Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ME596xZeDPCK7oN7PW992ylLWY0.roa
File:                     ME596xZeDPCK7oN7PW992ylLWY0.roa (raw, json)
Hash identifier:          AeDVBoVusUrSNkztCz5vPOulx1+3HIC27h2eEiqWkAo=
Subject key identifier:   30:4E:7D:EB:16:5E:0C:F0:8A:EE:83:7B:3D:6F:7D:DB:29:4B:59:8D
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       01969FDEF2D1A813F011127BE94343A11DC6
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ME596xZeDPCK7oN7PW992ylLWY0.roa
Signing time:             Mon 05 May 2025 09:55:10 +0000
ROA not before:           Mon 05 May 2025 09:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60721
IP address blocks:        89.43.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:de:f2:d1:a8:13:f0:11:12:7b:e9:43:43:a1:1d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: May  5 09:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=304e7deb165e0cf08aee837b3d6f7ddb294b598d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e1:0d:4c:ca:9e:18:a9:ce:4d:1b:b9:6a:2f:
                    6a:9a:fe:d2:d0:5d:5b:6b:e0:1c:6e:86:7c:0b:47:
                    ef:02:1f:48:f9:0e:e4:06:e4:9b:84:be:58:90:2a:
                    5b:15:4a:ad:8c:0a:86:bd:69:76:b5:ea:ba:98:c5:
                    65:7d:50:47:64:0b:25:23:78:61:79:e7:e6:32:a8:
                    44:db:bb:62:2e:83:97:63:ca:50:58:df:5e:2e:14:
                    84:60:c0:07:27:4b:2a:64:84:2b:14:4a:22:9c:c3:
                    2a:e0:92:27:8d:04:df:76:76:1a:d5:ba:1c:a5:2a:
                    9d:a9:9a:09:aa:bc:f9:5c:6f:cc:fb:14:26:41:ec:
                    4a:ef:b6:4d:77:e2:7c:0d:de:61:ea:23:71:ab:b0:
                    59:08:8f:19:39:67:6e:d0:1e:83:1e:50:e6:c6:7c:
                    45:10:0c:55:53:74:b3:b1:44:5b:fb:fc:d7:0d:fe:
                    3b:9f:31:fb:f9:12:8e:0f:42:6d:93:fe:47:ba:ed:
                    73:1f:3e:52:88:0f:0e:19:3c:9f:15:0f:a6:9a:5c:
                    c2:e7:56:7f:59:91:34:ae:0a:3c:a9:63:da:bd:a9:
                    8b:20:42:20:b2:00:a8:f7:c4:31:d2:c8:10:db:00:
                    ae:59:12:31:f5:75:45:5c:c8:8d:3a:87:67:63:28:
                    82:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:4E:7D:EB:16:5E:0C:F0:8A:EE:83:7B:3D:6F:7D:DB:29:4B:59:8D
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ME596xZeDPCK7oN7PW992ylLWY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:42:1b:09:93:a7:7a:72:64:47:34:8e:a9:27:33:dd:8d:f0:
         81:f2:43:66:36:00:b1:e4:51:22:a9:f2:80:d5:8b:4d:c0:c8:
         c8:ac:1b:52:21:cf:cc:e3:74:fa:d2:49:ac:eb:f8:8c:47:f8:
         ba:89:a6:5e:56:0b:e9:7a:7b:60:37:6a:83:51:53:40:9f:31:
         93:1b:25:ad:90:0d:1b:4d:75:be:62:31:53:2e:cf:e0:2a:05:
         6b:0c:58:89:28:19:a8:fb:61:53:0e:77:f6:32:b1:88:94:38:
         41:c5:69:ee:65:75:1a:01:22:b9:11:df:3b:66:3f:b2:49:8c:
         f5:08:7e:f2:7b:c3:e9:e7:b0:38:da:e4:00:89:d7:54:0a:58:
         51:03:48:e4:6f:9a:b4:5e:e0:68:4f:84:dc:7c:a6:36:cf:aa:
         8b:72:b5:00:e1:bf:b5:f9:f7:44:98:2c:b2:9b:22:7b:38:33:
         9c:07:2b:c2:2a:6b:0b:fd:ff:7a:11:d2:39:88:a2:43:c7:d4:
         17:4d:8a:e2:38:55:ff:ab:8b:9c:cf:c1:57:e7:dd:68:e2:4c:
         47:93:42:9a:61:08:ea:f9:97:4a:69:26:d9:ec:01:60:91:38:
         ef:79:68:54:08:ee:b9:12:63:ea:df:0a:84:26:a9:a3:2c:f8:
         e1:f4:03:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaf3vLRqBPwERJ76UNDoR3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwNTA1MDk1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDRlN2RlYjE2NWUwY2YwOGFlZTgzN2IzZDZmN2RkYjI5NGI1OThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OENTMqeGKnOTRu5ai9qmv7S0F1b
a+AcboZ8C0fvAh9I+Q7kBuSbhL5YkCpbFUqtjAqGvWl2teq6mMVlfVBHZAslI3hh
eefmMqhE27tiLoOXY8pQWN9eLhSEYMAHJ0sqZIQrFEoinMMq4JInjQTfdnYa1boc
pSqdqZoJqrz5XG/M+xQmQexK77ZNd+J8Dd5h6iNxq7BZCI8ZOWdu0B6DHlDmxnxF
EAxVU3SzsURb+/zXDf47nzH7+RKOD0Jtk/5Huu1zHz5SiA8OGTyfFQ+mmlzC51Z/
WZE0rgo8qWPavamLIEIgsgCo98Qx0sgQ2wCuWRIx9XVFXMiNOodnYyiCHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBOfesWXgzwiu6Dez1vfdspS1mNMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvTUU1OTZ4WmVEUENLN29ON1BXOTkyeWxMV1kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSsuMA0G
CSqGSIb3DQEBCwUAA4IBAQApQhsJk6d6cmRHNI6pJzPdjfCB8kNmNgCx5FEiqfKA
1YtNwMjIrBtSIc/M43T60kms6/iMR/i6iaZeVgvpentgN2qDUVNAnzGTGyWtkA0b
TXW+YjFTLs/gKgVrDFiJKBmo+2FTDnf2MrGIlDhBxWnuZXUaASK5Ed87Zj+ySYz1
CH7ye8Pp57A42uQAiddUClhRA0jkb5q0XuBoT4TcfKY2z6qLcrUA4b+1+fdEmCyy
myJ7ODOcByvCKmsL/f96EdI5iKJDx9QXTYriOFX/q4ucz8FX591o4kxHk0KaYQjq
+ZdKaSbZ7AFgkTjveWhUCO65EmPq3wqEJqmjLPjh9APd
-----END CERTIFICATE-----