Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/04d4bb-ed46-42e1-b045-46af3e50c052/1/bjDcf63H1HGhTm7D4ZGpSjV3r-w.roa
File:                     bjDcf63H1HGhTm7D4ZGpSjV3r-w.roa (raw, json)
Hash identifier:          0EVH6jLO9XDj46s2zxymcHxlkLShhKhHoxnCFUHrStw=
Subject key identifier:   6E:30:DC:7F:AD:C7:D4:71:A1:4E:6E:C3:E1:91:A9:4A:35:77:AF:EC
Certificate issuer:       /CN=1994bf84de36ffb9d94b257f3278134194133498
Certificate serial:       0196A0C4BE3EA5225833871E73FDAE7C0854
Authority key identifier: 19:94:BF:84:DE:36:FF:B9:D9:4B:25:7F:32:78:13:41:94:13:34:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GZS_hN42_7nZSyV_MngTQZQTNJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/04d4bb-ed46-42e1-b045-46af3e50c052/1/bjDcf63H1HGhTm7D4ZGpSjV3r-w.roa
Signing time:             Mon 05 May 2025 14:06:10 +0000
ROA not before:           Mon 05 May 2025 14:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197991
IP address blocks:        89.150.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/04d4bb-ed46-42e1-b045-46af3e50c052/1/GZS_hN42_7nZSyV_MngTQZQTNJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/04d4bb-ed46-42e1-b045-46af3e50c052/1/GZS_hN42_7nZSyV_MngTQZQTNJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GZS_hN42_7nZSyV_MngTQZQTNJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 02:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a0:c4:be:3e:a5:22:58:33:87:1e:73:fd:ae:7c:08:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1994bf84de36ffb9d94b257f3278134194133498
        Validity
            Not Before: May  5 14:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e30dc7fadc7d471a14e6ec3e191a94a3577afec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:2d:43:71:43:83:31:77:30:10:f7:d0:0b:7e:
                    72:c4:78:bd:42:ad:42:ca:a2:b9:50:2a:9a:5b:47:
                    13:f5:26:03:aa:e0:2f:e5:c8:28:27:53:59:f9:82:
                    37:5b:89:c1:57:77:6d:ba:e6:34:08:cc:95:62:00:
                    e2:7d:99:36:4d:26:d1:09:32:c6:7d:c0:29:59:b4:
                    dc:1a:9f:79:03:25:53:19:f8:c2:ed:e4:10:af:c1:
                    4a:06:08:cb:fa:33:df:51:4d:6b:da:13:03:69:7f:
                    9b:9d:af:74:d3:ff:64:d6:a8:33:f0:fb:bd:2a:b8:
                    a0:41:16:97:89:b3:5a:af:ed:0c:b4:26:5a:7a:a7:
                    47:f7:14:6e:1d:23:68:45:3d:d5:fb:2b:f5:ca:a3:
                    ce:31:01:37:66:df:03:39:45:c9:3e:8c:23:3e:2b:
                    95:6e:ae:83:fb:66:65:2b:85:6c:c1:6e:a6:54:99:
                    2f:aa:88:47:ed:ce:47:b0:b1:e5:1b:52:8f:d4:8e:
                    11:a1:61:85:2c:13:7f:18:ee:62:31:31:f1:9a:71:
                    81:a3:fb:a7:9c:6d:62:53:a0:14:79:73:62:4c:b2:
                    75:50:7c:9b:9e:ff:54:41:df:c7:b6:fa:c4:c9:d6:
                    9b:3c:d4:15:51:6b:10:1c:48:e6:77:19:b8:75:14:
                    69:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:30:DC:7F:AD:C7:D4:71:A1:4E:6E:C3:E1:91:A9:4A:35:77:AF:EC
            X509v3 Authority Key Identifier:
                keyid:19:94:BF:84:DE:36:FF:B9:D9:4B:25:7F:32:78:13:41:94:13:34:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GZS_hN42_7nZSyV_MngTQZQTNJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/04d4bb-ed46-42e1-b045-46af3e50c052/1/bjDcf63H1HGhTm7D4ZGpSjV3r-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/04d4bb-ed46-42e1-b045-46af3e50c052/1/GZS_hN42_7nZSyV_MngTQZQTNJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:57:b7:6d:54:cd:83:1c:7f:1c:69:0a:9c:d7:02:d2:f5:da:
         c9:87:66:f7:1e:06:65:0b:c4:08:80:d0:31:8d:d7:9b:b6:b0:
         1a:d1:69:a3:a1:6e:f5:50:a8:5d:48:54:36:8f:f9:13:ec:eb:
         81:47:fd:6c:2e:c9:34:cf:41:62:05:aa:5d:c6:f8:29:52:b6:
         a3:ea:38:0d:14:f9:3e:cd:19:2f:eb:bb:cf:64:c1:23:fe:c3:
         2a:d0:d4:52:75:49:1e:e0:a1:ea:e6:41:94:89:ca:2e:aa:3a:
         f7:7a:0d:ec:50:16:20:b8:5a:16:17:65:01:e2:9e:c7:6a:6e:
         f6:ed:6e:3b:bb:d4:53:4c:ad:ba:45:6c:53:a2:23:e4:12:e4:
         7c:fc:1e:72:7e:3e:9a:ae:00:2a:21:19:d4:d5:e8:b4:fa:e5:
         c2:1c:4a:37:4f:c7:ac:47:83:89:89:95:57:65:d2:41:bd:03:
         c2:a2:9b:8d:8e:9c:0c:fc:a2:c3:43:6e:94:a9:11:ee:cf:55:
         3b:ed:36:dc:a6:9f:69:32:1f:3a:6f:6f:74:71:bb:15:a8:d6:
         ea:bb:af:36:87:c4:f1:d4:d6:10:35:ee:21:72:15:75:0e:72:
         48:e4:f1:34:da:57:41:ae:fc:9b:b1:9e:64:66:07:cf:07:de:
         73:8b:55:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZagxL4+pSJYM4cec/2ufAhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5OTRiZjg0ZGUzNmZmYjlkOTRiMjU3ZjMyNzgxMzQxOTQx
MzM0OTgwHhcNMjUwNTA1MTQwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTMwZGM3ZmFkYzdkNDcxYTE0ZTZlYzNlMTkxYTk0YTM1NzdhZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhy1DcUODMXcwEPfQC35yxHi9Qq1C
yqK5UCqaW0cT9SYDquAv5cgoJ1NZ+YI3W4nBV3dtuuY0CMyVYgDifZk2TSbRCTLG
fcApWbTcGp95AyVTGfjC7eQQr8FKBgjL+jPfUU1r2hMDaX+bna900/9k1qgz8Pu9
KrigQRaXibNar+0MtCZaeqdH9xRuHSNoRT3V+yv1yqPOMQE3Zt8DOUXJPowjPiuV
bq6D+2ZlK4VswW6mVJkvqohH7c5HsLHlG1KP1I4RoWGFLBN/GO5iMTHxmnGBo/un
nG1iU6AUeXNiTLJ1UHybnv9UQd/HtvrEydabPNQVUWsQHEjmdxm4dRRp1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4w3H+tx9RxoU5uw+GRqUo1d6/sMB8GA1UdIwQY
MBaAFBmUv4TeNv+52UslfzJ4E0GUEzSYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1pTX2hONDJfN25aU3lWX01uZ1RRWlFUTkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8wNGQ0YmItZWQ0Ni00MmUxLWIwNDUt
NDZhZjNlNTBjMDUyLzEvYmpEY2Y2M0gxSEdoVG03RDRaR3BTalYzci13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8wNGQ0YmItZWQ0Ni00MmUxLWIwNDUtNDZhZjNlNTBjMDUy
LzEvR1pTX2hONDJfN25aU3lWX01uZ1RRWlFUTkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZY8MA0G
CSqGSIb3DQEBCwUAA4IBAQCHV7dtVM2DHH8caQqc1wLS9drJh2b3HgZlC8QIgNAx
jdebtrAa0WmjoW71UKhdSFQ2j/kT7OuBR/1sLsk0z0FiBapdxvgpUraj6jgNFPk+
zRkv67vPZMEj/sMq0NRSdUke4KHq5kGUicouqjr3eg3sUBYguFoWF2UB4p7Ham72
7W47u9RTTK26RWxToiPkEuR8/B5yfj6argAqIRnU1ei0+uXCHEo3T8esR4OJiZVX
ZdJBvQPCopuNjpwM/KLDQ26UqRHuz1U77Tbcpp9pMh86b290cbsVqNbqu682h8Tx
1NYQNe4hchV1DnJI5PE02ldBrvybsZ5kZgfPB95zi1Xr
-----END CERTIFICATE-----