Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-VZuIwVkRgo619APRmiGobLEe2k.roa
File:                     1-VZuIwVkRgo619APRmiGobLEe2k.roa (raw, json)
Hash identifier:          ELMJnBOGAspkS2EKJPUzCE4JjiJqCGzZz4I7y3MQK0c=
Subject key identifier:   F9:56:6E:23:05:64:46:0A:3A:D7:D0:0F:46:68:86:A1:B2:C4:7B:69
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0196661E184370128D14132DE376228AFE4D
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-VZuIwVkRgo619APRmiGobLEe2k.roa
Signing time:             Thu 24 Apr 2025 04:46:10 +0000
ROA not before:           Thu 24 Apr 2025 04:46:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48359
IP address blocks:        89.44.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:1e:18:43:70:12:8d:14:13:2d:e3:76:22:8a:fe:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Apr 24 04:46:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9566e230564460a3ad7d00f466886a1b2c47b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:57:95:eb:df:80:84:c5:0f:b3:92:01:93:18:
                    c6:7f:84:ad:06:98:32:11:76:93:8f:17:6f:ae:c9:
                    73:fb:d5:7a:9f:46:4b:f1:af:a1:ec:2f:f6:b6:e4:
                    78:02:d8:60:8e:0b:a2:a6:82:31:31:e4:ea:dd:e5:
                    80:6c:a3:d5:b3:87:da:17:6f:fc:0e:50:b4:87:ec:
                    98:92:3e:19:e8:e8:9b:1c:70:6b:4a:66:74:eb:37:
                    5c:0a:d6:bd:ea:83:35:81:aa:93:d6:9a:e2:b6:b4:
                    4b:e5:1d:fb:7a:a9:18:e6:14:c8:31:8e:ea:a1:58:
                    06:e4:fd:f5:61:de:ba:57:d2:ac:e6:86:46:c9:e3:
                    cf:fb:fc:41:10:60:26:c5:d3:f6:9c:c9:26:34:b6:
                    1a:f0:a6:43:27:3a:c2:70:99:1f:07:8c:89:c7:3c:
                    bc:97:82:ed:43:cb:e9:45:26:ed:3a:5b:bf:b7:0c:
                    9d:03:84:14:db:a0:e3:74:26:6d:ae:67:ca:f6:12:
                    49:1c:d3:d7:2e:62:3b:74:20:21:1e:f9:16:00:0f:
                    56:92:c3:ed:60:be:a4:c2:95:ae:d2:fc:ca:b7:c3:
                    f5:bf:04:a1:88:49:8b:e5:b8:70:15:28:eb:a8:d0:
                    10:14:c1:c5:ae:36:27:68:73:e2:b3:d3:b8:7a:16:
                    8d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:56:6E:23:05:64:46:0A:3A:D7:D0:0F:46:68:86:A1:B2:C4:7B:69
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-VZuIwVkRgo619APRmiGobLEe2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:4b:ea:42:60:77:85:9c:fe:b6:a4:ec:58:73:f4:0f:1b:2d:
         a8:7d:c3:1f:c1:da:de:b5:18:ab:df:2c:d9:d4:f9:0d:9d:f6:
         57:88:28:ea:6b:bb:2b:cd:c2:7f:bf:58:09:46:31:d4:0d:06:
         7d:8f:e7:2d:16:70:04:91:33:e4:ab:ee:9e:97:37:00:03:64:
         cc:dc:37:ff:bc:c8:10:bc:37:2b:1e:6f:ec:1f:e6:16:9e:0a:
         c3:b6:3b:b4:75:48:c8:45:40:b4:0d:ae:2d:e9:5a:0b:4f:18:
         de:06:c3:5e:ef:44:0b:4a:59:51:ef:28:28:e8:10:45:a6:fa:
         6c:ec:4e:05:31:1e:ed:8b:f5:7d:18:a0:b7:9a:69:28:96:d1:
         a9:09:45:0a:8b:4c:1c:e9:06:a0:c3:1e:3d:89:55:18:ae:8c:
         9f:87:66:c1:0d:a5:d4:91:e5:2b:2a:76:01:e7:d7:4b:31:e0:
         0a:0f:2d:40:c3:9c:4c:de:0d:1c:ee:ab:9a:8d:59:5e:3d:54:
         36:3e:32:4c:b8:47:31:c9:1b:98:65:fc:94:73:a4:c2:7c:f3:
         42:95:8a:90:35:3f:89:5d:4c:93:40:fd:17:25:19:4a:bc:95:
         1e:9f:5b:ca:d5:b4:75:6e:00:45:ae:4b:f3:d7:ab:c5:46:d4:
         8f:c4:d5:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZmHhhDcBKNFBMt43Yiiv5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNDI0MDQ0NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTU2NmUyMzA1NjQ0NjBhM2FkN2QwMGY0NjY4ODZhMWIyYzQ3YjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFeV69+AhMUPs5IBkxjGf4StBpgy
EXaTjxdvrslz+9V6n0ZL8a+h7C/2tuR4AthgjguipoIxMeTq3eWAbKPVs4faF2/8
DlC0h+yYkj4Z6OibHHBrSmZ06zdcCta96oM1gaqT1pritrRL5R37eqkY5hTIMY7q
oVgG5P31Yd66V9Ks5oZGyePP+/xBEGAmxdP2nMkmNLYa8KZDJzrCcJkfB4yJxzy8
l4LtQ8vpRSbtOlu/twydA4QU26DjdCZtrmfK9hJJHNPXLmI7dCAhHvkWAA9WksPt
YL6kwpWu0vzKt8P1vwShiEmL5bhwFSjrqNAQFMHFrjYnaHPis9O4ehaNZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlWbiMFZEYKOtfQD0ZohqGyxHtpMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvMS1WWnVJd1ZrUmdvNjE5QVBSbWlHb2JMRWUyay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTIvYzk2MWEwLTRmNTMtNDIyYS1iN2RkLTNkZmE1MTBkNmIx
Ni8xL2JkczRzMFBhTFJHVENlMnFHY2VuaUhBeWZyNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFks8TAN
BgkqhkiG9w0BAQsFAAOCAQEArUvqQmB3hZz+tqTsWHP0DxstqH3DH8Ha3rUYq98s
2dT5DZ32V4go6mu7K83Cf79YCUYx1A0GfY/nLRZwBJEz5Kvunpc3AANkzNw3/7zI
ELw3Kx5v7B/mFp4Kw7Y7tHVIyEVAtA2uLelaC08Y3gbDXu9EC0pZUe8oKOgQRab6
bOxOBTEe7Yv1fRigt5ppKJbRqQlFCotMHOkGoMMePYlVGK6Mn4dmwQ2l1JHlKyp2
AefXSzHgCg8tQMOcTN4NHO6rmo1ZXj1UNj4yTLhHMckbmGX8lHOkwnzzQpWKkDU/
iV1Mk0D9FyUZSryVHp9bytW0dW4ARa5L89erxUbUj8TVQg==
-----END CERTIFICATE-----