Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/zIb65ZJns3oX5PPTPawqhHAMsZU.roa
File:                     zIb65ZJns3oX5PPTPawqhHAMsZU.roa (raw, json)
Hash identifier:          74NPwbbyglVnvRUeHdKO7hXqs4rc+5TCbIoFZCGC0Pw=
Subject key identifier:   CC:86:FA:E5:92:67:B3:7A:17:E4:F3:D3:3D:AC:2A:84:70:0C:B1:95
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019807BF8577B3C3E0EEC12BA2F950AF1D72
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/zIb65ZJns3oX5PPTPawqhHAMsZU.roa
Signing time:             Mon 14 Jul 2025 07:04:08 +0000
ROA not before:           Mon 14 Jul 2025 07:04:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206848
IP address blocks:        89.249.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:07:bf:85:77:b3:c3:e0:ee:c1:2b:a2:f9:50:af:1d:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jul 14 07:04:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc86fae59267b37a17e4f3d33dac2a84700cb195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5b:ea:b0:50:0e:a1:57:f2:b4:58:75:f8:9e:
                    a1:a5:8a:5c:e8:83:db:40:d5:a6:e4:e4:27:b2:cb:
                    a7:41:ee:92:53:cc:66:27:71:05:31:e3:45:92:31:
                    2f:20:59:4e:82:39:56:82:51:58:d4:a5:46:c0:f1:
                    66:2f:31:5a:ca:b2:fa:6b:0a:29:42:de:3f:70:75:
                    1e:4f:e0:a6:d1:5c:2d:a0:c2:30:8c:98:f6:d1:ab:
                    b3:be:97:d1:98:5f:88:1b:2b:6f:76:f7:96:af:13:
                    7e:c2:25:6d:cf:14:31:e5:54:e9:dc:4f:db:8c:76:
                    5c:8c:d9:45:f6:60:f4:91:f7:10:71:65:65:8f:8f:
                    cd:e6:12:7c:7f:01:02:fc:12:e4:c1:eb:9d:4d:2e:
                    58:62:3b:49:69:c6:ce:dc:16:f8:70:22:4f:e2:0b:
                    9f:08:9c:6a:8a:05:48:c6:60:f8:31:19:79:05:8a:
                    1a:6c:78:9b:0b:00:3c:2f:3b:8d:1c:52:49:dd:2d:
                    b0:9e:c3:d6:6a:18:5b:85:4e:71:f0:01:d7:ec:2d:
                    cb:90:b0:bd:f1:2e:29:9e:ee:aa:94:71:6a:3e:fb:
                    86:85:bc:34:09:20:3c:0d:0d:a1:73:85:bd:70:1a:
                    b1:22:b2:50:6a:37:f9:49:68:e2:c3:b6:85:6b:b0:
                    24:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:86:FA:E5:92:67:B3:7A:17:E4:F3:D3:3D:AC:2A:84:70:0C:B1:95
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/zIb65ZJns3oX5PPTPawqhHAMsZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:de:50:da:3f:5b:e6:aa:86:13:0a:d2:a5:8f:60:d9:30:c9:
         9d:e4:08:bd:a3:eb:8f:05:ee:34:e7:dd:dc:88:71:7f:51:ac:
         22:40:41:56:92:45:47:f3:4d:26:6f:51:2a:21:c7:0a:6e:1b:
         5f:03:01:47:bd:d5:7a:c5:69:65:e6:f7:0d:6d:d5:fb:eb:b1:
         4b:76:3e:4c:4b:2a:7f:2d:7d:5b:4c:fc:20:55:6d:7f:78:22:
         cc:94:88:c1:d2:76:22:1b:55:c8:27:3f:d2:81:2e:e9:1c:28:
         c9:ea:49:3e:1c:19:1c:4a:aa:55:e0:60:da:cd:7d:53:56:84:
         e0:55:f7:a4:ff:04:49:09:17:84:88:15:34:60:17:a8:67:2f:
         79:79:35:de:0c:e3:28:64:f7:f0:74:07:8f:42:a4:cf:80:05:
         64:b3:55:2b:d4:4f:e7:be:c0:03:8b:26:1f:44:15:5e:21:ff:
         aa:a6:27:0b:e0:e8:be:2f:cf:0c:c4:96:c7:9d:54:0b:07:ab:
         92:f5:2d:4f:83:b5:d4:eb:a3:bf:57:56:fb:51:38:a0:a3:d5:
         0d:a5:a5:fc:e6:db:fd:bc:72:e2:33:fb:52:68:2c:ac:cf:51:
         1c:9a:aa:0f:71:b6:3b:11:ba:b8:61:11:7c:ad:f1:61:d3:aa:
         d2:a3:41:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgHv4V3s8Pg7sErovlQrx1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwNzE0MDcwNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzg2ZmFlNTkyNjdiMzdhMTdlNGYzZDMzZGFjMmE4NDcwMGNiMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVvqsFAOoVfytFh1+J6hpYpc6IPb
QNWm5OQnssunQe6SU8xmJ3EFMeNFkjEvIFlOgjlWglFY1KVGwPFmLzFayrL6awop
Qt4/cHUeT+Cm0VwtoMIwjJj20auzvpfRmF+IGytvdveWrxN+wiVtzxQx5VTp3E/b
jHZcjNlF9mD0kfcQcWVlj4/N5hJ8fwEC/BLkweudTS5YYjtJacbO3Bb4cCJP4guf
CJxqigVIxmD4MRl5BYoabHibCwA8LzuNHFJJ3S2wnsPWahhbhU5x8AHX7C3LkLC9
8S4pnu6qlHFqPvuGhbw0CSA8DQ2hc4W9cBqxIrJQajf5SWjiw7aFa7AkvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyG+uWSZ7N6F+Tz0z2sKoRwDLGVMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvekliNjVaSm5zM29YNVBQVFBhd3FoSEFNc1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnNMA0G
CSqGSIb3DQEBCwUAA4IBAQDS3lDaP1vmqoYTCtKlj2DZMMmd5Ai9o+uPBe40593c
iHF/UawiQEFWkkVH800mb1EqIccKbhtfAwFHvdV6xWll5vcNbdX767FLdj5MSyp/
LX1bTPwgVW1/eCLMlIjB0nYiG1XIJz/SgS7pHCjJ6kk+HBkcSqpV4GDazX1TVoTg
Vfek/wRJCReEiBU0YBeoZy95eTXeDOMoZPfwdAePQqTPgAVks1Ur1E/nvsADiyYf
RBVeIf+qpicL4Oi+L88MxJbHnVQLB6uS9S1Pg7XU66O/V1b7UTigo9UNpaX85tv9
vHLiM/tSaCysz1EcmqoPcbY7Ebq4YRF8rfFh06rSo0H7
-----END CERTIFICATE-----