Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/2H8bk0scnZWZCejbJpVwKzPODxU.roa
File:                     2H8bk0scnZWZCejbJpVwKzPODxU.roa (raw, json)
Hash identifier:          hMVwt69RjByg01GyzZs8pwlz2+q4Wpy8Ui3CHMqWQVM=
Subject key identifier:   D8:7F:1B:93:4B:1C:9D:95:99:09:E8:DB:26:95:70:2B:33:CE:0F:15
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       0196C992E88B16A7FFE5548E1FFC819559C2
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/2H8bk0scnZWZCejbJpVwKzPODxU.roa
Signing time:             Tue 13 May 2025 12:16:10 +0000
ROA not before:           Tue 13 May 2025 12:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25098
IP address blocks:        152.89.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:92:e8:8b:16:a7:ff:e5:54:8e:1f:fc:81:95:59:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: May 13 12:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d87f1b934b1c9d959909e8db2695702b33ce0f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:86:6c:7d:c1:fd:0b:0d:62:42:48:83:dd:7d:
                    aa:51:b6:b0:2b:e6:23:83:0a:f1:db:d6:af:e9:09:
                    78:08:ac:13:23:87:25:eb:da:7a:62:52:f9:02:63:
                    55:f0:2a:9c:b7:04:b4:9d:64:62:40:86:33:f1:f8:
                    eb:96:c3:f1:38:74:3a:9e:d9:6a:5b:23:9a:e9:aa:
                    57:23:60:c7:e8:82:7a:ee:f6:01:b7:d5:41:96:8e:
                    2c:1d:ce:88:d6:bd:19:2c:34:66:96:d1:d7:53:68:
                    5a:b4:b5:b3:7b:42:1b:41:39:46:8a:5e:ee:6b:b3:
                    45:08:46:aa:28:08:dc:8b:22:e5:68:30:2c:3e:d6:
                    d2:a6:f1:c4:7d:40:13:85:de:fd:aa:75:37:23:cd:
                    f5:81:78:ac:69:c8:03:99:cc:c4:88:5b:5d:21:8b:
                    64:46:ed:b9:21:47:e5:e0:4c:ba:eb:9b:0a:49:dd:
                    0d:e2:55:0e:ae:f8:2a:74:e5:75:de:f6:0b:8e:90:
                    fb:8c:c6:b5:e7:5a:ab:ea:8d:55:ba:70:3e:b4:da:
                    26:89:44:8d:e3:9b:a1:5c:5a:29:98:7f:5f:a1:18:
                    7d:a5:b9:7f:80:28:f8:94:42:e8:92:a6:09:70:69:
                    f0:2d:a8:61:8d:56:a2:fe:61:0b:86:be:a8:48:2a:
                    ac:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7F:1B:93:4B:1C:9D:95:99:09:E8:DB:26:95:70:2B:33:CE:0F:15
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/2H8bk0scnZWZCejbJpVwKzPODxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:72:1e:34:0d:80:74:81:75:94:e3:30:c8:d5:aa:f6:fb:8b:
         55:15:0d:bd:1c:79:e3:c0:35:a0:e7:45:26:62:51:17:8f:3e:
         46:5f:e5:45:e1:c4:a3:b6:ce:62:91:b1:3c:3c:59:b4:9e:5d:
         2f:fc:ce:55:ae:29:86:64:7f:ba:1b:78:94:5d:50:b2:65:cc:
         98:fb:81:1e:35:43:6c:e3:a2:c3:d3:d8:e9:e1:1b:93:3c:83:
         89:cf:d0:d7:ff:18:64:6c:de:30:84:16:95:7b:48:d6:72:e0:
         4d:06:de:be:3b:eb:04:44:b1:4c:3c:5f:4b:23:a0:da:7f:d7:
         fc:81:20:fc:32:e2:3b:74:14:7d:1e:64:a2:7f:a5:f0:7d:1f:
         71:3e:4c:4a:13:c2:dc:b3:40:c7:1e:57:29:16:5b:bf:a2:89:
         bb:75:9b:1d:01:11:f3:58:ac:72:ad:3f:42:c4:c0:f9:0b:02:
         54:dd:6d:da:b4:d9:f4:28:0b:3a:84:f3:31:5c:43:a5:40:ee:
         32:ed:13:1c:6b:4e:78:ae:7d:e6:fd:df:e0:e2:13:cd:41:fc:
         b5:9d:0c:dd:de:cc:b0:53:e7:bb:c3:8f:da:79:15:4d:e6:34:
         2e:fe:66:83:2b:b0:fe:b9:00:48:ab:d3:ea:27:ee:ae:e2:f4:
         4a:0e:64:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbJkuiLFqf/5VSOH/yBlVnCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjUwNTEzMTIxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdmMWI5MzRiMWM5ZDk1OTkwOWU4ZGIyNjk1NzAyYjMzY2UwZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4ZsfcH9Cw1iQkiD3X2qUbawK+Yj
gwrx29av6Ql4CKwTI4cl69p6YlL5AmNV8CqctwS0nWRiQIYz8fjrlsPxOHQ6ntlq
WyOa6apXI2DH6IJ67vYBt9VBlo4sHc6I1r0ZLDRmltHXU2hatLWze0IbQTlGil7u
a7NFCEaqKAjciyLlaDAsPtbSpvHEfUAThd79qnU3I831gXisacgDmczEiFtdIYtk
Ru25IUfl4Ey665sKSd0N4lUOrvgqdOV13vYLjpD7jMa151qr6o1VunA+tNomiUSN
45uhXFopmH9foRh9pbl/gCj4lELokqYJcGnwLahhjVai/mELhr6oSCqsKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNh/G5NLHJ2VmQno2yaVcCszzg8VMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvMkg4Ymswc2NuWldaQ2VqYkpwVndLelBPRHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmFkeMA0G
CSqGSIb3DQEBCwUAA4IBAQAdch40DYB0gXWU4zDI1ar2+4tVFQ29HHnjwDWg50Um
YlEXjz5GX+VF4cSjts5ikbE8PFm0nl0v/M5VrimGZH+6G3iUXVCyZcyY+4EeNUNs
46LD09jp4RuTPIOJz9DX/xhkbN4whBaVe0jWcuBNBt6+O+sERLFMPF9LI6Daf9f8
gSD8MuI7dBR9HmSif6XwfR9xPkxKE8Lcs0DHHlcpFlu/oom7dZsdARHzWKxyrT9C
xMD5CwJU3W3atNn0KAs6hPMxXEOlQO4y7RMca054rn3m/d/g4hPNQfy1nQzd3syw
U+e7w4/aeRVN5jQu/maDK7D+uQBIq9PqJ+6u4vRKDmRE
-----END CERTIFICATE-----