Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/v0SLn4Gc7KackReJSVE0I4Wcz38.roa
File:                     v0SLn4Gc7KackReJSVE0I4Wcz38.roa (raw, json)
Hash identifier:          BYq+5DCkWzZd64Eu8y+wlUPzr+kNsQ+QL28hTm32XqI=
Subject key identifier:   BF:44:8B:9F:81:9C:EC:A6:9C:91:17:89:49:51:34:23:85:9C:CF:7F
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019950C6E3735F2D4C55AB01CF8AE0BEF1A1
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/v0SLn4Gc7KackReJSVE0I4Wcz38.roa
Signing time:             Tue 16 Sep 2025 04:27:15 +0000
ROA not before:           Tue 16 Sep 2025 04:27:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        89.249.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:50:c6:e3:73:5f:2d:4c:55:ab:01:cf:8a:e0:be:f1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Sep 16 04:27:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf448b9f819ceca69c91178949513423859ccf7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a3:0a:32:97:89:7d:f6:67:36:ec:bc:5b:49:
                    56:01:ac:80:78:15:67:c3:e7:e9:7b:a8:4f:0c:0e:
                    63:d3:0e:33:f2:4e:ab:55:e6:3d:b4:22:e0:87:46:
                    d3:0a:75:a9:5a:16:2a:ac:a0:b9:79:42:6c:30:4f:
                    04:5a:fd:9d:e6:39:db:b3:cc:ac:9c:b4:5d:3a:f9:
                    01:91:92:61:7c:70:0d:8b:70:d3:a1:7e:28:84:3b:
                    47:7a:65:cd:d7:5d:b2:51:61:64:71:c0:09:4a:40:
                    21:df:65:b2:8d:11:6a:4d:cd:ef:88:fc:55:6f:bf:
                    ce:80:2c:8d:c8:65:26:23:3f:f8:94:78:dc:6c:7a:
                    12:5d:a5:2f:69:04:6d:ec:87:50:3b:8c:5c:97:7c:
                    18:2d:c2:82:98:e2:43:b6:47:5c:7e:7e:b9:14:78:
                    46:31:d5:44:f9:b3:ee:54:90:c2:14:88:01:cd:fc:
                    a2:0d:b5:bd:5d:9d:31:64:4d:68:6f:d2:50:30:97:
                    06:00:dd:89:23:f2:6e:69:d5:da:dc:4a:8d:52:83:
                    88:da:50:16:71:d4:a6:f0:92:fc:df:1d:9b:24:9d:
                    de:41:b8:6f:b2:8a:39:f8:70:03:9d:24:33:82:9c:
                    dd:cd:61:86:0a:ca:4c:72:30:e5:ed:3f:bd:ab:0f:
                    e7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:44:8B:9F:81:9C:EC:A6:9C:91:17:89:49:51:34:23:85:9C:CF:7F
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/v0SLn4Gc7KackReJSVE0I4Wcz38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:0a:4c:90:34:75:d6:28:91:0e:da:f5:56:5a:3c:85:3d:a2:
         25:d2:7d:64:b9:23:ec:de:e4:da:cd:10:bf:39:e4:d8:1d:64:
         80:db:19:d3:f0:1d:a1:fc:13:d7:bc:67:1d:f2:f7:5d:01:43:
         d5:1a:4c:93:53:f8:69:c1:7a:64:55:fc:3c:27:ce:4e:d1:82:
         ee:cb:b8:5b:de:63:1c:17:f7:f5:6f:45:97:4b:0f:20:5f:9a:
         ef:25:eb:b8:d8:3a:e6:2b:f7:68:7d:0c:8e:11:26:1d:cb:7f:
         66:cd:5c:2f:c9:11:28:7a:e8:9a:f6:fe:3e:50:9e:ea:52:fe:
         e5:3e:35:f0:5d:d9:80:2d:f0:53:f9:34:95:2f:7b:17:27:62:
         86:3e:cc:26:23:25:5c:6c:ce:93:ff:b2:d3:27:93:a9:e9:bd:
         97:e5:ca:65:63:ac:8b:d4:0d:fe:1c:bb:78:4e:77:80:68:1e:
         6e:47:d8:d1:4e:be:97:08:1f:79:6b:c8:86:89:2c:bf:c3:47:
         a9:b0:28:59:21:89:44:48:8b:c5:21:19:7f:95:8e:bd:e3:e7:
         a9:6d:92:20:01:56:ff:d3:f3:60:ea:72:fc:15:56:3c:b4:62:
         0a:d8:5c:6f:89:5a:0d:e8:75:86:ba:ea:0c:54:1f:fc:4c:0c:
         27:03:0f:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlQxuNzXy1MVasBz4rgvvGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwOTE2MDQyNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjQ0OGI5ZjgxOWNlY2E2OWM5MTE3ODk0OTUxMzQyMzg1OWNjZjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6MKMpeJffZnNuy8W0lWAayAeBVn
w+fpe6hPDA5j0w4z8k6rVeY9tCLgh0bTCnWpWhYqrKC5eUJsME8EWv2d5jnbs8ys
nLRdOvkBkZJhfHANi3DToX4ohDtHemXN112yUWFkccAJSkAh32WyjRFqTc3viPxV
b7/OgCyNyGUmIz/4lHjcbHoSXaUvaQRt7IdQO4xcl3wYLcKCmOJDtkdcfn65FHhG
MdVE+bPuVJDCFIgBzfyiDbW9XZ0xZE1ob9JQMJcGAN2JI/JuadXa3EqNUoOI2lAW
cdSm8JL83x2bJJ3eQbhvsoo5+HADnSQzgpzdzWGGCspMcjDl7T+9qw/ngQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9Ei5+BnOymnJEXiUlRNCOFnM9/MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvdjBTTG40R2M3S2Fja1JlSlNWRTBJNFdjejM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnIMA0G
CSqGSIb3DQEBCwUAA4IBAQAMCkyQNHXWKJEO2vVWWjyFPaIl0n1kuSPs3uTazRC/
OeTYHWSA2xnT8B2h/BPXvGcd8vddAUPVGkyTU/hpwXpkVfw8J85O0YLuy7hb3mMc
F/f1b0WXSw8gX5rvJeu42DrmK/dofQyOESYdy39mzVwvyREoeuia9v4+UJ7qUv7l
PjXwXdmALfBT+TSVL3sXJ2KGPswmIyVcbM6T/7LTJ5Op6b2X5cplY6yL1A3+HLt4
TneAaB5uR9jRTr6XCB95a8iGiSy/w0epsChZIYlESIvFIRl/lY694+epbZIgAVb/
0/Ng6nL8FVY8tGIK2FxviVoN6HWGuuoMVB/8TAwnAw/H
-----END CERTIFICATE-----