Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_zsW2rySEE7533EJUUbNgAFJ5kk.roa
File:                     _zsW2rySEE7533EJUUbNgAFJ5kk.roa (raw, json)
Hash identifier:          Tj/86NeAJIQY7DXN5EHjhm4zfaZapbgKnJTWe4/Zhjc=
Subject key identifier:   FF:3B:16:DA:BC:92:10:4E:F9:DF:71:09:51:46:CD:80:01:49:E6:49
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0195FBFF56FC6BA91A1F437080588F4F1BB9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_zsW2rySEE7533EJUUbNgAFJ5kk.roa
Signing time:             Thu 03 Apr 2025 14:12:50 +0000
ROA not before:           Thu 03 Apr 2025 14:12:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        89.213.0.0/22 maxlen: 24
                          194.105.76.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fb:ff:56:fc:6b:a9:1a:1f:43:70:80:58:8f:4f:1b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  3 14:12:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff3b16dabc92104ef9df71095146cd800149e649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c2:5e:19:2b:aa:88:84:d3:ba:fc:9e:dd:83:
                    89:5d:83:b7:ff:d6:ab:88:d8:e8:7a:6a:fe:81:cb:
                    4c:d9:85:2f:5f:0d:82:d3:dd:16:ef:e5:de:a6:01:
                    b6:b9:1e:d3:43:d8:7b:61:ed:ac:f0:85:f2:d8:48:
                    45:72:a6:c0:01:83:6d:1a:88:69:6a:4e:0b:37:bf:
                    b2:a5:ab:66:2f:b8:ec:f5:97:bf:e1:96:28:e1:42:
                    36:0b:c2:36:24:9c:e6:e3:dd:03:30:ae:8b:c5:dd:
                    6d:c3:8e:fd:af:61:4e:32:0f:88:8c:ec:79:36:d1:
                    59:9f:ff:97:1c:88:09:b2:ed:24:98:aa:4e:06:3c:
                    df:48:a0:80:92:05:b9:bc:6e:e6:8e:bd:50:9d:b3:
                    9e:f9:3c:a0:5c:c6:13:3c:21:7a:38:e2:8b:a9:c5:
                    7f:5d:48:9f:a8:3d:f7:95:87:84:5e:56:da:79:56:
                    47:30:ae:32:65:47:b4:18:ba:5d:b8:d0:f5:45:ec:
                    3c:b7:c5:41:61:4b:80:e0:1d:dd:65:f6:29:e9:53:
                    9d:53:e6:9e:ab:b5:e2:be:4d:b5:ff:ae:49:23:c9:
                    9d:65:90:7d:b7:11:65:5c:8e:5b:19:60:2b:43:5e:
                    a4:83:88:e8:fc:98:26:b0:0f:86:d9:23:d8:f3:94:
                    33:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:3B:16:DA:BC:92:10:4E:F9:DF:71:09:51:46:CD:80:01:49:E6:49
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_zsW2rySEE7533EJUUbNgAFJ5kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.0.0/22
                  194.105.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:6e:a3:05:24:59:12:05:86:42:7f:39:5b:e2:be:b6:f1:7d:
         2c:9e:eb:fc:1c:cf:27:93:79:b3:10:c4:8d:ac:80:c7:84:8f:
         d6:9f:fb:27:fb:38:df:70:d3:7a:07:93:9c:4d:d4:95:c2:f1:
         dd:c2:36:51:bd:bf:40:9a:bd:7d:e9:fc:47:06:55:5f:cd:75:
         60:ca:2c:1c:35:0c:d7:04:5d:e4:b1:7a:de:d5:fb:e2:1f:55:
         22:f6:c3:c2:e4:75:2c:13:33:b9:b5:d5:96:45:5c:04:e6:10:
         47:63:89:62:0b:a0:1b:1c:f2:5b:59:9f:2e:a1:6e:9f:49:09:
         85:2a:07:7a:51:0e:26:cb:6f:3b:2c:49:b1:8d:ae:e7:6d:50:
         74:03:53:4b:85:0f:3d:03:16:0c:fc:7d:fd:8e:f2:07:60:24:
         18:6a:37:99:cf:40:5b:47:1e:b9:35:ab:08:f9:b2:bc:1c:e3:
         f2:5b:7a:6b:97:f5:5a:ff:36:25:44:d1:58:61:48:28:5e:4a:
         66:a1:e4:92:a2:5f:03:90:f4:d8:bf:dd:26:d1:82:2c:df:6d:
         f8:bc:9f:53:0b:37:ec:71:9b:47:43:36:ca:a0:24:95:db:7f:
         e8:3b:b9:6d:dd:c5:6f:00:c3:b7:b6:fb:c2:b9:65:ec:2e:a0:
         72:99:a1:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZX7/1b8a6kaH0NwgFiPTxu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDAzMTQxMjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjNiMTZkYWJjOTIxMDRlZjlkZjcxMDk1MTQ2Y2Q4MDAxNDllNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMJeGSuqiITTuvye3YOJXYO3/9ar
iNjoemr+gctM2YUvXw2C090W7+XepgG2uR7TQ9h7Ye2s8IXy2EhFcqbAAYNtGohp
ak4LN7+ypatmL7js9Ze/4ZYo4UI2C8I2JJzm490DMK6Lxd1tw479r2FOMg+IjOx5
NtFZn/+XHIgJsu0kmKpOBjzfSKCAkgW5vG7mjr1QnbOe+TygXMYTPCF6OOKLqcV/
XUifqD33lYeEXlbaeVZHMK4yZUe0GLpduND1Rew8t8VBYUuA4B3dZfYp6VOdU+ae
q7Xivk21/65JI8mdZZB9txFlXI5bGWArQ16kg4jo/JgmsA+G2SPY85QziwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP87Ftq8khBO+d9xCVFGzYABSeZJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX3pzVzJyeVNFRTc1MzNFSlVVYk5nQUZKNWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWdUAAwQC
wmlMMA0GCSqGSIb3DQEBCwUAA4IBAQA5bqMFJFkSBYZCfzlb4r628X0snuv8HM8n
k3mzEMSNrIDHhI/Wn/sn+zjfcNN6B5OcTdSVwvHdwjZRvb9Amr196fxHBlVfzXVg
yiwcNQzXBF3ksXre1fviH1Ui9sPC5HUsEzO5tdWWRVwE5hBHY4liC6AbHPJbWZ8u
oW6fSQmFKgd6UQ4my287LEmxja7nbVB0A1NLhQ89AxYM/H39jvIHYCQYajeZz0Bb
Rx65NasI+bK8HOPyW3prl/Va/zYlRNFYYUgoXkpmoeSSol8DkPTYv90m0YIs3234
vJ9TCzfscZtHQzbKoCSV23/oO7lt3cVvAMO3tvvCuWXsLqBymaHQ
-----END CERTIFICATE-----