Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/h3q6Qj8JBMCKb_tTvQznlw8o0Wc.roa
File:                     h3q6Qj8JBMCKb_tTvQznlw8o0Wc.roa (raw, json)
Hash identifier:          WNdsK7uEhxqoP7z7kKHpiLmq51mI3TZtcyVQNDjYcyk=
Subject key identifier:   87:7A:BA:42:3F:09:04:C0:8A:6F:FB:53:BD:0C:E7:97:0F:28:D1:67
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019822E2CD6E49CD96F8779858E5B82791CD
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/h3q6Qj8JBMCKb_tTvQznlw8o0Wc.roa
Signing time:             Sat 19 Jul 2025 13:32:25 +0000
ROA not before:           Sat 19 Jul 2025 13:32:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213622
IP address blocks:        89.106.65.0/24 maxlen: 24
                          185.121.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 11:10:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:22:e2:cd:6e:49:cd:96:f8:77:98:58:e5:b8:27:91:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 19 13:32:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=877aba423f0904c08a6ffb53bd0ce7970f28d167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:30:98:70:da:52:d2:e3:a9:4c:15:56:52:96:
                    39:24:a7:01:57:5c:68:2f:66:76:51:4f:bc:eb:72:
                    9e:99:a5:b7:09:9f:4a:50:a9:07:0d:26:5d:81:29:
                    75:fa:16:70:22:13:88:9c:05:06:66:00:ec:bf:79:
                    21:42:cd:06:20:a3:76:16:35:ab:cf:56:b6:67:5b:
                    79:ff:6d:d7:91:04:a0:e2:31:95:6a:57:d9:6b:98:
                    b1:da:9f:b4:f2:65:90:90:e9:00:61:09:36:5a:b3:
                    ae:5e:7e:e2:b9:31:30:fe:94:50:72:5b:80:0a:db:
                    cd:e7:44:34:fb:95:c3:4c:d0:b7:08:61:df:74:cf:
                    82:81:78:40:0b:e1:a8:05:04:30:1c:51:5c:07:ef:
                    39:da:9d:30:3e:a6:b7:5a:ae:c9:ef:62:20:93:55:
                    ca:a5:cd:25:c7:56:9d:70:ca:31:db:a8:23:51:4e:
                    08:d5:20:a0:47:41:fe:48:76:ff:35:87:57:ca:e6:
                    2f:8c:2a:b1:4b:d4:cb:a0:51:cd:28:0f:e7:3c:cf:
                    e0:aa:5c:94:29:99:fb:18:e1:63:45:71:55:d5:94:
                    6d:49:b0:62:d9:a7:a9:f1:7a:ab:9c:9e:2f:78:5e:
                    d5:ad:4f:ac:22:8a:9a:33:3e:1a:45:3b:bf:bb:39:
                    99:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:7A:BA:42:3F:09:04:C0:8A:6F:FB:53:BD:0C:E7:97:0F:28:D1:67
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/h3q6Qj8JBMCKb_tTvQznlw8o0Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.65.0/24
                  185.121.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:e5:08:4a:03:67:bc:b0:7c:79:e1:cc:49:36:ff:3c:70:18:
         6e:6c:ec:01:b8:28:9e:9a:2e:04:17:0d:02:76:12:36:83:3c:
         26:be:1d:16:a5:13:de:f3:00:0e:af:84:05:46:da:e7:0e:06:
         d7:42:8c:f5:04:c7:9d:0c:8e:36:3a:d3:9b:6a:67:fd:ec:f9:
         62:38:c1:e9:ee:3e:7d:6e:78:e9:ed:82:2d:a4:6d:04:f0:ee:
         6b:b0:d2:49:bd:1b:fb:fa:bb:1b:fc:9f:40:a6:16:1c:1b:cd:
         72:74:b1:04:25:d1:cf:87:dc:69:47:0e:fe:5a:47:e8:4d:d5:
         60:dd:20:6b:48:b3:76:96:d8:17:91:da:5f:d9:2c:10:b8:81:
         df:12:68:8f:9e:09:e5:28:8f:41:f4:ec:09:64:41:0d:90:77:
         b4:5c:93:a1:39:50:96:90:a2:b7:6a:92:91:89:92:73:e4:dd:
         33:d7:98:21:40:e0:f5:14:cd:de:f7:7a:d0:bf:d0:97:dd:1c:
         20:53:be:fc:18:ee:78:dc:23:7c:f3:1d:99:35:d1:b4:a8:8a:
         78:1c:26:ee:ce:3f:7e:f4:92:fb:a8:7b:c2:8e:68:5e:61:78:
         2b:81:87:97:ce:33:51:26:29:8e:1b:98:f8:5a:c7:15:a4:2e:
         c8:44:84:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgi4s1uSc2W+HeYWOW4J5HNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzE5MTMzMjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzdhYmE0MjNmMDkwNGMwOGE2ZmZiNTNiZDBjZTc5NzBmMjhkMTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTCYcNpS0uOpTBVWUpY5JKcBV1xo
L2Z2UU+863KemaW3CZ9KUKkHDSZdgSl1+hZwIhOInAUGZgDsv3khQs0GIKN2FjWr
z1a2Z1t5/23XkQSg4jGValfZa5ix2p+08mWQkOkAYQk2WrOuXn7iuTEw/pRQcluA
CtvN50Q0+5XDTNC3CGHfdM+CgXhAC+GoBQQwHFFcB+852p0wPqa3Wq7J72Igk1XK
pc0lx1adcMox26gjUU4I1SCgR0H+SHb/NYdXyuYvjCqxS9TLoFHNKA/nPM/gqlyU
KZn7GOFjRXFV1ZRtSbBi2aep8XqrnJ4veF7VrU+sIoqaMz4aRTu/uzmZvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFId6ukI/CQTAim/7U70M55cPKNFnMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvaDNxNlFqOEpCTUNLYl90VHZRem5sdzhvMFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWpBAwQA
uXlFMA0GCSqGSIb3DQEBCwUAA4IBAQCD5QhKA2e8sHx54cxJNv88cBhubOwBuCie
mi4EFw0CdhI2gzwmvh0WpRPe8wAOr4QFRtrnDgbXQoz1BMedDI42OtObamf97Pli
OMHp7j59bnjp7YItpG0E8O5rsNJJvRv7+rsb/J9AphYcG81ydLEEJdHPh9xpRw7+
WkfoTdVg3SBrSLN2ltgXkdpf2SwQuIHfEmiPngnlKI9B9OwJZEENkHe0XJOhOVCW
kKK3apKRiZJz5N0z15ghQOD1FM3e93rQv9CX3RwgU778GO543CN88x2ZNdG0qIp4
HCbuzj9+9JL7qHvCjmheYXgrgYeXzjNRJimOG5j4WscVpC7IRIRw
-----END CERTIFICATE-----