Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/I2uFWuTYZT0gRFH8fPcliWi6V2A.roa
File:                     I2uFWuTYZT0gRFH8fPcliWi6V2A.roa (raw, json)
Hash identifier:          EQ1p8Crm3cKAgEu6mBRi6UeMxB0gZMgoaZZh8HcPa4U=
Subject key identifier:   23:6B:85:5A:E4:D8:65:3D:20:44:51:FC:7C:F7:25:89:68:BA:57:60
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01966D52E385F3C046C0553CDB30ADEDCB4A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/I2uFWuTYZT0gRFH8fPcliWi6V2A.roa
Signing time:             Fri 25 Apr 2025 14:21:10 +0000
ROA not before:           Fri 25 Apr 2025 14:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50321
IP address blocks:        89.213.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6d:52:e3:85:f3:c0:46:c0:55:3c:db:30:ad:ed:cb:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 25 14:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=236b855ae4d8653d204451fc7cf7258968ba5760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1e:50:77:45:c6:ec:d7:71:b5:35:55:f6:e8:
                    99:3d:5c:ca:d1:52:65:aa:02:40:15:d9:74:11:2e:
                    a9:a3:a2:5f:77:b2:79:9f:bd:34:7c:4d:c6:31:17:
                    ca:ea:27:47:12:d9:63:08:d1:40:d4:94:43:7e:7e:
                    d6:51:aa:c4:6e:10:da:31:a1:1a:ef:27:13:cf:c5:
                    9b:19:02:50:f1:39:fa:6c:d0:e9:c6:a2:0c:67:75:
                    1b:85:95:5c:9e:71:da:8d:3b:10:ca:99:43:6e:0d:
                    56:d7:44:ea:10:70:c2:4b:82:6c:a2:e2:e3:b3:d0:
                    87:a2:a8:fa:9f:66:d7:7b:25:ca:b6:c0:d1:7d:72:
                    2b:de:e0:f8:88:52:8c:34:39:f2:d5:8a:38:bd:2d:
                    a9:0e:2f:f9:52:28:dd:73:b2:40:0a:3f:56:82:ad:
                    9f:c9:28:f6:34:2a:1d:08:1f:8a:d7:05:57:8c:26:
                    37:ba:96:11:77:91:c2:cd:fc:3e:19:e7:73:67:97:
                    c0:9a:94:82:82:48:1e:f0:54:1c:40:98:9c:32:41:
                    f4:79:4a:89:30:f3:39:c0:61:6e:2b:5b:7b:30:1c:
                    49:78:9d:8e:5c:da:c0:a0:1f:0f:a4:2b:24:a9:d0:
                    ac:68:99:c9:af:f8:be:cd:f6:35:2a:d0:b3:2c:3f:
                    55:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:6B:85:5A:E4:D8:65:3D:20:44:51:FC:7C:F7:25:89:68:BA:57:60
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/I2uFWuTYZT0gRFH8fPcliWi6V2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:e6:31:16:ba:f1:b8:4a:64:39:f0:bd:83:3c:32:80:4b:89:
         d9:53:ad:76:bc:ba:c6:ee:73:15:6a:12:24:60:5c:66:3c:a5:
         3a:c1:90:14:e7:30:ba:c1:e8:fa:57:db:e1:79:ff:bd:82:b4:
         2a:30:39:2c:be:c2:bc:15:13:15:c4:c3:91:71:72:83:30:cb:
         05:b3:c0:9a:f3:6c:3b:7d:d6:76:43:5b:8e:ac:94:a8:d6:28:
         a6:af:d4:52:02:b4:d9:21:31:b2:07:3b:ad:11:53:c9:8d:5c:
         71:8b:1e:e5:e6:e9:2d:3b:01:af:75:11:5b:c8:c9:4c:dc:d9:
         eb:52:3c:f2:e3:f0:59:ca:f9:73:fc:35:99:8f:e4:f0:a8:4d:
         51:f1:14:3e:82:58:fb:a1:7f:a8:2c:4c:ce:f4:e9:77:c4:49:
         1c:de:85:9b:a1:0c:aa:67:61:4f:b0:c2:41:b3:7b:a8:fe:d8:
         e6:c4:a4:0d:75:9f:e0:68:b9:44:5b:96:c3:db:c3:d5:c2:b9:
         1a:ca:49:85:c6:e6:70:ff:44:87:d3:71:2e:54:78:6c:1f:35:
         ec:07:7f:cc:6f:8b:dc:bd:3c:ef:52:fe:09:ab:61:11:23:bd:
         fa:b2:c6:5d:f5:5f:72:f6:2c:1a:6f:ce:cd:61:7a:cc:db:b1:
         92:88:8c:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZtUuOF88BGwFU82zCt7ctKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDI1MTQyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzZiODU1YWU0ZDg2NTNkMjA0NDUxZmM3Y2Y3MjU4OTY4YmE1NzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsR5Qd0XG7NdxtTVV9uiZPVzK0VJl
qgJAFdl0ES6po6Jfd7J5n700fE3GMRfK6idHEtljCNFA1JRDfn7WUarEbhDaMaEa
7ycTz8WbGQJQ8Tn6bNDpxqIMZ3UbhZVcnnHajTsQyplDbg1W10TqEHDCS4JsouLj
s9CHoqj6n2bXeyXKtsDRfXIr3uD4iFKMNDny1Yo4vS2pDi/5Uijdc7JACj9Wgq2f
ySj2NCodCB+K1wVXjCY3upYRd5HCzfw+GedzZ5fAmpSCgkge8FQcQJicMkH0eUqJ
MPM5wGFuK1t7MBxJeJ2OXNrAoB8PpCskqdCsaJnJr/i+zfY1KtCzLD9VKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNrhVrk2GU9IERR/Hz3JYlouldgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSTJ1Rld1VFlaVDBnUkZIOGZQY2xpV2k2VjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdVyMA0G
CSqGSIb3DQEBCwUAA4IBAQCe5jEWuvG4SmQ58L2DPDKAS4nZU612vLrG7nMVahIk
YFxmPKU6wZAU5zC6wej6V9vhef+9grQqMDksvsK8FRMVxMORcXKDMMsFs8Ca82w7
fdZ2Q1uOrJSo1iimr9RSArTZITGyBzutEVPJjVxxix7l5uktOwGvdRFbyMlM3Nnr
Ujzy4/BZyvlz/DWZj+TwqE1R8RQ+glj7oX+oLEzO9Ol3xEkc3oWboQyqZ2FPsMJB
s3uo/tjmxKQNdZ/gaLlEW5bD28PVwrkaykmFxuZw/0SH03EuVHhsHzXsB3/Mb4vc
vTzvUv4Jq2ERI736ssZd9V9y9iwab87NYXrM27GSiIyM
-----END CERTIFICATE-----