Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/OtrqIFNVNnuQ1VRq6HYUAhR5zWw.roa
File:                     OtrqIFNVNnuQ1VRq6HYUAhR5zWw.roa (raw, json)
Hash identifier:          h+RphLRdGHnn3AAyD5pqsGuIoWANyui/gliautNCy4M=
Subject key identifier:   3A:DA:EA:20:53:55:36:7B:90:D5:54:6A:E8:76:14:02:14:79:CD:6C
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       01990B5669633D060959AA24847948526C71
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/OtrqIFNVNnuQ1VRq6HYUAhR5zWw.roa
Signing time:             Tue 02 Sep 2025 16:50:36 +0000
ROA not before:           Tue 02 Sep 2025 16:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        89.249.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 19:46:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:56:69:63:3d:06:09:59:aa:24:84:79:48:52:6c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Sep  2 16:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3adaea205355367b90d5546ae87614021479cd6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4a:a5:1f:43:d9:8c:60:13:c9:54:cd:4d:ac:
                    4d:45:c3:9f:d7:ee:5b:5f:a1:30:f2:7f:60:76:ac:
                    33:cb:3b:21:36:90:f9:5c:51:2f:a7:c7:9a:12:b3:
                    e6:f0:58:96:b5:84:e3:ad:98:01:6d:22:70:60:2e:
                    de:55:9c:26:41:1e:11:aa:68:8f:8e:a2:41:57:8f:
                    e1:69:0c:81:76:ac:78:db:36:db:6e:a3:90:ae:64:
                    17:fd:07:d7:81:86:ad:c5:64:60:89:c0:3c:c6:10:
                    31:42:19:c6:6d:63:9c:ea:16:2a:23:8e:b4:0a:63:
                    10:4f:09:d9:10:2c:4e:17:f6:0d:fb:b7:5f:b2:e3:
                    7d:9e:71:08:27:86:ae:2e:e1:37:4e:f3:df:44:ac:
                    1d:17:72:77:95:12:4e:56:5d:90:fd:b5:1d:1d:5f:
                    b8:5e:97:af:a5:21:43:73:98:8e:aa:fb:d4:0f:3a:
                    85:96:62:2b:64:e3:d2:6e:e3:ce:a4:53:23:6c:6a:
                    97:69:8c:9e:18:27:6b:84:43:67:c9:e6:b2:30:a6:
                    bf:f1:46:99:6f:a4:ed:fb:9c:56:74:90:07:ad:c3:
                    c0:e1:5c:0d:b9:74:fd:a7:5a:d9:bd:d9:63:d4:8b:
                    8f:56:5b:0e:0e:f2:6b:72:8c:2f:c5:cb:c9:1f:35:
                    ce:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:DA:EA:20:53:55:36:7B:90:D5:54:6A:E8:76:14:02:14:79:CD:6C
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/OtrqIFNVNnuQ1VRq6HYUAhR5zWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:5e:20:17:8f:b4:42:e9:ea:88:6d:ef:73:55:bd:d7:d3:6c:
         80:69:74:45:4b:9c:8b:3e:64:0b:50:30:d4:af:da:ee:c3:d6:
         d6:b6:9d:51:90:0d:31:dd:d4:27:02:91:e2:31:d6:e0:36:1c:
         04:77:d7:47:37:df:10:f5:91:d9:07:63:30:34:e6:58:3d:4a:
         22:2b:dc:d0:4f:88:43:99:6a:b7:31:5f:67:3e:bc:bf:37:0a:
         c6:a1:f2:9d:8f:73:e9:78:8c:2c:cc:25:18:d3:08:08:34:3e:
         04:92:1c:8e:fa:4b:b5:3f:e3:e9:f1:7f:aa:4d:64:12:28:f8:
         ff:ea:ac:5b:d6:ed:23:06:4f:e7:37:d9:36:6a:82:32:bd:ed:
         bb:54:df:f6:bd:b6:dc:b0:47:c1:18:e3:bd:dc:94:77:72:f2:
         38:35:ab:67:6c:8a:2a:ff:3e:5f:38:0a:39:06:6d:dd:44:d9:
         bb:b7:d8:ef:0d:1d:ac:fa:57:6f:10:61:ca:83:9c:5a:99:84:
         c1:3d:0a:82:83:aa:68:7f:3e:8c:58:3a:b2:7e:33:8e:91:03:
         f1:2e:a0:37:49:4e:f5:56:ea:fc:91:81:3e:16:eb:37:04:7e:
         7d:6b:c4:7b:6a:37:cb:58:eb:75:a2:1a:f9:2a:87:b1:c3:75:
         d1:a4:16:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkLVmljPQYJWaokhHlIUmxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwOTAyMTY1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWRhZWEyMDUzNTUzNjdiOTBkNTU0NmFlODc2MTQwMjE0NzljZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUqlH0PZjGATyVTNTaxNRcOf1+5b
X6Ew8n9gdqwzyzshNpD5XFEvp8eaErPm8FiWtYTjrZgBbSJwYC7eVZwmQR4RqmiP
jqJBV4/haQyBdqx42zbbbqOQrmQX/QfXgYatxWRgicA8xhAxQhnGbWOc6hYqI460
CmMQTwnZECxOF/YN+7dfsuN9nnEIJ4auLuE3TvPfRKwdF3J3lRJOVl2Q/bUdHV+4
XpevpSFDc5iOqvvUDzqFlmIrZOPSbuPOpFMjbGqXaYyeGCdrhENnyeayMKa/8UaZ
b6Tt+5xWdJAHrcPA4VwNuXT9p1rZvdlj1IuPVlsODvJrcowvxcvJHzXOrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDra6iBTVTZ7kNVUauh2FAIUec1sMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvT3RycUlGTlZObnVRMVZScTZIWVVBaFI1eld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnLMA0G
CSqGSIb3DQEBCwUAA4IBAQC8XiAXj7RC6eqIbe9zVb3X02yAaXRFS5yLPmQLUDDU
r9ruw9bWtp1RkA0x3dQnApHiMdbgNhwEd9dHN98Q9ZHZB2MwNOZYPUoiK9zQT4hD
mWq3MV9nPry/NwrGofKdj3PpeIwszCUY0wgIND4EkhyO+ku1P+Pp8X+qTWQSKPj/
6qxb1u0jBk/nN9k2aoIyve27VN/2vbbcsEfBGOO93JR3cvI4NatnbIoq/z5fOAo5
Bm3dRNm7t9jvDR2s+ldvEGHKg5xamYTBPQqCg6pofz6MWDqyfjOOkQPxLqA3SU71
Vur8kYE+Fus3BH59a8R7ajfLWOt1ohr5Koexw3XRpBbv
-----END CERTIFICATE-----