Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/1-HTDTTyHqsL8qWvl7tdyMvlROZo.roa
File:                     1-HTDTTyHqsL8qWvl7tdyMvlROZo.roa (raw, json)
Hash identifier:          rDjH3KjSESto7R5VRIkalhKhlHHWAhNK5nCorKVRQGY=
Subject key identifier:   F8:74:C3:4D:3C:87:AA:C2:FC:A9:6B:E5:EE:D7:72:32:F9:51:39:9A
Certificate issuer:       /CN=b541558181f7863119bf4a1554c75dab1f6c5292
Certificate serial:       019691805B367D81C841CE44BD9C52C630DD
Authority key identifier: B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/1-HTDTTyHqsL8qWvl7tdyMvlROZo.roa
Signing time:             Fri 02 May 2025 14:57:10 +0000
ROA not before:           Fri 02 May 2025 14:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207957
IP address blocks:        89.169.12.0/24 maxlen: 24
                          89.169.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 18:19:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:80:5b:36:7d:81:c8:41:ce:44:bd:9c:52:c6:30:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b541558181f7863119bf4a1554c75dab1f6c5292
        Validity
            Not Before: May  2 14:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f874c34d3c87aac2fca96be5eed77232f951399a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:20:eb:40:a6:f9:33:b2:87:84:42:0d:2c:a3:
                    c1:f4:b3:87:f2:12:69:3b:63:c4:ac:8c:d2:27:0a:
                    07:24:a1:22:b8:24:d9:61:91:92:52:b9:8f:6a:2e:
                    92:f8:3f:24:ab:95:30:43:77:60:dc:9c:32:f0:3b:
                    3e:50:f4:f2:c6:02:e8:b8:d8:32:60:c0:c4:03:a2:
                    5f:07:d4:df:b0:2a:08:b3:da:90:d0:3b:09:59:6c:
                    8f:41:0f:d5:6f:1e:c6:45:26:1b:d4:fb:14:00:75:
                    87:aa:34:08:1f:cb:31:47:a6:a8:06:e6:12:f2:ef:
                    00:f5:ea:6c:0c:6e:76:17:91:40:25:c5:8d:79:6e:
                    a8:ef:9b:4a:51:34:61:d5:44:93:38:cf:d5:2f:40:
                    ec:e4:dd:f7:5f:0e:73:95:a0:7a:66:6f:2f:f5:6b:
                    e2:ce:19:e7:e6:40:b5:fa:40:7b:c9:fd:71:dd:84:
                    08:f0:ed:fe:90:a7:1e:c8:a4:77:ba:39:58:14:6a:
                    d6:af:1a:f4:db:43:aa:14:7c:4d:5a:cd:44:00:f4:
                    73:d2:59:9b:62:2e:6e:b7:9d:b6:88:52:30:0a:4d:
                    9b:ae:b6:6b:83:33:d5:7f:45:2c:3d:97:6f:3a:60:
                    78:32:d1:15:a8:15:34:75:a2:25:7c:3e:a9:b8:67:
                    46:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:74:C3:4D:3C:87:AA:C2:FC:A9:6B:E5:EE:D7:72:32:F9:51:39:9A
            X509v3 Authority Key Identifier:
                keyid:B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/1-HTDTTyHqsL8qWvl7tdyMvlROZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.169.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:14:f4:53:79:45:b2:67:73:e8:e1:0b:41:d3:a4:e9:12:5a:
         de:53:a6:d2:f0:7e:e5:6a:cd:73:81:79:86:5f:72:4a:ea:90:
         de:af:9f:cd:bf:79:2d:a2:17:c7:62:9f:46:62:ee:0b:dc:f2:
         95:a3:6a:4a:e6:42:21:e3:3d:7a:1b:3d:a8:95:f7:d3:9e:6a:
         93:88:a3:29:79:93:dd:7d:f0:86:de:c4:28:69:c8:35:93:5c:
         e5:d2:b8:c4:d9:53:9e:48:c3:6d:4a:19:7a:0e:76:92:fc:7f:
         03:95:37:42:bc:a3:95:68:c9:1b:47:29:90:55:b5:17:1e:bd:
         44:72:10:1e:ae:5d:c7:a7:98:63:17:89:b7:bd:57:1c:85:9f:
         7c:ae:57:21:9e:db:8b:5b:85:38:95:f5:89:e8:12:e6:72:4a:
         3e:51:f3:1f:7f:76:47:a6:b6:1a:d3:0a:f2:62:5b:3e:d3:d8:
         61:53:84:ff:d9:13:34:a7:a6:c5:ab:3b:55:50:2b:50:18:8c:
         f0:1c:0a:ac:a8:b7:16:37:e7:cb:56:ce:bc:fd:0f:79:8f:2c:
         18:f6:09:db:56:01:ad:32:a0:21:42:33:2b:77:87:9b:f2:a3:
         21:05:a8:d7:43:ba:ef:17:8e:e9:bf:e8:d3:ea:ee:d6:bc:af:
         c1:ae:d9:fb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaRgFs2fYHIQc5EvZxSxjDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDE1NTgxODFmNzg2MzExOWJmNGExNTU0Yzc1ZGFiMWY2
YzUyOTIwHhcNMjUwNTAyMTQ1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODc0YzM0ZDNjODdhYWMyZmNhOTZiZTVlZWQ3NzIzMmY5NTEzOTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliDrQKb5M7KHhEINLKPB9LOH8hJp
O2PErIzSJwoHJKEiuCTZYZGSUrmPai6S+D8kq5UwQ3dg3Jwy8Ds+UPTyxgLouNgy
YMDEA6JfB9TfsCoIs9qQ0DsJWWyPQQ/Vbx7GRSYb1PsUAHWHqjQIH8sxR6aoBuYS
8u8A9epsDG52F5FAJcWNeW6o75tKUTRh1USTOM/VL0Ds5N33Xw5zlaB6Zm8v9Wvi
zhnn5kC1+kB7yf1x3YQI8O3+kKceyKR3ujlYFGrWrxr020OqFHxNWs1EAPRz0lmb
Yi5ut522iFIwCk2brrZrgzPVf0UsPZdvOmB4MtEVqBU0daIlfD6puGdGCwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPh0w008h6rC/Klr5e7XcjL5UTmaMB8GA1UdIwQY
MBaAFLVBVYGB94YxGb9KFVTHXasfbFKSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMt
NTcxYjZjNjEyYmVjLzEvMS1IVERUVHlIcXNMOHFXdmw3dGR5TXZsUk9aby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTYvNGRkMTY5LThkY2ItNDY1My04YTAzLTU3MWI2YzYxMmJl
Yy8xL3RVRlZnWUgzaGpFWnYwb1ZWTWRkcXg5c1VwSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVmpDDAN
BgkqhkiG9w0BAQsFAAOCAQEAmhT0U3lFsmdz6OELQdOk6RJa3lOm0vB+5WrNc4F5
hl9ySuqQ3q+fzb95LaIXx2KfRmLuC9zylaNqSuZCIeM9ehs9qJX3055qk4ijKXmT
3X3wht7EKGnINZNc5dK4xNlTnkjDbUoZeg52kvx/A5U3QryjlWjJG0cpkFW1Fx69
RHIQHq5dx6eYYxeJt71XHIWffK5XIZ7bi1uFOJX1iegS5nJKPlHzH392R6a2GtMK
8mJbPtPYYVOE/9kTNKemxas7VVArUBiM8BwKrKi3Fjfny1bOvP0PeY8sGPYJ21YB
rTKgIUIzK3eHm/KjIQWo10O67xeO6b/o0+ru1ryvwa7Z+w==
-----END CERTIFICATE-----