Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/cQbzTwAiOsuLmS8yMnawGgo51Ps.roa
File:                     cQbzTwAiOsuLmS8yMnawGgo51Ps.roa (raw, json)
Hash identifier:          btxyyqBZ8nyik4l7LMQMxSprq0qm/QjygLtxi11EF/E=
Subject key identifier:   71:06:F3:4F:00:22:3A:CB:8B:99:2F:32:32:76:B0:1A:0A:39:D4:FB
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019A0134584350048B46D32AE2A0BFD8CFA9
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/cQbzTwAiOsuLmS8yMnawGgo51Ps.roa
Signing time:             Mon 20 Oct 2025 10:39:58 +0000
ROA not before:           Mon 20 Oct 2025 10:39:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.249.192.0/21 maxlen: 24
                          89.249.206.0/23 maxlen: 24
                          212.42.192.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Oct 2025 23:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:34:58:43:50:04:8b:46:d3:2a:e2:a0:bf:d8:cf:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Oct 20 10:39:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7106f34f00223acb8b992f323276b01a0a39d4fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:eb:f3:f8:16:36:c4:13:8b:54:75:70:ad:1b:
                    90:bc:5f:11:95:b7:a4:a3:28:da:a1:d6:61:a6:f8:
                    bf:22:1a:68:43:20:1f:61:55:a4:9d:a8:cd:40:11:
                    95:4d:e1:b5:12:42:00:5d:a6:d3:c1:48:06:bc:25:
                    12:13:18:9f:c3:81:92:43:c0:94:52:ee:8e:eb:90:
                    a5:a0:d4:95:59:db:7b:f2:a3:cc:ce:f7:ca:7f:81:
                    43:6f:89:37:4f:25:27:00:5a:26:54:33:cb:8b:27:
                    f6:92:30:b0:6a:15:11:bc:54:7e:b1:3c:03:7f:ca:
                    0b:a2:19:4d:b0:94:2a:3f:98:85:01:50:68:c6:53:
                    99:68:c8:ae:4d:c2:71:99:7c:37:1a:8b:75:16:a9:
                    7b:d6:20:0b:8e:e1:9b:1f:96:61:b5:38:fc:a7:5a:
                    4b:ee:9c:76:bd:9b:3d:bb:55:78:e7:39:2f:9e:3c:
                    df:fa:0d:24:78:30:2d:73:47:0b:a6:78:5e:bd:1d:
                    54:5f:18:15:d5:4e:08:61:d3:ef:d6:fc:26:53:dc:
                    be:05:cf:35:fc:8d:d8:e1:d1:1d:4a:33:5c:73:f2:
                    d5:25:4a:48:70:04:a6:fb:1d:75:dd:cc:78:28:a6:
                    76:3e:10:2b:46:b1:7c:ab:38:c6:d6:0b:b1:02:8a:
                    da:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:06:F3:4F:00:22:3A:CB:8B:99:2F:32:32:76:B0:1A:0A:39:D4:FB
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/cQbzTwAiOsuLmS8yMnawGgo51Ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.192.0/21
                  89.249.206.0/23
                  212.42.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8a:93:9f:ed:42:42:f9:2f:7e:96:8d:a3:95:0b:d3:1b:e2:ef:
         a0:26:27:06:ba:a9:c2:87:3d:e6:da:e7:f4:08:ae:9d:75:66:
         20:69:c8:d8:5b:05:9a:11:aa:36:f4:ed:8d:1d:2b:ce:f9:c4:
         ce:74:7c:a0:4d:79:64:bb:aa:1e:42:a4:3d:8f:fb:34:7e:1e:
         d9:60:2a:38:bd:53:c6:94:b9:f9:21:c8:42:a0:47:6c:04:64:
         dd:81:6b:12:6e:2e:5c:91:28:c5:29:da:b8:6f:6b:db:db:bf:
         ae:b9:7b:e4:8b:43:fc:be:8e:27:6d:f9:66:ca:07:6d:94:52:
         cf:6d:c8:30:7c:17:be:03:a0:65:52:6d:8c:08:1f:20:23:e7:
         e2:f4:b6:a7:0c:8d:14:f1:59:80:18:45:28:bc:12:d8:ec:b4:
         70:e0:e3:99:74:ac:be:2b:fb:07:f6:d1:31:ae:74:3b:14:e6:
         6b:3b:d7:81:48:03:de:8e:ee:f5:0f:8d:a6:52:ea:97:ae:36:
         30:3d:2e:e9:d7:3a:c4:df:b0:01:1d:e3:04:c1:2d:1c:0e:68:
         55:64:c1:c6:e3:ad:17:67:7b:0f:8d:5b:97:68:e4:ec:79:1c:
         a7:25:a0:ea:e6:c2:99:9a:b5:2c:b2:d3:c6:a1:6f:54:e1:60:
         5e:8e:55:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoBNFhDUASLRtMq4qC/2M+pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUxMDIwMTAzOTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTA2ZjM0ZjAwMjIzYWNiOGI5OTJmMzIzMjc2YjAxYTBhMzlkNGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+vz+BY2xBOLVHVwrRuQvF8Rlbek
oyjaodZhpvi/IhpoQyAfYVWknajNQBGVTeG1EkIAXabTwUgGvCUSExifw4GSQ8CU
Uu6O65CloNSVWdt78qPMzvfKf4FDb4k3TyUnAFomVDPLiyf2kjCwahURvFR+sTwD
f8oLohlNsJQqP5iFAVBoxlOZaMiuTcJxmXw3Got1Fql71iALjuGbH5ZhtTj8p1pL
7px2vZs9u1V45zkvnjzf+g0keDAtc0cLpnhevR1UXxgV1U4IYdPv1vwmU9y+Bc81
/I3Y4dEdSjNcc/LVJUpIcASm+x113cx4KKZ2PhArRrF8qzjG1guxAorarQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHEG808AIjrLi5kvMjJ2sBoKOdT7MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvY1FielR3QWlPc3VMbVM4eU1uYXdHZ281MVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWfnAAwQB
WfnOAwQE1CrAMA0GCSqGSIb3DQEBCwUAA4IBAQCKk5/tQkL5L36WjaOVC9Mb4u+g
JicGuqnChz3m2uf0CK6ddWYgacjYWwWaEao29O2NHSvO+cTOdHygTXlku6oeQqQ9
j/s0fh7ZYCo4vVPGlLn5IchCoEdsBGTdgWsSbi5ckSjFKdq4b2vb27+uuXvki0P8
vo4nbflmygdtlFLPbcgwfBe+A6BlUm2MCB8gI+fi9LanDI0U8VmAGEUovBLY7LRw
4OOZdKy+K/sH9tExrnQ7FOZrO9eBSAPeju71D42mUuqXrjYwPS7p1zrE37ABHeME
wS0cDmhVZMHG460XZ3sPjVuXaOTseRynJaDq5sKZmrUsstPGoW9U4WBejlXR
-----END CERTIFICATE-----