d6:a0:9a:5b:3c:15:ba:a9:7a:
         ae:05:8d:42:51:68:1b:ec:02:6d:76:a5:5e:e6:11:e8:33:ed:
         4d:8c:dd:08:56:81:06:1c:78:d0:ad:32:76:42:c1:a5:ff:f7:
         9e:6a:cc:5f:04:1c:6d:bb:36:e9:e8:af:4a:66:d4:6a:aa:3a:
         32:64:4c:76:ac:8a:e7:ae:40:e9:03:10:d4:ef:3a:fa:06:5d:
         a3:0b:26:b6:d9:c9:f3:a3:02:4e:d0:d2:82:4b:9d:e0:65:83:
         88:ec:c0:27:a8:9b:52:bd:98:a1:70:7f:91:4c:c5:c6:2c:de:
         14:57:5a:74:00:9e:ff:d8:e6:d7:bf:ce:58:bc:62:7f:c9:77:
         82:b2:e3:84:a7:60:9e:70:f8:7b:59:3e:f7:f3:cc:2c:b8:c2:
         78:b8:d9:3d:74:47:99:57:a4:26:a9:da:7d:e0:41:5c:d2:e6:
         be:d1:c1:94:11:b3:e4:32:c7:14:5b:87:c6:e0:c9:1b:9e:0b:
         15:61:b4:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY/jQ0D2w3y+VSTZr2bLUilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDE2MTcwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDlhZWIxNGU5ODNjNzlmODhiMDU2Y2FkMDNjYTMyNmFlNWM4ZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhiLCHtoDXtMGISqYC1u+dGzgr/t
oAEH0ua16yDMWPeqMYkcV8wYauSKrTFLPzRZgN4B8irZzrXUgg/eJauerbxa84l6
02xUNGAzkODsMv1gO1hFCkMpxo24Xo6mhd3XXivz3J7VsFcbWEjS5OjQeFDAsoKk
1I+mZkTbTpggoKSgshq2+1YMgIWr/YVuPNwK0GOcI1uEGDp6amUaDly5xLy3PDB4
jm3Y/6yUIWX3Ip+v2ryGAigZavxiOdYG9hxx7J3JYT05m6TFeNprVM8irEKqVPV4
nnwVHHEweVZ5VAVtET7F4kXrslzi3R5hNcMdm7aFSUjzuoYq1t0hf+P1zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSa6xTpg8efiLBWytA8oyauXI+SMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWkpyckZPbUR4NS1Jc0ZiSzBEeWpKcTVjajVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZACMA0G
CSqGSIb3DQEBCwUAA4IBAQAd2N4tYIAcrEzWOvvxfYYqo1WrMKrfjPJHA93OCiBO
CiyqXnZ5Ud4ujCTCwogMyq3LFFxHvAh1aGSzlp4y1fjWoJpbPBW6qXquBY1CUWgb
7AJtdqVe5hHoM+1NjN0IVoEGHHjQrTJ2QsGl//eeasxfBBxtuzbp6K9KZtRqqjoy
ZEx2rIrnrkDpAxDU7zr6Bl2jCya22cnzowJO0NKCS53gZYOI7MAnqJtSvZihcH+R
TMXGLN4UV1p0AJ7/2ObXv85YvGJ/yXeCsuOEp2CecPh7WT7388wsuMJ4uNk9dEeZ
V6Qmqdp94EFc0ua+0cGUEbPkMscUW4fG4MkbngsVYbT3
-----END CERTIFICATE-----