Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/L-gkzT_i4oHU7qxpuc0zJS-8-z8.roa
File:                     L-gkzT_i4oHU7qxpuc0zJS-8-z8.roa (raw, json)
Hash identifier:          HSMXzxBmRLzF1beqds20c9gNGv4tHZqGNf3E+15YX0k=
Subject key identifier:   2F:E8:24:CD:3F:E2:E2:81:D4:EE:AC:69:B9:CD:33:25:2F:BC:FB:3F
Certificate issuer:       /CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
Certificate serial:       0196E8965CFB89326F285081B070BEA963AA
Authority key identifier: B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/L-gkzT_i4oHU7qxpuc0zJS-8-z8.roa
Signing time:             Mon 19 May 2025 12:48:10 +0000
ROA not before:           Mon 19 May 2025 12:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        45.89.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:96:5c:fb:89:32:6f:28:50:81:b0:70:be:a9:63:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
        Validity
            Not Before: May 19 12:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fe824cd3fe2e281d4eeac69b9cd33252fbcfb3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:91:ad:7e:29:0e:21:9d:50:05:fd:3e:83:4e:
                    12:f5:a3:30:db:b9:15:ec:04:1c:5f:27:6d:21:9a:
                    07:e7:0d:8b:d4:78:d3:1e:ac:d7:3c:17:ae:03:f3:
                    5f:1f:24:87:65:96:78:a1:cd:89:db:8b:e5:80:d8:
                    8c:84:7a:f9:32:98:52:f6:c3:f3:70:c9:7f:d8:c4:
                    6c:61:d5:87:e9:50:9a:cc:a4:14:3a:dd:29:fd:dd:
                    d2:91:b8:e8:96:c2:d6:e5:8a:50:cc:18:35:ef:c3:
                    13:b8:77:ee:7e:e9:b6:c9:34:00:4a:56:b8:43:06:
                    91:fc:16:bd:c8:74:fe:b0:4e:4e:fb:da:ee:76:fa:
                    8e:8d:0c:7c:f2:18:47:3d:51:65:eb:88:9a:eb:69:
                    07:95:09:89:78:2b:34:8f:b4:14:90:9b:ef:a0:30:
                    88:86:57:60:b6:a4:d5:67:2b:f8:a7:e9:c2:26:f8:
                    68:c5:26:41:8e:6a:fe:99:e1:3d:a3:5a:af:72:d9:
                    bb:33:e1:b5:e7:b5:6c:7c:6c:fe:db:66:f1:ef:b5:
                    59:5c:3b:5b:16:cc:5c:1a:18:89:a1:53:40:bc:e5:
                    5b:1c:b9:af:57:49:c0:a9:ef:fc:3c:69:80:78:c6:
                    7e:cc:8d:a6:e6:4f:92:01:63:5c:58:47:d6:a0:fa:
                    08:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E8:24:CD:3F:E2:E2:81:D4:EE:AC:69:B9:CD:33:25:2F:BC:FB:3F
            X509v3 Authority Key Identifier:
                keyid:B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/L-gkzT_i4oHU7qxpuc0zJS-8-z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:89:e5:d7:e9:5b:52:b1:46:92:52:aa:1c:0f:ff:5f:b8:44:
         ad:76:e9:ac:d4:f3:1f:25:5e:8a:3b:25:fa:45:4b:8c:92:b2:
         dc:fb:1b:d5:98:ac:67:c2:84:92:83:99:1f:6f:7a:82:a1:ba:
         76:e2:19:31:41:74:93:e8:cd:9b:7d:35:06:5a:6b:7b:dd:a0:
         50:72:4b:24:03:5e:27:9f:e4:2f:88:ae:1d:6f:1b:e5:e1:bd:
         40:97:9d:35:55:74:96:0e:76:0f:83:48:fb:54:1e:5d:e6:9b:
         2b:bc:3e:77:4d:d8:c8:9b:44:b8:98:60:66:e2:4e:27:4a:4f:
         73:45:ad:7c:11:0c:21:4c:9b:e6:0a:39:40:64:da:0b:41:52:
         8c:c2:7d:b7:ff:c9:63:a5:b1:f8:64:c9:cd:c6:67:0b:a4:62:
         fa:af:a8:b7:e4:f8:e6:4a:d7:41:a7:b4:3c:a7:a9:01:54:68:
         a6:98:b3:35:66:e6:27:0b:91:d6:10:fa:41:45:65:14:de:a3:
         2f:d0:56:6d:37:60:86:77:2e:4a:6c:e5:26:0b:e0:15:5d:06:
         ff:27:22:c0:91:d0:59:4d:1a:05:7a:51:76:4c:50:1e:07:f4:
         4b:c8:1b:36:13:d5:68:82:fa:47:10:c1:72:0b:0b:26:9e:b3:
         bd:17:64:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbollz7iTJvKFCBsHC+qWOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5M2Q0OTA4ZDljNDNhODVmODViZTE5MzM0YTI2ZjVkNTEz
NTBiY2IwHhcNMjUwNTE5MTI0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmU4MjRjZDNmZTJlMjgxZDRlZWFjNjliOWNkMzMyNTJmYmNmYjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8pGtfikOIZ1QBf0+g04S9aMw27kV
7AQcXydtIZoH5w2L1HjTHqzXPBeuA/NfHySHZZZ4oc2J24vlgNiMhHr5MphS9sPz
cMl/2MRsYdWH6VCazKQUOt0p/d3SkbjolsLW5YpQzBg178MTuHfufum2yTQASla4
QwaR/Ba9yHT+sE5O+9rudvqOjQx88hhHPVFl64ia62kHlQmJeCs0j7QUkJvvoDCI
hldgtqTVZyv4p+nCJvhoxSZBjmr+meE9o1qvctm7M+G157VsfGz+22bx77VZXDtb
FsxcGhiJoVNAvOVbHLmvV0nAqe/8PGmAeMZ+zI2m5k+SAWNcWEfWoPoIcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/oJM0/4uKB1O6sabnNMyUvvPs/MB8GA1UdIwQY
MBaAFLk9SQjZxDqF+FvhkzSib11RNQvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAt
NTI4NzQ2MTFjZDIxLzEvTC1na3pUX2k0b0hVN3F4cHVjMHpKUy04LXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAtNTI4NzQ2MTFjZDIx
LzEvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVnfMA0G
CSqGSIb3DQEBCwUAA4IBAQAiieXX6VtSsUaSUqocD/9fuEStdums1PMfJV6KOyX6
RUuMkrLc+xvVmKxnwoSSg5kfb3qCobp24hkxQXST6M2bfTUGWmt73aBQckskA14n
n+QviK4dbxvl4b1Al501VXSWDnYPg0j7VB5d5psrvD53TdjIm0S4mGBm4k4nSk9z
Ra18EQwhTJvmCjlAZNoLQVKMwn23/8ljpbH4ZMnNxmcLpGL6r6i35PjmStdBp7Q8
p6kBVGimmLM1ZuYnC5HWEPpBRWUU3qMv0FZtN2CGdy5KbOUmC+AVXQb/JyLAkdBZ
TRoFelF2TFAeB/RLyBs2E9VogvpHEMFyCwsmnrO9F2R0
-----END CERTIFICATE-----