Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/577eae-3f3d-4d3f-9c07-f019db2acca8/1/2iWfeMriZFi-G_hS_QOYTqRzYCk.roa
File:                     2iWfeMriZFi-G_hS_QOYTqRzYCk.roa (raw, json)
Hash identifier:          03ngKG8f9ygpR1m9XSjIdbVbs0jTiLlbaTIDCyi4ZJU=
Subject key identifier:   DA:25:9F:78:CA:E2:64:58:BE:1B:F8:52:FD:03:98:4E:A4:73:60:29
Certificate issuer:       /CN=8303a4cb2384c207dd3737f0924fa08e93282d06
Certificate serial:       0198F0AC1CC16240E9AEEE439070AB128983
Authority key identifier: 83:03:A4:CB:23:84:C2:07:DD:37:37:F0:92:4F:A0:8E:93:28:2D:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gwOkyyOEwgfdNzfwkk-gjpMoLQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/577eae-3f3d-4d3f-9c07-f019db2acca8/1/2iWfeMriZFi-G_hS_QOYTqRzYCk.roa
Signing time:             Thu 28 Aug 2025 12:34:28 +0000
ROA not before:           Thu 28 Aug 2025 12:34:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208553
IP address blocks:        89.39.80.0/24 maxlen: 24
                          89.39.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/577eae-3f3d-4d3f-9c07-f019db2acca8/1/gwOkyyOEwgfdNzfwkk-gjpMoLQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/577eae-3f3d-4d3f-9c07-f019db2acca8/1/gwOkyyOEwgfdNzfwkk-gjpMoLQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gwOkyyOEwgfdNzfwkk-gjpMoLQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 00:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:ac:1c:c1:62:40:e9:ae:ee:43:90:70:ab:12:89:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8303a4cb2384c207dd3737f0924fa08e93282d06
        Validity
            Not Before: Aug 28 12:34:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da259f78cae26458be1bf852fd03984ea4736029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:00:39:94:54:40:55:fd:01:0d:98:e5:91:c6:
                    5d:6e:f9:ea:81:8b:87:e7:da:7c:9f:a2:f8:ba:37:
                    55:41:a6:fa:1e:96:35:70:06:ba:1b:39:98:58:a1:
                    b3:19:4f:24:52:d8:b8:83:27:9a:a1:49:ca:60:ea:
                    74:4a:ac:94:34:0a:a5:58:d4:a4:dd:db:0f:f7:87:
                    e2:40:45:2b:f3:8a:50:1e:08:dd:3e:0e:f1:43:ff:
                    be:67:92:b1:11:2f:51:67:ae:c4:4d:8a:34:69:81:
                    ff:c3:81:5a:a0:a3:1a:17:66:5e:72:b6:33:fc:2e:
                    e2:e9:84:b9:44:00:be:f4:18:31:74:1f:d1:a2:e7:
                    3d:2c:13:2a:24:87:52:bf:61:51:7d:5b:11:01:8f:
                    e1:c1:e9:9b:04:1a:30:c7:03:15:26:fd:e2:75:b9:
                    87:3f:60:47:23:84:a9:15:73:95:d6:bb:22:67:17:
                    a5:69:91:c0:e4:f2:01:af:03:ea:8a:f8:ee:87:4e:
                    82:e1:d0:c3:e8:40:00:df:a4:af:7f:63:5c:d5:d4:
                    a2:df:33:94:72:b8:82:c8:94:d4:e5:52:92:fd:a8:
                    92:31:3d:c2:98:41:20:b2:9e:1d:65:fb:60:07:19:
                    fd:d9:f6:b8:14:42:b6:e4:85:0a:a3:cb:91:f9:ec:
                    4a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:25:9F:78:CA:E2:64:58:BE:1B:F8:52:FD:03:98:4E:A4:73:60:29
            X509v3 Authority Key Identifier:
                keyid:83:03:A4:CB:23:84:C2:07:DD:37:37:F0:92:4F:A0:8E:93:28:2D:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gwOkyyOEwgfdNzfwkk-gjpMoLQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/577eae-3f3d-4d3f-9c07-f019db2acca8/1/2iWfeMriZFi-G_hS_QOYTqRzYCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/577eae-3f3d-4d3f-9c07-f019db2acca8/1/gwOkyyOEwgfdNzfwkk-gjpMoLQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.80.0/24
                  89.39.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:f9:56:f1:39:a3:a8:b6:e1:ac:96:e1:bc:c3:28:ca:af:b2:
         7c:76:a8:2a:f0:07:52:b1:3f:98:17:1a:e1:4c:f8:aa:03:bd:
         d8:c5:3d:d7:6e:59:9c:be:1a:a8:00:b2:d9:46:cc:e0:9e:90:
         8a:cc:b6:e8:ca:a4:e1:a8:83:9f:12:85:74:07:03:0d:85:1e:
         aa:0b:78:fc:bd:45:6d:b1:b4:3e:b7:b7:66:48:84:51:72:b1:
         7b:09:16:04:22:71:7f:90:53:57:d4:e0:08:15:83:2d:b5:4a:
         0f:7c:c3:37:89:38:4a:ff:a2:cf:a2:91:e0:89:4f:56:36:51:
         6c:28:a9:9f:31:bf:90:cf:a4:c7:b2:f2:7e:a4:b6:b6:2f:3a:
         7d:e0:5a:63:48:ba:9c:64:31:b9:27:a5:18:7b:ac:73:95:c2:
         8e:d0:5c:27:18:14:6b:22:ca:35:e8:ee:1b:17:48:ad:7e:85:
         cf:94:e3:7b:2e:78:ff:43:c1:05:4d:9c:de:e6:71:d2:45:d4:
         58:6b:4e:76:25:05:3d:09:a0:2e:46:ce:47:79:06:33:65:53:
         ea:b1:79:cd:41:db:2c:b0:0b:33:ee:9f:aa:e8:70:ac:29:79:
         49:4f:63:90:16:9e:3f:5b:eb:8e:a9:e0:d4:18:be:22:1b:83:
         4f:4c:c2:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjwrBzBYkDpru5DkHCrEomDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMDNhNGNiMjM4NGMyMDdkZDM3MzdmMDkyNGZhMDhlOTMy
ODJkMDYwHhcNMjUwODI4MTIzNDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTI1OWY3OGNhZTI2NDU4YmUxYmY4NTJmZDAzOTg0ZWE0NzM2MDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygA5lFRAVf0BDZjlkcZdbvnqgYuH
59p8n6L4ujdVQab6HpY1cAa6GzmYWKGzGU8kUti4gyeaoUnKYOp0SqyUNAqlWNSk
3dsP94fiQEUr84pQHgjdPg7xQ/++Z5KxES9RZ67ETYo0aYH/w4FaoKMaF2ZecrYz
/C7i6YS5RAC+9BgxdB/Rouc9LBMqJIdSv2FRfVsRAY/hwembBBowxwMVJv3idbmH
P2BHI4SpFXOV1rsiZxelaZHA5PIBrwPqivjuh06C4dDD6EAA36Svf2Nc1dSi3zOU
criCyJTU5VKS/aiSMT3CmEEgsp4dZftgBxn92fa4FEK25IUKo8uR+exK2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNoln3jK4mRYvhv4Uv0DmE6kc2ApMB8GA1UdIwQY
MBaAFIMDpMsjhMIH3Tc38JJPoI6TKC0GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3dPa3l5T0V3Z2ZkTnpmd2trLWdqcE1vTFFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81NzdlYWUtM2YzZC00ZDNmLTljMDct
ZjAxOWRiMmFjY2E4LzEvMmlXZmVNcmlaRmktR19oU19RT1lUcVJ6WUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81NzdlYWUtM2YzZC00ZDNmLTljMDctZjAxOWRiMmFjY2E4
LzEvZ3dPa3l5T0V3Z2ZkTnpmd2trLWdqcE1vTFFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSdQAwQA
WSdaMA0GCSqGSIb3DQEBCwUAA4IBAQAl+VbxOaOotuGsluG8wyjKr7J8dqgq8AdS
sT+YFxrhTPiqA73YxT3XblmcvhqoALLZRszgnpCKzLboyqThqIOfEoV0BwMNhR6q
C3j8vUVtsbQ+t7dmSIRRcrF7CRYEInF/kFNX1OAIFYMttUoPfMM3iThK/6LPopHg
iU9WNlFsKKmfMb+Qz6THsvJ+pLa2Lzp94FpjSLqcZDG5J6UYe6xzlcKO0FwnGBRr
Iso16O4bF0itfoXPlON7Lnj/Q8EFTZze5nHSRdRYa052JQU9CaAuRs5HeQYzZVPq
sXnNQdsssAsz7p+q6HCsKXlJT2OQFp4/W+uOqeDUGL4iG4NPTMI2
-----END CERTIFICATE-----