Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2-3I3EoG3Yajqz7DqIb-LQi7o64.roa
File:                     2-3I3EoG3Yajqz7DqIb-LQi7o64.roa (raw, json)
Hash identifier:          mEsMBbZ6/p1l2GcJNb2PhJxXilnilneFobyV9gqaDeE=
Subject key identifier:   DB:ED:C8:DC:4A:06:DD:86:A3:AB:3E:C3:A8:86:FE:2D:08:BB:A3:AE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01967B97D82E8C5A0FD8EA139CB0773A19AA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2-3I3EoG3Yajqz7DqIb-LQi7o64.roa
Signing time:             Mon 28 Apr 2025 08:51:10 +0000
ROA not before:           Mon 28 Apr 2025 08:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        89.213.206.0/23 maxlen: 24
                          213.218.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 14:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:97:d8:2e:8c:5a:0f:d8:ea:13:9c:b0:77:3a:19:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 28 08:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbedc8dc4a06dd86a3ab3ec3a886fe2d08bba3ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4b:88:99:31:f8:01:14:0f:55:8b:7a:f4:1e:
                    7b:2f:8c:da:3d:02:64:74:68:84:b6:ab:2e:19:7e:
                    bb:db:79:9c:26:60:e8:eb:05:49:3f:81:c1:76:9e:
                    fc:69:2c:89:8a:e1:fd:00:1a:c8:3a:98:85:1f:78:
                    00:51:50:72:17:26:bc:70:d3:4e:a5:46:28:3c:0c:
                    1c:ec:05:4d:f5:ca:d5:87:71:cd:9c:c8:12:cb:d0:
                    e8:28:6e:1a:b1:29:e4:d7:1f:b7:9a:bf:07:12:f9:
                    ca:72:85:97:7b:e9:99:58:dc:1c:67:29:51:2d:7f:
                    89:cc:51:83:7f:db:31:c7:89:b0:50:5b:e4:60:40:
                    b9:0f:02:e3:c5:ac:0c:f3:b2:48:fc:c1:01:3e:cc:
                    fb:fd:3f:d5:1e:86:51:ba:1f:de:dc:72:e5:a1:4c:
                    f7:4a:c8:ae:89:a6:d2:4c:13:d9:e1:c3:ab:64:96:
                    7d:e9:03:cd:01:18:ee:e9:f6:2e:53:84:4d:80:fd:
                    ae:5e:c8:82:2a:06:ca:96:36:ef:fc:2b:32:9b:c7:
                    67:06:54:41:aa:aa:7f:de:88:99:28:4f:80:8f:c0:
                    16:0d:4c:4e:42:94:4b:78:78:b4:82:29:8b:1e:b2:
                    fd:d7:31:d2:13:b5:b1:a4:3f:50:2a:c4:51:03:93:
                    21:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:ED:C8:DC:4A:06:DD:86:A3:AB:3E:C3:A8:86:FE:2D:08:BB:A3:AE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2-3I3EoG3Yajqz7DqIb-LQi7o64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.206.0/23
                  213.218.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:6c:26:2f:37:bf:13:06:60:19:94:42:ed:85:4f:f8:13:7d:
         4d:ee:87:21:09:62:82:3b:21:4d:7a:16:32:50:e1:f8:b2:26:
         52:b4:07:61:f2:d6:c9:b5:35:f6:4f:11:06:2e:ce:c1:0e:e4:
         f1:94:ca:e0:b7:a8:9c:95:cc:16:b1:76:b1:bb:9a:d4:c6:46:
         a8:98:7e:05:b1:d7:b0:60:6f:77:cf:15:eb:cb:6e:b6:6b:fa:
         f7:96:28:af:2f:68:65:a0:a0:64:69:92:e3:81:84:4c:54:df:
         cd:51:b6:70:47:f4:2d:a5:88:ec:33:a8:7d:17:53:09:eb:33:
         27:49:74:b4:0a:71:d3:19:96:be:e1:b7:57:b7:61:d9:47:ed:
         6e:b3:21:6a:58:93:f9:56:3d:52:b0:1a:9d:f9:3c:26:95:b0:
         9a:a6:49:c8:e5:5e:02:05:51:ab:a4:d0:e9:54:b6:42:22:07:
         95:9d:c5:be:00:11:54:37:d7:6f:2f:28:82:85:03:f4:f9:c8:
         d1:af:8c:53:03:25:1d:cc:ce:8e:bc:4e:69:c4:51:08:97:db:
         a7:b0:57:cd:7c:65:19:09:a0:95:4b:07:71:5c:30:e7:a5:d4:
         19:ca:eb:7e:e7:b3:f8:7a:37:f8:32:93:db:5c:38:f3:41:9d:
         5f:fb:dd:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ7l9gujFoP2OoTnLB3OhmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDI4MDg1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmVkYzhkYzRhMDZkZDg2YTNhYjNlYzNhODg2ZmUyZDA4YmJhM2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkuImTH4ARQPVYt69B57L4zaPQJk
dGiEtqsuGX6723mcJmDo6wVJP4HBdp78aSyJiuH9ABrIOpiFH3gAUVByFya8cNNO
pUYoPAwc7AVN9crVh3HNnMgSy9DoKG4asSnk1x+3mr8HEvnKcoWXe+mZWNwcZylR
LX+JzFGDf9sxx4mwUFvkYEC5DwLjxawM87JI/MEBPsz7/T/VHoZRuh/e3HLloUz3
SsiuiabSTBPZ4cOrZJZ96QPNARju6fYuU4RNgP2uXsiCKgbKljbv/Csym8dnBlRB
qqp/3oiZKE+Aj8AWDUxOQpRLeHi0gimLHrL91zHSE7WxpD9QKsRRA5MhQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNvtyNxKBt2Go6s+w6iG/i0Iu6OuMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMi0zSTNFb0czWWFqcXo3RHFJYi1MUWk3bzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWdXOAwQA
1drXMA0GCSqGSIb3DQEBCwUAA4IBAQBUbCYvN78TBmAZlELthU/4E31N7ochCWKC
OyFNehYyUOH4siZStAdh8tbJtTX2TxEGLs7BDuTxlMrgt6iclcwWsXaxu5rUxkao
mH4FsdewYG93zxXry262a/r3liivL2hloKBkaZLjgYRMVN/NUbZwR/QtpYjsM6h9
F1MJ6zMnSXS0CnHTGZa+4bdXt2HZR+1usyFqWJP5Vj1SsBqd+TwmlbCapknI5V4C
BVGrpNDpVLZCIgeVncW+ABFUN9dvLyiChQP0+cjRr4xTAyUdzM6OvE5pxFEIl9un
sFfNfGUZCaCVSwdxXDDnpdQZyut+57P4ejf4MpPbXDjzQZ1f+93c
-----END CERTIFICATE-----