Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/k6nJrNo-jSsvVeSK6lSiaksWG5g.roa
File:                     k6nJrNo-jSsvVeSK6lSiaksWG5g.roa (raw, json)
Hash identifier:          Fp7Ix9hoBLeGuJ2csDPwYQazA7zbD4nTOxDU/7xjqIk=
Subject key identifier:   93:A9:C9:AC:DA:3E:8D:2B:2F:55:E4:8A:EA:54:A2:6A:4B:16:1B:98
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       0196B927B8C8BAFCD2A876DA8077F85E31EF
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/k6nJrNo-jSsvVeSK6lSiaksWG5g.roa
Signing time:             Sat 10 May 2025 07:45:10 +0000
ROA not before:           Sat 10 May 2025 07:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        89.18.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b9:27:b8:c8:ba:fc:d2:a8:76:da:80:77:f8:5e:31:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: May 10 07:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93a9c9acda3e8d2b2f55e48aea54a26a4b161b98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b3:cd:84:bd:ef:7c:b2:93:d0:75:dd:af:e5:
                    a6:a9:60:7e:dc:d9:92:19:f6:b4:ec:a8:e6:11:f2:
                    d9:92:84:d2:43:90:60:c9:63:a0:f4:ee:8a:3c:cb:
                    84:57:f8:6b:a1:e4:21:32:79:b9:1b:fa:84:ee:a7:
                    49:4a:69:97:12:d6:05:4e:e8:fd:c3:52:54:30:54:
                    f4:95:33:ac:4c:0f:de:d6:b0:a8:1e:a4:c6:5d:be:
                    17:69:9a:f3:fd:57:28:68:a4:66:4d:92:21:c2:75:
                    d2:34:24:5d:2a:17:06:75:2d:94:25:0b:04:99:b4:
                    78:4d:79:af:be:93:ca:77:3d:d3:86:3b:61:45:45:
                    fc:c8:17:0e:67:00:5c:e2:d1:f6:7b:c3:68:05:d2:
                    fb:3e:d6:d9:45:51:9f:ea:db:23:12:a2:c9:01:71:
                    84:3f:86:39:43:75:48:1d:c9:0a:2a:aa:ee:da:56:
                    82:1e:74:72:1a:80:31:3f:18:a8:a2:14:c1:6a:9d:
                    59:63:36:51:63:bc:46:68:d4:ad:6f:23:58:bb:9c:
                    33:37:48:d7:25:e6:65:f7:93:6e:f3:d4:74:b0:ba:
                    2a:9f:c9:36:da:33:0b:ea:1c:40:a9:8f:6d:9e:13:
                    0e:56:77:25:17:db:95:70:31:aa:18:44:61:22:c9:
                    54:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A9:C9:AC:DA:3E:8D:2B:2F:55:E4:8A:EA:54:A2:6A:4B:16:1B:98
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/k6nJrNo-jSsvVeSK6lSiaksWG5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:2f:d9:6b:ae:aa:d7:a1:ae:50:73:4d:c2:2c:2b:c7:e2:e3:
         5f:88:4d:83:f0:9a:9f:7b:3e:0e:7c:83:d2:95:93:a9:76:b7:
         5f:14:c0:fa:49:5d:39:b9:e8:9f:2a:42:59:b0:f4:c3:46:ea:
         c5:74:9b:d8:cd:31:22:da:21:98:ef:36:91:40:69:57:68:77:
         b3:06:41:73:ad:44:78:d0:3d:3f:c3:64:17:6e:43:7a:6d:3b:
         f5:04:06:00:1f:3f:fc:ac:9c:b4:c2:b0:f2:41:53:85:4f:18:
         60:8b:14:af:3c:c9:0b:1b:9a:cf:8d:78:43:e7:50:99:b7:37:
         9b:da:3e:5a:0d:78:4f:f0:dd:4f:bb:95:8d:fb:ad:82:51:a3:
         e9:01:b5:e7:dd:64:3e:64:94:67:6c:0a:ac:bf:8f:cc:0a:bb:
         32:45:3b:21:ee:69:9b:7e:17:01:63:32:17:d0:2d:a6:bc:84:
         6d:4d:8e:a9:69:24:42:df:3c:a5:a5:e1:c6:56:e0:ad:2e:29:
         01:73:91:80:cc:e5:63:fc:53:ff:06:93:09:fb:63:96:ac:92:
         7b:36:2e:6d:c6:93:2b:18:62:87:82:10:ec:50:4e:22:d5:27:
         eb:df:57:fb:f6:70:fd:59:b5:c7:88:9f:45:63:2c:44:d9:e5:
         dd:a5:35:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa5J7jIuvzSqHbagHf4XjHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUwNTEwMDc0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2E5YzlhY2RhM2U4ZDJiMmY1NWU0OGFlYTU0YTI2YTRiMTYxYjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7PNhL3vfLKT0HXdr+WmqWB+3NmS
Gfa07KjmEfLZkoTSQ5BgyWOg9O6KPMuEV/hroeQhMnm5G/qE7qdJSmmXEtYFTuj9
w1JUMFT0lTOsTA/e1rCoHqTGXb4XaZrz/VcoaKRmTZIhwnXSNCRdKhcGdS2UJQsE
mbR4TXmvvpPKdz3ThjthRUX8yBcOZwBc4tH2e8NoBdL7PtbZRVGf6tsjEqLJAXGE
P4Y5Q3VIHckKKqru2laCHnRyGoAxPxioohTBap1ZYzZRY7xGaNStbyNYu5wzN0jX
JeZl95Nu89R0sLoqn8k22jML6hxAqY9tnhMOVnclF9uVcDGqGERhIslUrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOpyazaPo0rL1XkiupUompLFhuYMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvazZuSnJOby1qU3N2VmVTSzZsU2lha3NXRzVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI0MA0G
CSqGSIb3DQEBCwUAA4IBAQAcL9lrrqrXoa5Qc03CLCvH4uNfiE2D8Jqfez4OfIPS
lZOpdrdfFMD6SV05ueifKkJZsPTDRurFdJvYzTEi2iGY7zaRQGlXaHezBkFzrUR4
0D0/w2QXbkN6bTv1BAYAHz/8rJy0wrDyQVOFTxhgixSvPMkLG5rPjXhD51CZtzeb
2j5aDXhP8N1Pu5WN+62CUaPpAbXn3WQ+ZJRnbAqsv4/MCrsyRTsh7mmbfhcBYzIX
0C2mvIRtTY6paSRC3zylpeHGVuCtLikBc5GAzOVj/FP/BpMJ+2OWrJJ7Ni5txpMr
GGKHghDsUE4i1Sfr31f79nD9WbXHiJ9FYyxE2eXdpTVp
-----END CERTIFICATE-----