Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DDFDdL4wIG-xoeAynt1YMKtbfho.roa
File:                     DDFDdL4wIG-xoeAynt1YMKtbfho.roa (raw, json)
Hash identifier:          iGAUYDIlZc13eU1AIjcX3CLjQZ/Wgbfnl/75KPHzqCA=
Subject key identifier:   0C:31:43:74:BE:30:20:6F:B1:A1:E0:32:9E:DD:58:30:AB:5B:7E:1A
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019A013459D1964A7C42230A15E89DAC9065
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DDFDdL4wIG-xoeAynt1YMKtbfho.roa
Signing time:             Mon 20 Oct 2025 10:39:59 +0000
ROA not before:           Mon 20 Oct 2025 10:39:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        89.249.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Oct 2025 23:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:34:59:d1:96:4a:7c:42:23:0a:15:e8:9d:ac:90:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Oct 20 10:39:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c314374be30206fb1a1e0329edd5830ab5b7e1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b4:2c:e5:a0:a3:c4:63:72:05:72:0f:35:b8:
                    0b:42:89:a5:bd:21:0a:d0:f8:39:3a:71:9b:ec:60:
                    c4:f3:a1:b6:85:1d:8b:36:7c:24:8c:41:7b:d7:8c:
                    43:34:1e:45:27:66:09:b7:2c:5e:64:9f:61:57:5b:
                    b0:4a:91:3c:f1:11:c7:72:2b:4a:fb:5f:f4:82:2d:
                    c3:00:0f:4a:29:5d:79:81:67:29:65:57:a3:f0:da:
                    cd:20:d2:c1:35:b4:97:5c:4d:58:ec:5e:46:7b:b4:
                    ab:93:bc:33:58:39:52:a6:c9:da:65:73:9a:b2:da:
                    51:e7:31:ad:dd:cf:14:bf:44:5f:40:ce:05:cf:41:
                    a5:51:ff:2a:c1:c1:60:71:92:c5:33:f6:68:b9:26:
                    98:18:63:a4:18:fc:0f:13:ce:fd:6d:91:16:f5:3e:
                    5f:05:d7:fe:c8:e1:5e:25:02:74:a7:64:48:a9:fd:
                    6c:26:2e:7d:eb:f1:04:80:56:0e:5c:f8:ac:3a:11:
                    1a:88:d1:62:54:d9:22:c8:29:69:05:75:e0:17:eb:
                    a5:cf:f5:f5:87:77:a3:df:92:9c:42:a5:b0:34:b8:
                    b5:bc:3e:6c:85:3b:cf:6d:38:bc:26:e4:34:92:f8:
                    cf:91:8f:60:07:2a:5b:67:45:38:31:b5:76:89:36:
                    0d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:31:43:74:BE:30:20:6F:B1:A1:E0:32:9E:DD:58:30:AB:5B:7E:1A
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DDFDdL4wIG-xoeAynt1YMKtbfho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:2f:f4:84:f9:6a:07:bb:18:5a:8f:32:83:92:05:21:ff:56:
         01:10:54:0a:28:e4:f9:d2:8d:08:3f:d5:66:d0:0c:6b:dc:92:
         97:4d:49:1e:a6:4e:53:aa:14:0a:06:f5:f0:46:86:b5:87:35:
         72:f1:d0:17:e6:70:1a:4b:b4:ad:13:cf:d8:c3:df:68:dd:98:
         15:82:cb:0f:d7:d4:b9:f9:96:73:e8:2d:cb:aa:75:b9:ed:f7:
         aa:8e:6d:14:44:17:aa:1e:42:4b:c9:32:d5:96:55:fc:8f:3b:
         83:3d:10:4d:f9:d5:3e:69:48:e0:0e:e1:3f:45:01:30:2e:10:
         91:41:d3:b8:b1:6c:80:c4:dc:f1:9c:fa:f1:68:d8:88:94:b4:
         79:f3:ce:fd:c5:05:86:ca:70:4f:7c:85:06:34:24:45:17:82:
         3b:20:ea:cf:73:37:a2:bc:3f:35:13:e2:f6:b5:e1:9a:a6:d4:
         f7:e3:52:90:05:0f:31:a2:c6:f7:99:26:95:4d:d0:7d:82:a2:
         2e:5d:90:3b:85:13:52:9d:b0:eb:12:29:69:f8:74:af:c8:a9:
         33:28:8e:ef:57:cc:22:75:93:8e:4a:bb:f1:fc:69:07:55:4e:
         2b:1e:5e:ac:4a:a3:14:4a:f8:db:2c:53:ad:fc:c6:32:75:2e:
         d5:5d:92:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoBNFnRlkp8QiMKFeidrJBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUxMDIwMTAzOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzMxNDM3NGJlMzAyMDZmYjFhMWUwMzI5ZWRkNTgzMGFiNWI3ZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLQs5aCjxGNyBXIPNbgLQomlvSEK
0Pg5OnGb7GDE86G2hR2LNnwkjEF714xDNB5FJ2YJtyxeZJ9hV1uwSpE88RHHcitK
+1/0gi3DAA9KKV15gWcpZVej8NrNINLBNbSXXE1Y7F5Ge7Srk7wzWDlSpsnaZXOa
stpR5zGt3c8Uv0RfQM4Fz0GlUf8qwcFgcZLFM/ZouSaYGGOkGPwPE879bZEW9T5f
Bdf+yOFeJQJ0p2RIqf1sJi596/EEgFYOXPisOhEaiNFiVNkiyClpBXXgF+ulz/X1
h3ej35KcQqWwNLi1vD5shTvPbTi8JuQ0kvjPkY9gBypbZ0U4MbV2iTYN2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwxQ3S+MCBvsaHgMp7dWDCrW34aMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvRERGRGRMNHdJRy14b2VBeW50MVlNS3RiZmhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnNMA0G
CSqGSIb3DQEBCwUAA4IBAQCBL/SE+WoHuxhajzKDkgUh/1YBEFQKKOT50o0IP9Vm
0Axr3JKXTUkepk5TqhQKBvXwRoa1hzVy8dAX5nAaS7StE8/Yw99o3ZgVgssP19S5
+ZZz6C3LqnW57feqjm0URBeqHkJLyTLVllX8jzuDPRBN+dU+aUjgDuE/RQEwLhCR
QdO4sWyAxNzxnPrxaNiIlLR58879xQWGynBPfIUGNCRFF4I7IOrPczeivD81E+L2
teGaptT341KQBQ8xosb3mSaVTdB9gqIuXZA7hRNSnbDrEilp+HSvyKkzKI7vV8wi
dZOOSrvx/GkHVU4rHl6sSqMUSvjbLFOt/MYydS7VXZIl
-----END CERTIFICATE-----