Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/yebH21wz0UoiLUENCKHjTAUkYbM.roa
File:                     yebH21wz0UoiLUENCKHjTAUkYbM.roa (raw, json)
Hash identifier:          Z0sIDskTBFcR8WDSuh+x4cZ2AIdCkHpWosCpjhaCySw=
Subject key identifier:   C9:E6:C7:DB:5C:33:D1:4A:22:2D:41:0D:08:A1:E3:4C:05:24:61:B3
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0197DA512DFFD5605EDDFCE64D6FDF3D0E8F
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/yebH21wz0UoiLUENCKHjTAUkYbM.roa
Signing time:             Sat 05 Jul 2025 11:20:42 +0000
ROA not before:           Sat 05 Jul 2025 11:20:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47392
IP address blocks:        89.144.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:da:51:2d:ff:d5:60:5e:dd:fc:e6:4d:6f:df:3d:0e:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul  5 11:20:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9e6c7db5c33d14a222d410d08a1e34c052461b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:fa:10:f6:95:87:91:e5:47:ac:a7:3f:25:f5:
                    a8:5a:e9:7a:4f:6d:66:49:40:66:df:9b:cf:33:10:
                    05:28:98:6d:1d:8a:2a:f7:71:3a:a7:80:51:51:39:
                    03:6e:e4:1b:b8:d3:e3:1f:31:88:08:63:68:78:0e:
                    c5:7d:70:6c:b2:19:c3:0d:0b:21:c1:41:bd:6d:99:
                    82:d3:19:02:af:c8:f0:df:36:c6:cb:f5:8e:b5:4e:
                    01:dc:e6:66:f1:e5:0b:b1:33:9c:bb:bb:22:60:ed:
                    d4:96:e5:c2:c2:3e:03:5a:f7:49:5b:25:a3:8a:9a:
                    44:fe:f5:03:88:e8:2b:6e:60:4f:15:16:35:5d:ff:
                    b9:5c:3e:5a:06:6e:f1:3f:40:68:a4:9c:98:51:a1:
                    a8:74:8a:20:39:d1:33:71:a6:83:ec:23:d3:ff:4a:
                    77:c3:50:0e:40:c3:12:0e:24:1d:f9:fe:96:31:4d:
                    f4:6f:f8:30:1c:d6:ff:24:ba:51:97:09:81:91:58:
                    3c:25:bc:b3:35:8a:d1:12:b3:fc:f3:a2:2d:54:50:
                    aa:93:a3:6b:4b:5c:1b:84:6e:dd:8d:14:5c:5d:92:
                    94:e3:ce:94:28:7f:08:26:d6:7b:79:58:f6:cf:4e:
                    54:00:ab:f0:4d:56:0a:08:6c:40:52:6b:66:cd:0b:
                    5f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E6:C7:DB:5C:33:D1:4A:22:2D:41:0D:08:A1:E3:4C:05:24:61:B3
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/yebH21wz0UoiLUENCKHjTAUkYbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:73:b7:d9:88:1a:bc:a8:fd:15:34:4b:0b:5e:9f:73:40:b4:
         ab:be:f2:e4:8f:a0:ab:ae:bc:41:e7:14:9a:d9:da:9b:03:8c:
         0b:d6:2f:4e:2f:f6:c0:09:14:a1:d8:15:a7:2f:0a:b0:52:ef:
         9a:89:f4:23:61:b7:b4:c4:2f:8c:2a:72:d3:79:78:4b:29:6f:
         b4:a6:8a:cb:0f:0b:23:a3:ec:a1:77:fd:9b:64:9e:9f:72:6c:
         e6:1a:fd:85:c6:8f:a3:fb:be:fd:da:c6:dc:2b:b5:0d:c7:31:
         38:04:75:c5:f2:02:e9:98:ef:cf:3f:60:e6:75:65:ab:81:1f:
         64:34:b9:bc:fb:9c:7b:5a:06:b8:14:ad:47:6e:75:69:de:36:
         d8:0e:68:c2:96:f4:1c:57:06:b2:da:8b:80:66:89:c3:d8:d2:
         ee:15:e8:20:c6:02:0c:80:c1:d2:cb:9a:6d:02:eb:70:b3:6c:
         22:f6:0d:1f:86:4a:00:f6:e6:c3:86:05:17:b5:1d:fc:3c:1d:
         f6:fb:c4:0d:90:e3:31:1b:01:65:dc:1b:35:41:d1:cb:38:2c:
         9f:a4:51:4a:56:0a:16:52:f0:5c:49:d0:39:05:4d:ec:b3:46:
         ec:f8:89:ac:98:3b:76:3d:0a:90:6d:a1:31:91:25:97:62:6b:
         7a:0e:89:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfaUS3/1WBe3fzmTW/fPQ6PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzA1MTEyMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWU2YzdkYjVjMzNkMTRhMjIyZDQxMGQwOGExZTM0YzA1MjQ2MWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1voQ9pWHkeVHrKc/JfWoWul6T21m
SUBm35vPMxAFKJhtHYoq93E6p4BRUTkDbuQbuNPjHzGICGNoeA7FfXBsshnDDQsh
wUG9bZmC0xkCr8jw3zbGy/WOtU4B3OZm8eULsTOcu7siYO3UluXCwj4DWvdJWyWj
ippE/vUDiOgrbmBPFRY1Xf+5XD5aBm7xP0BopJyYUaGodIogOdEzcaaD7CPT/0p3
w1AOQMMSDiQd+f6WMU30b/gwHNb/JLpRlwmBkVg8JbyzNYrRErP886ItVFCqk6Nr
S1wbhG7djRRcXZKU486UKH8IJtZ7eVj2z05UAKvwTVYKCGxAUmtmzQtf8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnmx9tcM9FKIi1BDQih40wFJGGzMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEveWViSDIxd3owVW9pTFVFTkNLSGpUQVVrWWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZAoMA0G
CSqGSIb3DQEBCwUAA4IBAQCCc7fZiBq8qP0VNEsLXp9zQLSrvvLkj6CrrrxB5xSa
2dqbA4wL1i9OL/bACRSh2BWnLwqwUu+aifQjYbe0xC+MKnLTeXhLKW+0porLDwsj
o+yhd/2bZJ6fcmzmGv2Fxo+j+7792sbcK7UNxzE4BHXF8gLpmO/PP2DmdWWrgR9k
NLm8+5x7Wga4FK1HbnVp3jbYDmjClvQcVway2ouAZonD2NLuFeggxgIMgMHSy5pt
Autws2wi9g0fhkoA9ubDhgUXtR38PB32+8QNkOMxGwFl3Bs1QdHLOCyfpFFKVgoW
UvBcSdA5BU3ss0bs+ImsmDt2PQqQbaExkSWXYmt6Dol3
-----END CERTIFICATE-----