Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/I2NZbRR37shFYjdW5-JMKhSMXtU.roa
File:                     I2NZbRR37shFYjdW5-JMKhSMXtU.roa (raw, json)
Hash identifier:          GcOLL2TL23qlIweIa9Lvj8OiuFWXtj95gxIIL30IAyg=
Subject key identifier:   23:63:59:6D:14:77:EE:C8:45:62:37:56:E7:E2:4C:2A:14:8C:5E:D5
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0196661A6E7712014E15233FC9CFC8EBC736
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/I2NZbRR37shFYjdW5-JMKhSMXtU.roa
Signing time:             Thu 24 Apr 2025 04:42:10 +0000
ROA not before:           Thu 24 Apr 2025 04:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214922
IP address blocks:        89.44.240.0/24 maxlen: 24
                          188.212.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:1a:6e:77:12:01:4e:15:23:3f:c9:cf:c8:eb:c7:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Apr 24 04:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2363596d1477eec845623756e7e24c2a148c5ed5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:6f:3d:a0:fc:c2:79:6f:a2:4b:fd:e9:8a:0a:
                    bd:00:db:57:b0:95:d2:42:34:fa:07:13:ff:44:6a:
                    27:f7:f5:b1:84:4d:13:90:fb:95:1d:b3:99:28:7c:
                    49:74:04:d5:9f:d0:37:37:52:d6:fc:22:41:6c:53:
                    51:51:8b:6e:42:c8:30:10:9b:ef:dd:1b:f4:c4:4a:
                    15:fc:d2:80:42:57:4a:b0:31:c8:d0:8d:9c:f6:f3:
                    03:17:0f:fc:4d:a7:e3:45:2f:08:32:97:fe:2a:c0:
                    fe:df:d6:e6:7f:7e:e6:0e:7f:17:96:6b:1d:43:37:
                    c7:46:d5:c0:20:2a:da:2c:af:22:ec:13:d8:47:69:
                    94:68:2d:c2:38:cb:d8:60:a7:e8:6a:ee:96:8f:83:
                    39:72:ac:9b:9d:45:db:4f:6e:ed:b9:54:58:06:a1:
                    13:c3:e6:cc:88:41:4e:12:25:7a:f0:c9:40:74:60:
                    a7:c7:f7:94:ac:f5:dc:a5:a1:f7:d6:b0:e3:e2:45:
                    b8:40:2e:66:7b:97:a9:5d:21:00:c7:6c:39:e2:11:
                    52:df:03:b2:27:db:96:5b:91:7b:8e:50:41:9f:ad:
                    dd:2f:af:81:3b:c8:61:78:7d:87:8c:db:3b:3d:86:
                    85:6b:4c:ec:f8:bf:4c:b4:a5:0e:91:ab:85:6b:24:
                    c3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:63:59:6D:14:77:EE:C8:45:62:37:56:E7:E2:4C:2A:14:8C:5E:D5
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/I2NZbRR37shFYjdW5-JMKhSMXtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.240.0/24
                  188.212.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:47:0a:89:32:a2:b9:78:7a:2f:b3:82:57:ab:aa:96:c5:92:
         f8:e5:5c:4c:5e:7c:a7:da:10:cd:9d:b4:f9:a4:65:6c:55:bd:
         7d:15:69:d1:03:86:82:4d:09:05:bc:95:8d:e9:87:1d:26:28:
         62:71:23:41:cc:ae:d3:eb:03:79:8d:87:e3:6b:a7:20:e4:e4:
         05:c6:ab:b1:0d:e2:61:fb:a7:b9:57:aa:23:84:fc:11:84:a2:
         60:f8:95:e9:41:e7:9f:17:86:bd:a2:9f:48:c9:cd:30:c3:ae:
         42:29:75:80:fd:7b:f8:9a:65:13:30:ed:de:89:8c:64:5c:6c:
         76:07:e1:7b:b3:dd:3d:b3:a2:ac:91:93:96:eb:27:b3:95:9d:
         6e:87:6b:07:cd:da:11:e9:0c:f8:9e:09:c2:f4:b2:3f:d0:7f:
         d1:5f:ed:cf:3d:57:86:83:97:85:c6:84:40:0f:af:e0:cb:82:
         0b:ae:a1:2f:fe:3e:61:d5:85:6e:9e:6c:ad:10:a2:cc:77:29:
         21:2a:3c:7a:7d:79:c5:01:01:eb:fa:c2:48:c6:4d:d5:b0:f0:
         09:3b:07:5e:4a:3e:f5:7f:00:52:f0:bf:ae:4f:f3:b8:86:44:
         fc:82:34:2d:bb:af:b1:86:87:74:20:80:08:5d:1d:1d:21:dd:
         e7:0e:10:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZmGm53EgFOFSM/yc/I68c2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNDI0MDQ0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzYzNTk2ZDE0NzdlZWM4NDU2MjM3NTZlN2UyNGMyYTE0OGM1ZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4m89oPzCeW+iS/3pigq9ANtXsJXS
QjT6BxP/RGon9/WxhE0TkPuVHbOZKHxJdATVn9A3N1LW/CJBbFNRUYtuQsgwEJvv
3Rv0xEoV/NKAQldKsDHI0I2c9vMDFw/8TafjRS8IMpf+KsD+39bmf37mDn8Xlmsd
QzfHRtXAICraLK8i7BPYR2mUaC3COMvYYKfoau6Wj4M5cqybnUXbT27tuVRYBqET
w+bMiEFOEiV68MlAdGCnx/eUrPXcpaH31rDj4kW4QC5me5epXSEAx2w54hFS3wOy
J9uWW5F7jlBBn63dL6+BO8hheH2HjNs7PYaFa0zs+L9MtKUOkauFayTDVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCNjWW0Ud+7IRWI3VufiTCoUjF7VMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvSTJOWmJSUjM3c2hGWWpkVzUtSk1LaFNNWHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSzwAwQA
vNRiMA0GCSqGSIb3DQEBCwUAA4IBAQAfRwqJMqK5eHovs4JXq6qWxZL45VxMXnyn
2hDNnbT5pGVsVb19FWnRA4aCTQkFvJWN6YcdJihicSNBzK7T6wN5jYfja6cg5OQF
xquxDeJh+6e5V6ojhPwRhKJg+JXpQeefF4a9op9Iyc0ww65CKXWA/Xv4mmUTMO3e
iYxkXGx2B+F7s909s6KskZOW6yezlZ1uh2sHzdoR6Qz4ngnC9LI/0H/RX+3PPVeG
g5eFxoRAD6/gy4ILrqEv/j5h1YVunmytEKLMdykhKjx6fXnFAQHr+sJIxk3VsPAJ
OwdeSj71fwBS8L+uT/O4hkT8gjQtu6+xhod0IIAIXR0dId3nDhCx
-----END CERTIFICATE-----