Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/BNA4ARff29zCBfR6242MtTb6TGg.roa
File:                     BNA4ARff29zCBfR6242MtTb6TGg.roa (raw, json)
Hash identifier:          tJrTcm7xH3ApI498oc2nbD1Dbkv2EhPah1ZZUS9A5bs=
Subject key identifier:   04:D0:38:01:17:DF:DB:DC:C2:05:F4:7A:DB:8D:8C:B5:36:FA:4C:68
Certificate issuer:       /CN=2ca37da970c466457583bbe02b2a0e72fbdc6328
Certificate serial:       01966D0F23E1043D29340CF59911F878F9F7
Authority key identifier: 2C:A3:7D:A9:70:C4:66:45:75:83:BB:E0:2B:2A:0E:72:FB:DC:63:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/BNA4ARff29zCBfR6242MtTb6TGg.roa
Signing time:             Fri 25 Apr 2025 13:07:10 +0000
ROA not before:           Fri 25 Apr 2025 13:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209372
IP address blocks:        80.89.0.0/24 maxlen: 24
                          80.89.1.0/24 maxlen: 24
                          80.89.2.0/24 maxlen: 24
                          80.89.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6d:0f:23:e1:04:3d:29:34:0c:f5:99:11:f8:78:f9:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ca37da970c466457583bbe02b2a0e72fbdc6328
        Validity
            Not Before: Apr 25 13:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04d0380117dfdbdcc205f47adb8d8cb536fa4c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:96:80:f9:60:a8:cc:a9:a7:8c:ad:5c:ed:c8:
                    a5:ec:b1:ed:c1:16:08:0a:e4:62:20:1b:36:1a:9b:
                    08:09:dc:2d:bf:92:e4:71:f6:d1:3c:ed:13:57:47:
                    55:9f:7b:76:48:42:09:a6:9b:b2:c0:34:a0:19:17:
                    53:46:a9:2d:e2:2e:c9:c8:64:7d:69:ed:a7:b4:77:
                    c0:0a:f6:4c:e4:67:e1:fd:89:47:c5:3a:91:b6:a0:
                    20:35:1d:a2:6a:9e:6b:a1:23:f5:93:04:27:0f:12:
                    77:1e:d5:23:ef:9a:3b:b9:18:c0:2d:a2:5c:34:e0:
                    72:c5:f3:dc:0b:19:3a:ac:e0:72:1a:df:64:66:7c:
                    8c:08:eb:55:65:20:ab:82:02:cd:fa:52:c1:ee:7f:
                    de:65:ea:70:20:eb:73:d0:a6:23:ab:3d:bf:2e:b3:
                    12:23:c8:2f:29:59:8e:2c:6f:63:ed:fe:ee:47:b3:
                    fc:a1:c6:ba:b4:7d:d0:5f:da:8b:0e:9f:ad:f9:db:
                    1b:57:f8:ff:8d:c7:9a:75:3d:fb:ef:d0:ce:20:87:
                    a3:8f:24:39:fa:b0:23:44:cc:59:b1:6c:6f:79:e0:
                    ca:e8:04:cb:2b:7f:fa:28:20:f7:bf:4c:20:cf:b1:
                    86:9b:9f:f3:ad:64:25:70:4a:f3:59:9b:4f:8c:79:
                    51:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:D0:38:01:17:DF:DB:DC:C2:05:F4:7A:DB:8D:8C:B5:36:FA:4C:68
            X509v3 Authority Key Identifier:
                keyid:2C:A3:7D:A9:70:C4:66:45:75:83:BB:E0:2B:2A:0E:72:FB:DC:63:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/BNA4ARff29zCBfR6242MtTb6TGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.0.0-80.89.2.255
                  80.89.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:d9:be:bc:93:16:0d:6b:65:27:f9:9f:5e:ee:68:e3:3f:62:
         3b:76:6a:0f:08:a4:17:b2:3c:e6:9d:8d:ca:50:d0:f5:3b:e6:
         21:ed:72:f0:d7:07:c6:65:be:9c:1a:52:e5:99:76:61:5e:81:
         9a:0f:4a:6c:c8:0b:ff:e2:89:d4:60:97:9f:65:36:4b:05:5f:
         2d:3c:6b:17:c9:9b:fe:d7:d4:66:37:69:34:f1:c4:ad:8e:3f:
         24:ff:91:bb:72:c8:e2:b8:e1:60:38:7f:03:07:27:99:8d:69:
         8e:07:aa:5c:99:b4:8c:47:13:10:f6:25:b4:6c:96:ec:cc:c4:
         0e:f1:88:a0:16:9d:e1:a4:4f:ae:dd:a0:2d:1a:fc:c0:45:40:
         c0:20:ac:53:8e:23:28:bf:1d:9c:6c:b6:b1:1d:74:6f:d4:77:
         1f:6e:7b:5e:52:c6:32:30:66:2f:97:31:e8:76:f5:8a:6a:4d:
         5f:a9:3d:e6:81:dc:13:2e:9a:ea:27:12:e3:ab:0a:95:e6:ac:
         68:2d:a9:15:8a:ca:94:e6:d4:0c:12:da:a6:e5:bb:f4:74:77:
         b4:ea:99:60:74:1c:be:02:58:1a:81:83:4a:6a:99:72:5b:f9:
         5c:87:c9:21:f2:1e:e7:c7:5d:d6:e1:99:3e:7f:ff:6a:19:0c:
         75:a2:a0:53
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZZtDyPhBD0pNAz1mRH4ePn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYTM3ZGE5NzBjNDY2NDU3NTgzYmJlMDJiMmEwZTcyZmJk
YzYzMjgwHhcNMjUwNDI1MTMwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGQwMzgwMTE3ZGZkYmRjYzIwNWY0N2FkYjhkOGNiNTM2ZmE0YzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJaA+WCozKmnjK1c7cil7LHtwRYI
CuRiIBs2GpsICdwtv5LkcfbRPO0TV0dVn3t2SEIJppuywDSgGRdTRqkt4i7JyGR9
ae2ntHfACvZM5Gfh/YlHxTqRtqAgNR2iap5roSP1kwQnDxJ3HtUj75o7uRjALaJc
NOByxfPcCxk6rOByGt9kZnyMCOtVZSCrggLN+lLB7n/eZepwIOtz0KYjqz2/LrMS
I8gvKVmOLG9j7f7uR7P8oca6tH3QX9qLDp+t+dsbV/j/jceadT3779DOIIejjyQ5
+rAjRMxZsWxveeDK6ATLK3/6KCD3v0wgz7GGm5/zrWQlcErzWZtPjHlR/wIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFATQOAEX39vcwgX0etuNjLU2+kxoMB8GA1UdIwQY
MBaAFCyjfalwxGZFdYO74CsqDnL73GMoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEtOOXFYREVaa1YxZzd2Z0t5b09jdnZjWXlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yNDkyZmQtNmUzNy00NTgyLTg0ZTgt
OGNhMjVmNDg4ZWJmLzEvQk5BNEFSZmYyOXpDQmZSNjI0Mk10VGI2VEdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yNDkyZmQtNmUzNy00NTgyLTg0ZTgtOGNhMjVmNDg4ZWJm
LzEvTEtOOXFYREVaa1YxZzd2Z0t5b09jdnZjWXlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwBQWQME
AFBZAgMEAlBZBDANBgkqhkiG9w0BAQsFAAOCAQEAXdm+vJMWDWtlJ/mfXu5o4z9i
O3ZqDwikF7I85p2NylDQ9TvmIe1y8NcHxmW+nBpS5Zl2YV6Bmg9KbMgL/+KJ1GCX
n2U2SwVfLTxrF8mb/tfUZjdpNPHErY4/JP+Ru3LI4rjhYDh/AwcnmY1pjgeqXJm0
jEcTEPYltGyW7MzEDvGIoBad4aRPrt2gLRr8wEVAwCCsU44jKL8dnGy2sR10b9R3
H257XlLGMjBmL5cx6Hb1impNX6k95oHcEy6a6icS46sKleasaC2pFYrKlObUDBLa
puW79HR3tOqZYHQcvgJYGoGDSmqZclv5XIfJIfIe58dd1uGZPn//ahkMdaKgUw==
-----END CERTIFICATE-----