Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/0_XinnQ2zrZ72DbLvdPNA8AZIeo.roa
File:                     0_XinnQ2zrZ72DbLvdPNA8AZIeo.roa (raw, json)
Hash identifier:          8daZqdo+cCjL0MXuZZTj/0dkooQ/fWTgJ+OzDNAZ5PE=
Subject key identifier:   D3:F5:E2:9E:74:36:CE:B6:7B:D8:36:CB:BD:D3:CD:03:C0:19:21:EA
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0198FE4D523AF751081C8E79BC67FB2B1475
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/0_XinnQ2zrZ72DbLvdPNA8AZIeo.roa
Signing time:             Sun 31 Aug 2025 04:05:36 +0000
ROA not before:           Sun 31 Aug 2025 04:05:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        89.106.89.0/24 maxlen: 24
                          178.18.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fe:4d:52:3a:f7:51:08:1c:8e:79:bc:67:fb:2b:14:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug 31 04:05:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3f5e29e7436ceb67bd836cbbdd3cd03c01921ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d1:25:39:fa:5c:84:12:73:ee:c8:32:e4:77:
                    38:77:de:39:2d:97:f7:5e:93:b0:1f:02:81:39:11:
                    d1:cb:bf:0f:ee:a3:7c:dc:1e:00:fb:7e:33:97:80:
                    21:0f:cc:7c:60:2b:21:bd:ea:7f:b3:2a:71:93:67:
                    98:4b:61:72:6d:2d:68:5d:24:c4:97:67:36:3f:37:
                    ed:da:de:49:13:63:ca:4d:fc:06:1a:c6:00:5e:da:
                    05:02:cc:dc:f1:8c:59:05:15:5e:66:d7:47:77:bf:
                    59:32:cc:38:c2:98:14:08:c9:c5:93:32:d3:18:44:
                    0f:17:b5:f4:fa:7a:d3:24:3b:f8:0b:33:75:69:55:
                    d8:5d:f8:3e:e6:d2:7f:1f:0b:1a:fe:10:73:3e:fc:
                    bd:42:3f:60:89:31:96:fd:d8:3d:76:93:c0:26:ef:
                    e4:78:1f:2e:9e:8d:f6:4c:69:e1:34:5f:c9:5c:0f:
                    9c:79:d5:f6:1f:74:e3:fd:ad:4b:ef:bc:12:4a:23:
                    16:cc:df:22:62:54:2d:6b:13:b7:84:3f:a0:c6:ed:
                    05:0a:e7:4d:5c:02:4d:1d:f5:57:89:cb:92:31:65:
                    01:81:61:b4:7c:8e:38:2b:dc:65:1d:41:be:91:fd:
                    c3:7c:4e:9c:95:ad:84:4b:05:b5:2d:eb:e9:4b:76:
                    1e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F5:E2:9E:74:36:CE:B6:7B:D8:36:CB:BD:D3:CD:03:C0:19:21:EA
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/0_XinnQ2zrZ72DbLvdPNA8AZIeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.89.0/24
                  178.18.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:93:2f:52:a9:ee:e5:76:8b:6b:38:ea:28:e7:e1:9b:66:67:
         f7:e5:93:5d:ab:6b:2d:9b:b6:90:46:fb:d4:51:7c:cc:14:4f:
         21:be:34:a2:3e:dc:ab:a4:51:e8:6b:48:c8:7c:9f:4c:2b:26:
         f3:0a:ab:e7:78:56:5e:7f:52:5c:e1:1e:d2:df:8e:e4:31:33:
         c4:42:bf:94:1a:dc:af:f5:65:90:76:28:e3:9d:61:5e:6a:c0:
         8e:c8:c3:eb:7f:c1:dc:6a:a4:df:5a:71:32:21:67:1b:00:45:
         0f:b5:ef:f6:7c:49:be:89:ed:e0:78:58:83:26:50:7d:fd:65:
         60:68:fa:44:f4:71:fc:c8:b1:ce:c1:2e:ef:f2:07:18:7d:84:
         24:ee:1a:9d:4d:9b:79:f1:38:e7:ca:41:6e:5b:3f:ac:10:96:
         80:87:1d:67:7b:9c:e0:95:0b:25:2a:ad:2f:0e:23:91:22:47:
         25:8a:21:5a:f5:46:3d:be:35:b3:ca:aa:3d:d5:0a:2a:c2:ac:
         06:57:90:3b:ed:ba:87:6b:6e:95:8d:7d:27:5e:a5:3e:d8:03:
         71:31:90:b6:ef:fc:a5:41:28:4a:1c:58:9b:f8:80:74:a7:68:
         05:7c:d7:fd:d1:1e:10:8a:7d:d9:7e:69:e9:1b:2c:c1:ed:34:
         d1:e9:db:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZj+TVI691EIHI55vGf7KxR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwODMxMDQwNTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Y1ZTI5ZTc0MzZjZWI2N2JkODM2Y2JiZGQzY2QwM2MwMTkyMWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNElOfpchBJz7sgy5Hc4d945LZf3
XpOwHwKBORHRy78P7qN83B4A+34zl4AhD8x8YCshvep/sypxk2eYS2FybS1oXSTE
l2c2Pzft2t5JE2PKTfwGGsYAXtoFAszc8YxZBRVeZtdHd79ZMsw4wpgUCMnFkzLT
GEQPF7X0+nrTJDv4CzN1aVXYXfg+5tJ/Hwsa/hBzPvy9Qj9giTGW/dg9dpPAJu/k
eB8uno32TGnhNF/JXA+cedX2H3Tj/a1L77wSSiMWzN8iYlQtaxO3hD+gxu0FCudN
XAJNHfVXicuSMWUBgWG0fI44K9xlHUG+kf3DfE6cla2ESwW1LevpS3YekwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNP14p50Ns62e9g2y73TzQPAGSHqMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMF9YaW5uUTJ6clo3MkRiTHZkUE5BOEFaSWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWpZAwQA
shKXMA0GCSqGSIb3DQEBCwUAA4IBAQC2ky9Sqe7ldotrOOoo5+GbZmf35ZNdq2st
m7aQRvvUUXzMFE8hvjSiPtyrpFHoa0jIfJ9MKybzCqvneFZef1Jc4R7S347kMTPE
Qr+UGtyv9WWQdijjnWFeasCOyMPrf8HcaqTfWnEyIWcbAEUPte/2fEm+ie3geFiD
JlB9/WVgaPpE9HH8yLHOwS7v8gcYfYQk7hqdTZt58TjnykFuWz+sEJaAhx1ne5zg
lQslKq0vDiORIkcliiFa9UY9vjWzyqo91QoqwqwGV5A77bqHa26VjX0nXqU+2ANx
MZC27/ylQShKHFib+IB0p2gFfNf90R4Qin3ZfmnpGyzB7TTR6duu
-----END CERTIFICATE-----