Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UAZ6fc5k9nKoC69iql47X3tzNXM.roa
File:                     UAZ6fc5k9nKoC69iql47X3tzNXM.roa (raw, json)
Hash identifier:          nNi36r7cNowkrg04ET0YQesX+6BatVUybyijIQp9DSE=
Subject key identifier:   50:06:7A:7D:CE:64:F6:72:A8:0B:AF:62:AA:5E:3B:5F:7B:73:35:73
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01968C8D4595F5B6D79219DA68356798F29D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UAZ6fc5k9nKoC69iql47X3tzNXM.roa
Signing time:             Thu 01 May 2025 15:53:10 +0000
ROA not before:           Thu 01 May 2025 15:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202364
IP address blocks:        89.213.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8c:8d:45:95:f5:b6:d7:92:19:da:68:35:67:98:f2:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  1 15:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50067a7dce64f672a80baf62aa5e3b5f7b733573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:aa:ca:c2:b9:05:e7:d9:4a:4d:7b:57:ba:13:
                    ed:6e:f5:fb:cb:26:97:c6:4e:95:27:be:22:7b:1a:
                    c6:18:97:af:21:68:9f:ba:e0:e9:8a:6a:81:19:5d:
                    52:98:52:2c:3e:eb:46:55:06:f9:27:15:df:38:80:
                    5a:9e:b1:50:53:ec:d6:c4:98:ea:eb:f0:12:a2:1d:
                    8a:c2:a1:e3:bf:28:24:fd:03:db:3d:b1:b3:a0:e7:
                    6f:f0:91:20:7a:49:98:f1:b3:10:c7:dd:70:ba:47:
                    e8:b8:4c:0b:ca:ab:f2:8e:ca:93:8e:40:d3:4c:75:
                    00:46:24:6e:5e:1d:83:6c:88:61:59:24:1b:4e:97:
                    20:d0:28:c5:af:f9:55:1c:26:f2:f4:1e:4c:9e:bc:
                    3b:2b:4c:53:a7:3f:fd:88:50:12:dd:40:b3:a6:66:
                    99:ed:75:37:80:fa:8a:95:5e:d7:2d:e9:78:f3:4c:
                    06:25:b7:aa:99:db:0b:63:c6:8b:0b:09:ef:6d:00:
                    8d:ca:d0:4d:31:fa:11:40:ea:3a:00:06:fe:37:d7:
                    89:37:79:3e:8e:2f:3e:e3:96:04:da:dd:68:da:39:
                    62:9d:54:81:93:c9:e5:59:a8:a0:38:67:2d:8d:24:
                    be:23:b0:75:18:12:29:ba:ce:cc:cc:89:4a:08:32:
                    20:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:06:7A:7D:CE:64:F6:72:A8:0B:AF:62:AA:5E:3B:5F:7B:73:35:73
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UAZ6fc5k9nKoC69iql47X3tzNXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:6b:70:1a:0a:2f:71:c5:4b:b8:d3:d7:2a:cd:dd:c7:e8:a2:
         f7:f6:5a:09:62:05:31:4f:29:07:49:bf:16:82:9a:ba:ec:6d:
         df:7b:d6:52:7b:3c:4d:24:8d:05:82:77:b5:ff:54:b5:58:d2:
         eb:f5:f6:c7:8e:78:d7:1c:66:26:f2:a1:10:28:59:87:be:7c:
         41:d9:1a:9f:bd:b2:ab:01:cc:ad:0d:d6:d4:34:56:f8:91:52:
         42:6d:c0:6c:80:77:c6:53:cc:72:12:71:1d:22:62:a1:3e:fe:
         5b:bd:bc:25:91:35:03:e8:28:53:c2:54:a1:77:3e:02:49:92:
         23:50:24:d5:25:9b:b3:db:29:f3:26:b8:98:6a:79:85:47:0d:
         f1:39:40:61:1b:1e:88:c3:08:3e:62:ab:76:69:02:c9:a8:06:
         50:b2:41:50:d6:78:de:53:a6:a2:01:2f:4f:12:62:b5:e5:45:
         41:d2:98:fb:1c:30:03:c7:8d:e0:40:1c:9e:33:b3:69:87:d2:
         6c:bb:dc:9e:9a:2d:6f:c2:f8:15:cb:9f:f5:1c:cc:c0:28:cb:
         e7:83:7f:20:e8:2a:35:eb:34:58:4f:01:85:5e:d5:c4:45:6f:
         bf:00:b6:3d:c4:74:af:d1:67:8d:c1:40:9e:e4:b4:f9:71:26:
         b4:63:f6:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaMjUWV9bbXkhnaaDVnmPKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTAxMTU1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDA2N2E3ZGNlNjRmNjcyYTgwYmFmNjJhYTVlM2I1ZjdiNzMzNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qrKwrkF59lKTXtXuhPtbvX7yyaX
xk6VJ74iexrGGJevIWifuuDpimqBGV1SmFIsPutGVQb5JxXfOIBanrFQU+zWxJjq
6/ASoh2KwqHjvygk/QPbPbGzoOdv8JEgekmY8bMQx91wukfouEwLyqvyjsqTjkDT
THUARiRuXh2DbIhhWSQbTpcg0CjFr/lVHCby9B5Mnrw7K0xTpz/9iFAS3UCzpmaZ
7XU3gPqKlV7XLel480wGJbeqmdsLY8aLCwnvbQCNytBNMfoRQOo6AAb+N9eJN3k+
ji8+45YE2t1o2jlinVSBk8nlWaigOGctjSS+I7B1GBIpus7MzIlKCDIgxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAGen3OZPZyqAuvYqpeO197czVzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVUFaNmZjNWs5bktvQzY5aXFsNDdYM3R6TlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXAMA0G
CSqGSIb3DQEBCwUAA4IBAQBNa3AaCi9xxUu409cqzd3H6KL39loJYgUxTykHSb8W
gpq67G3fe9ZSezxNJI0Fgne1/1S1WNLr9fbHjnjXHGYm8qEQKFmHvnxB2RqfvbKr
AcytDdbUNFb4kVJCbcBsgHfGU8xyEnEdImKhPv5bvbwlkTUD6ChTwlShdz4CSZIj
UCTVJZuz2ynzJriYanmFRw3xOUBhGx6Iwwg+Yqt2aQLJqAZQskFQ1njeU6aiAS9P
EmK15UVB0pj7HDADx43gQByeM7Nph9Jsu9yemi1vwvgVy5/1HMzAKMvng38g6Co1
6zRYTwGFXtXERW+/ALY9xHSv0WeNwUCe5LT5cSa0Y/bd
-----END CERTIFICATE-----