Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xrZwxuLRJc8OxwYvD82MQp6q9_U.roa
File:                     xrZwxuLRJc8OxwYvD82MQp6q9_U.roa (raw, json)
Hash identifier:          L2CgKUGRzjNBmOQQljr7/Buwk8sOARdeoMVcbv6lnj4=
Subject key identifier:   C6:B6:70:C6:E2:D1:25:CF:0E:C7:06:2F:0F:CD:8C:42:9E:AA:F7:F5
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0197DAE57E7317CD6DDD50C354433555372B
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xrZwxuLRJc8OxwYvD82MQp6q9_U.roa
Signing time:             Sat 05 Jul 2025 14:02:42 +0000
ROA not before:           Sat 05 Jul 2025 14:02:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58087
IP address blocks:        89.144.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 11:10:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:da:e5:7e:73:17:cd:6d:dd:50:c3:54:43:35:55:37:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul  5 14:02:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6b670c6e2d125cf0ec7062f0fcd8c429eaaf7f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8b:64:d0:85:5c:70:64:6b:ce:73:69:ce:02:
                    24:e0:b2:75:d4:44:84:f4:7c:04:af:44:d8:7c:6c:
                    8f:e8:2f:c1:0c:50:6a:18:c3:4a:d1:b9:41:24:86:
                    04:f7:8b:92:9b:c4:9a:38:cc:c4:79:14:fd:79:77:
                    98:81:e9:3a:aa:f5:f4:c7:6c:03:f7:43:7c:60:5b:
                    58:86:09:da:84:2b:c9:53:9c:80:a7:ec:0c:89:01:
                    42:a5:48:c5:99:df:28:30:f5:94:27:62:19:15:12:
                    a3:ec:10:f3:40:ac:0c:ef:83:79:d3:07:77:c0:ca:
                    a3:17:f2:c3:cb:7c:c7:75:55:d5:98:d6:5a:56:a4:
                    26:e4:02:94:61:9f:d9:9e:d4:0d:e7:a8:4f:ca:68:
                    dd:b2:a2:56:ab:94:86:d6:fb:02:c3:b6:06:78:91:
                    ae:56:19:e1:7a:3c:8d:68:e4:37:a3:a1:52:ad:2e:
                    2e:67:f6:33:95:b0:ab:01:53:09:c6:48:63:ac:64:
                    d7:88:1c:6c:b4:9f:28:5c:d7:5b:f2:fd:cf:59:2f:
                    32:f7:a2:20:fe:1b:54:54:62:90:ee:d6:55:ba:58:
                    ff:11:7d:fc:12:ad:2b:25:88:e3:56:f9:f4:c5:66:
                    37:8d:f0:49:a1:99:67:8a:eb:f0:ad:17:15:3c:3e:
                    e1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B6:70:C6:E2:D1:25:CF:0E:C7:06:2F:0F:CD:8C:42:9E:AA:F7:F5
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/xrZwxuLRJc8OxwYvD82MQp6q9_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:79:9e:1c:f2:01:a2:9a:55:ff:a8:0a:63:18:ca:05:bd:6d:
         1c:d4:75:b3:ec:88:68:5b:47:3a:02:11:5c:3a:8d:01:77:27:
         7f:44:b9:32:5b:f5:ce:db:ce:32:95:b0:74:84:27:31:27:1b:
         27:69:67:29:07:75:f7:95:87:97:15:e6:87:06:c9:d8:20:dd:
         2c:ba:64:1b:9c:bf:44:c5:b6:be:76:08:72:12:a5:bd:50:4f:
         04:51:85:1b:cc:d1:54:2e:ad:d8:25:46:39:2a:ba:14:8a:e5:
         d7:cf:a9:d6:02:b6:90:0c:e0:d3:74:7d:77:99:27:4a:65:00:
         69:47:4a:52:a1:d3:3f:c4:51:e2:6e:25:1d:64:0a:76:18:69:
         b0:b9:74:33:a5:0e:44:d5:49:d1:22:d9:8e:28:40:d6:2d:e7:
         bc:c3:5a:53:64:cf:dd:85:df:82:21:d2:9b:92:16:0b:38:14:
         fb:83:67:7f:e0:03:59:23:6e:f8:27:1b:f2:16:9b:41:cd:a3:
         a8:d1:af:64:28:2c:5e:26:ff:b5:57:cc:a5:2d:54:c3:20:90:
         5f:0e:25:b7:e3:a1:d7:b2:5a:74:63:5a:87:68:38:56:ae:56:
         e8:cd:3b:5a:83:63:f6:f5:5f:81:89:0a:d4:f2:57:a8:6d:35:
         cb:47:cf:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfa5X5zF81t3VDDVEM1VTcrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzA1MTQwMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmI2NzBjNmUyZDEyNWNmMGVjNzA2MmYwZmNkOGM0MjllYWFmN2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4tk0IVccGRrznNpzgIk4LJ11ESE
9HwEr0TYfGyP6C/BDFBqGMNK0blBJIYE94uSm8SaOMzEeRT9eXeYgek6qvX0x2wD
90N8YFtYhgnahCvJU5yAp+wMiQFCpUjFmd8oMPWUJ2IZFRKj7BDzQKwM74N50wd3
wMqjF/LDy3zHdVXVmNZaVqQm5AKUYZ/ZntQN56hPymjdsqJWq5SG1vsCw7YGeJGu
VhnhejyNaOQ3o6FSrS4uZ/YzlbCrAVMJxkhjrGTXiBxstJ8oXNdb8v3PWS8y96Ig
/htUVGKQ7tZVulj/EX38Eq0rJYjjVvn0xWY3jfBJoZlniuvwrRcVPD7hSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMa2cMbi0SXPDscGLw/NjEKeqvf1MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEveHJad3h1TFJKYzhPeHdZdkQ4Mk1RcDZxOV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZAlMA0G
CSqGSIb3DQEBCwUAA4IBAQDFeZ4c8gGimlX/qApjGMoFvW0c1HWz7IhoW0c6AhFc
Oo0Bdyd/RLkyW/XO284ylbB0hCcxJxsnaWcpB3X3lYeXFeaHBsnYIN0sumQbnL9E
xba+dghyEqW9UE8EUYUbzNFULq3YJUY5KroUiuXXz6nWAraQDODTdH13mSdKZQBp
R0pSodM/xFHibiUdZAp2GGmwuXQzpQ5E1UnRItmOKEDWLee8w1pTZM/dhd+CIdKb
khYLOBT7g2d/4ANZI274JxvyFptBzaOo0a9kKCxeJv+1V8ylLVTDIJBfDiW346HX
slp0Y1qHaDhWrlbozTtag2P29V+BiQrU8leobTXLR8/+
-----END CERTIFICATE-----