Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/z_F3eZPtphqpXf_B7RZ4t8rRcAw.roa
File:                     z_F3eZPtphqpXf_B7RZ4t8rRcAw.roa (raw, json)
Hash identifier:          CRnPIsnZf64ThYvuup5THfnyETtp12ZJqAtj5gO1A74=
Subject key identifier:   CF:F1:77:79:93:ED:A6:1A:A9:5D:FF:C1:ED:16:78:B7:CA:D1:70:0C
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019735BEFA89B59478F7F0DD0ACC312149ED
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/z_F3eZPtphqpXf_B7RZ4t8rRcAw.roa
Signing time:             Tue 03 Jun 2025 12:23:17 +0000
ROA not before:           Tue 03 Jun 2025 12:23:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        89.251.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 10:52:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:be:fa:89:b5:94:78:f7:f0:dd:0a:cc:31:21:49:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jun  3 12:23:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cff1777993eda61aa95dffc1ed1678b7cad1700c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:78:fc:3b:92:f0:32:5e:a1:ba:5e:af:b3:2a:
                    96:48:3a:c2:c3:8f:fc:9c:2c:e9:67:7d:5d:37:60:
                    ac:8c:20:a5:16:d5:0e:03:72:2c:ca:cf:5d:a5:5e:
                    dc:77:8e:16:44:9d:cd:bd:7a:74:d9:4b:ef:c0:db:
                    f6:79:31:2a:af:dd:7f:2d:3b:8f:9c:7c:e8:d7:86:
                    28:6e:90:d5:5c:3c:b2:c3:05:d6:e9:ff:71:6d:03:
                    e7:b6:a8:ad:f7:f8:8c:a3:bb:62:d2:3a:6b:54:3f:
                    b9:02:14:72:12:c5:25:f4:e7:f0:19:a1:f4:c0:ac:
                    78:2d:7e:8a:6c:d7:0f:54:6b:7d:55:44:41:9d:6b:
                    c7:17:bc:dc:19:b2:16:69:2e:54:4c:45:7d:17:c0:
                    7b:32:65:79:38:9c:bd:6e:53:93:1f:c9:8a:51:a7:
                    c7:0b:2b:09:4a:2e:60:c3:e2:56:16:da:69:82:54:
                    c8:fa:57:ae:b1:0d:2f:9f:05:b2:c2:d4:cf:31:c0:
                    41:90:69:5c:1d:30:05:47:cc:72:f1:88:65:58:d3:
                    44:90:51:c0:8f:f8:5b:7a:82:9b:dd:4d:c0:a4:43:
                    b9:e7:48:9a:01:96:73:5a:59:1d:f6:21:09:7f:c6:
                    4f:61:58:e8:9f:15:8e:c4:c4:54:95:06:75:ea:54:
                    78:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:F1:77:79:93:ED:A6:1A:A9:5D:FF:C1:ED:16:78:B7:CA:D1:70:0C
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/z_F3eZPtphqpXf_B7RZ4t8rRcAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:e5:2d:76:54:a7:cb:08:82:bc:ba:da:4d:b7:ed:2c:3e:2d:
         c4:70:bd:5d:95:bc:3f:77:20:60:f9:5a:21:d2:c4:a9:2a:24:
         e2:7c:6e:c0:9b:7e:16:aa:f7:e4:f5:05:89:3c:59:8b:a6:ce:
         1a:f9:07:39:03:04:d4:47:b4:77:73:7b:e5:5f:8e:22:fa:20:
         4c:b7:27:f6:6e:20:e4:66:a4:ac:61:fe:2a:bc:b6:9e:4a:72:
         ac:ac:c9:3f:6b:13:48:d8:e7:35:b5:76:10:eb:e6:e5:fe:60:
         90:45:3b:ce:ec:85:e3:c7:e2:ba:42:16:5b:ed:58:51:b1:30:
         6e:e9:00:b6:23:96:5f:87:16:d8:d3:19:f6:69:f8:5e:fd:92:
         de:e7:39:ba:73:48:04:0b:af:65:45:a6:7b:58:f4:4a:cb:08:
         2a:7b:2c:dc:51:07:63:04:0f:ed:c5:39:8a:af:0a:62:e5:a3:
         e4:1f:ba:7a:bd:75:de:cd:34:ca:a9:63:66:9e:44:a5:75:ed:
         d0:f3:c0:04:3c:fd:8b:89:e2:f9:cd:bd:86:d8:61:53:39:ed:
         2c:60:14:e7:ea:85:ac:39:95:4f:8c:27:da:e0:fa:2a:39:34:
         ff:7a:c5:d3:30:bd:66:2e:c3:59:17:2e:e5:34:77:a3:23:4d:
         34:4e:b1:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1vvqJtZR49/DdCswxIUntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNjAzMTIyMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmYxNzc3OTkzZWRhNjFhYTk1ZGZmYzFlZDE2NzhiN2NhZDE3MDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Hj8O5LwMl6hul6vsyqWSDrCw4/8
nCzpZ31dN2CsjCClFtUOA3Isys9dpV7cd44WRJ3NvXp02UvvwNv2eTEqr91/LTuP
nHzo14YobpDVXDyywwXW6f9xbQPntqit9/iMo7ti0jprVD+5AhRyEsUl9OfwGaH0
wKx4LX6KbNcPVGt9VURBnWvHF7zcGbIWaS5UTEV9F8B7MmV5OJy9blOTH8mKUafH
CysJSi5gw+JWFtppglTI+leusQ0vnwWywtTPMcBBkGlcHTAFR8xy8YhlWNNEkFHA
j/hbeoKb3U3ApEO550iaAZZzWlkd9iEJf8ZPYVjonxWOxMRUlQZ16lR4DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/xd3mT7aYaqV3/we0WeLfK0XAMMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvel9GM2VaUHRwaHFwWGZfQjdSWjR0OHJSY0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfscMA0G
CSqGSIb3DQEBCwUAA4IBAQBt5S12VKfLCIK8utpNt+0sPi3EcL1dlbw/dyBg+Voh
0sSpKiTifG7Am34Wqvfk9QWJPFmLps4a+Qc5AwTUR7R3c3vlX44i+iBMtyf2biDk
ZqSsYf4qvLaeSnKsrMk/axNI2Oc1tXYQ6+bl/mCQRTvO7IXjx+K6QhZb7VhRsTBu
6QC2I5ZfhxbY0xn2afhe/ZLe5zm6c0gEC69lRaZ7WPRKywgqeyzcUQdjBA/txTmK
rwpi5aPkH7p6vXXezTTKqWNmnkSlde3Q88AEPP2LieL5zb2G2GFTOe0sYBTn6oWs
OZVPjCfa4PoqOTT/esXTML1mLsNZFy7lNHejI000TrGH
-----END CERTIFICATE-----