Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ju7CKY9Pl67AHDJG90Y2drJP7i8.roa
File:                     ju7CKY9Pl67AHDJG90Y2drJP7i8.roa (raw, json)
Hash identifier:          N4nmTwbW1A0qHnz0KhsU0tutESKmNVRcGv+chhDoTWM=
Subject key identifier:   8E:EE:C2:29:8F:4F:97:AE:C0:1C:32:46:F7:46:36:76:B2:4F:EE:2F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019686A3E74D6D593E4B6F156924E08EA2EC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ju7CKY9Pl67AHDJG90Y2drJP7i8.roa
Signing time:             Wed 30 Apr 2025 12:20:10 +0000
ROA not before:           Wed 30 Apr 2025 12:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        89.213.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 08:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:a3:e7:4d:6d:59:3e:4b:6f:15:69:24:e0:8e:a2:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 30 12:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8eeec2298f4f97aec01c3246f7463676b24fee2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4c:e6:ff:dd:82:2d:25:66:b3:a3:13:88:02:
                    5d:25:b6:59:fd:a0:25:19:d7:8d:32:9d:ff:db:72:
                    0d:f5:c2:14:92:aa:22:20:87:6e:63:2b:a5:e8:0e:
                    b6:ae:32:a4:17:19:7d:45:25:82:c1:47:27:4c:6a:
                    94:4c:5a:d0:b3:4f:0b:b4:52:96:63:4d:75:17:bf:
                    c3:08:29:ae:5d:44:4d:ee:38:16:80:b2:20:5b:44:
                    df:98:c0:7c:f3:2b:07:3f:a6:fe:e9:c4:13:97:af:
                    f6:9b:ea:78:1f:40:9e:c1:5f:2b:0e:05:7d:84:c2:
                    67:cb:d6:de:73:86:f3:14:d7:cd:c5:2e:80:42:0e:
                    cf:71:39:97:86:c2:69:45:80:35:2f:a2:00:c4:6b:
                    fe:39:06:39:fa:23:00:44:f6:9c:ab:24:ca:2c:96:
                    2f:2c:a3:f1:70:d7:b0:23:0e:2f:e5:d5:a3:f6:4e:
                    3e:f4:9c:42:24:2f:8f:18:7b:cf:1c:d8:eb:96:8d:
                    d2:40:d9:de:06:15:e1:e2:c7:8c:a2:ef:4b:35:c3:
                    5f:b1:12:ab:9a:f8:4f:49:79:e9:25:cb:80:34:cd:
                    ab:af:bd:b8:28:fb:fe:68:cc:d4:d9:34:db:96:29:
                    d0:fb:23:41:fe:cf:54:5d:af:0a:60:83:1e:04:fa:
                    22:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:EE:C2:29:8F:4F:97:AE:C0:1C:32:46:F7:46:36:76:B2:4F:EE:2F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ju7CKY9Pl67AHDJG90Y2drJP7i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:ec:f4:17:ca:f3:fc:46:83:f6:00:d3:1c:86:f0:03:7d:17:
         ad:8c:d4:ae:91:9a:48:69:21:5d:55:25:1e:5f:60:06:c0:b6:
         58:6c:3f:df:2b:49:90:ee:66:57:71:d5:5b:bc:df:38:13:64:
         94:f8:39:ce:45:02:49:d6:7c:cb:42:f9:6f:d8:2e:80:aa:0b:
         b2:22:ac:f5:b5:a1:1f:8e:ca:bc:6b:06:33:30:9e:44:f3:24:
         07:2e:3b:ea:fb:fd:ed:a4:21:bf:7c:3a:71:70:cf:1b:92:db:
         53:51:36:e7:d0:52:53:04:3d:e5:28:b8:97:ec:73:b5:32:1d:
         97:03:c7:60:c7:07:64:77:22:4a:31:64:4d:24:63:46:a9:b6:
         a2:95:52:d0:51:6c:27:ac:6c:c1:0c:79:6d:cf:7c:d8:c3:9b:
         ca:d3:13:4c:a8:b2:9d:9f:7d:29:2d:93:be:b5:8b:e7:77:dc:
         4e:f6:d1:6f:51:47:c0:44:0d:56:11:72:f7:59:55:d3:b9:a2:
         aa:8b:8c:83:08:2a:a1:c4:ed:b7:ee:3e:cc:18:83:b2:e6:71:
         7c:ef:93:e0:44:4b:38:b5:c0:bb:b6:83:bc:09:12:6a:a7:0e:
         1b:30:6f:3b:b2:d4:c6:4d:28:bf:d6:63:20:25:1c:52:0b:3d:
         20:8f:af:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaGo+dNbVk+S28VaSTgjqLsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDMwMTIyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWVlYzIyOThmNGY5N2FlYzAxYzMyNDZmNzQ2MzY3NmIyNGZlZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUzm/92CLSVms6MTiAJdJbZZ/aAl
GdeNMp3/23IN9cIUkqoiIIduYyul6A62rjKkFxl9RSWCwUcnTGqUTFrQs08LtFKW
Y011F7/DCCmuXURN7jgWgLIgW0TfmMB88ysHP6b+6cQTl6/2m+p4H0CewV8rDgV9
hMJny9bec4bzFNfNxS6AQg7PcTmXhsJpRYA1L6IAxGv+OQY5+iMARPacqyTKLJYv
LKPxcNewIw4v5dWj9k4+9JxCJC+PGHvPHNjrlo3SQNneBhXh4seMou9LNcNfsRKr
mvhPSXnpJcuANM2rr724KPv+aMzU2TTblinQ+yNB/s9UXa8KYIMeBPoiwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7uwimPT5euwBwyRvdGNnayT+4vMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvanU3Q0tZOVBsNjdBSERKRzkwWTJkckpQN2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWdUAMA0G
CSqGSIb3DQEBCwUAA4IBAQAv7PQXyvP8RoP2ANMchvADfRetjNSukZpIaSFdVSUe
X2AGwLZYbD/fK0mQ7mZXcdVbvN84E2SU+DnORQJJ1nzLQvlv2C6AqguyIqz1taEf
jsq8awYzMJ5E8yQHLjvq+/3tpCG/fDpxcM8bkttTUTbn0FJTBD3lKLiX7HO1Mh2X
A8dgxwdkdyJKMWRNJGNGqbailVLQUWwnrGzBDHltz3zYw5vK0xNMqLKdn30pLZO+
tYvnd9xO9tFvUUfARA1WEXL3WVXTuaKqi4yDCCqhxO237j7MGIOy5nF875PgREs4
tcC7toO8CRJqpw4bMG87stTGTSi/1mMgJRxSCz0gj69p
-----END CERTIFICATE-----