Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/pIGlYhC4P2k1h3jvOSm0FnjVe2c.roa
File:                     pIGlYhC4P2k1h3jvOSm0FnjVe2c.roa (raw, json)
Hash identifier:          m2ebOQmtIIofVIFoAaU4SA934aYrgbgbF3lm/86obtE=
Subject key identifier:   A4:81:A5:62:10:B8:3F:69:35:87:78:EF:39:29:B4:16:78:D5:7B:67
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0197446FF7AEC683BE7F336316190F7065F9
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/pIGlYhC4P2k1h3jvOSm0FnjVe2c.roa
Signing time:             Fri 06 Jun 2025 08:51:17 +0000
ROA not before:           Fri 06 Jun 2025 08:51:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28467
IP address blocks:        89.42.71.0/24 maxlen: 24
                          89.45.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:6f:f7:ae:c6:83:be:7f:33:63:16:19:0f:70:65:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jun  6 08:51:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a481a56210b83f69358778ef3929b41678d57b67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:17:a4:27:04:9b:c4:6d:37:43:2a:09:68:c4:
                    e5:13:cb:1c:bf:5d:4b:d9:f1:12:ce:cd:fe:4e:25:
                    27:4f:5a:45:b0:a4:c4:b2:2f:5d:8f:c2:b6:1f:08:
                    db:c1:26:97:67:3b:c5:57:8d:49:fa:1e:3e:9f:a7:
                    e2:f6:f4:a5:08:2a:20:e6:f3:63:ef:8d:7e:47:21:
                    ed:0b:4d:46:3b:67:27:b1:fe:51:33:2e:0b:86:a6:
                    d6:39:12:e5:9a:8a:4d:91:cf:f9:30:f5:03:e2:80:
                    15:80:13:df:64:0e:b4:cd:74:e6:ff:89:23:32:4a:
                    0c:27:1d:6a:a9:69:4a:aa:0f:49:e6:96:4b:37:a1:
                    44:7f:b5:5d:a3:9c:ff:c8:8a:57:dc:0d:c0:8a:17:
                    fb:05:2c:a4:1a:2b:ca:7f:12:a6:62:3a:71:0e:fd:
                    59:a4:f8:9d:a3:67:55:e6:8f:69:91:5d:9f:b2:18:
                    e4:f3:ef:ba:6e:f3:17:55:56:34:20:2d:62:70:93:
                    96:fa:e6:8e:f9:22:cf:21:6d:6f:4e:e8:eb:80:bb:
                    5f:81:b4:c8:0c:82:d0:8f:8c:66:18:97:7c:6c:98:
                    0d:7e:cf:05:93:85:94:ef:5d:53:f1:26:35:34:f6:
                    21:2a:ea:df:74:1a:f8:45:8b:90:16:62:7c:56:bc:
                    c5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:81:A5:62:10:B8:3F:69:35:87:78:EF:39:29:B4:16:78:D5:7B:67
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/pIGlYhC4P2k1h3jvOSm0FnjVe2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.71.0/24
                  89.45.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:06:63:04:c8:a3:4f:ab:a5:e6:fe:5b:35:9b:a8:05:19:81:
         ba:5c:a0:e7:fa:fa:44:1e:6b:9e:d7:4a:a7:fc:a9:f4:e2:da:
         b7:f1:d3:4a:9b:13:01:7d:63:1c:e7:da:6e:93:54:fa:13:f7:
         06:7a:52:bf:48:84:bb:cf:12:dc:89:56:5a:41:d7:93:8e:0e:
         e3:a1:c4:e7:a5:ca:37:f1:34:14:a9:f5:30:39:4f:50:94:7f:
         b4:f7:ff:d3:e9:cf:3f:1a:c0:23:11:79:2e:7d:1c:90:3b:3c:
         1a:79:18:41:fd:21:f2:ad:1a:63:35:4a:17:02:cb:25:4a:8f:
         b0:83:3f:5f:e2:48:66:c8:b9:ef:e9:25:86:47:53:36:11:71:
         46:df:ef:74:13:fc:06:ca:4b:70:95:d1:98:d2:6f:02:28:dd:
         87:0e:b4:74:ae:8c:6d:49:eb:88:48:09:29:ea:fb:61:aa:6a:
         63:33:92:cd:26:bf:c7:9c:a9:44:bf:37:f3:7a:df:35:75:ed:
         5a:7f:0c:96:7a:83:9a:17:2e:cc:6b:6d:a1:93:60:7d:d2:00:
         80:99:90:40:11:81:f1:47:d2:f1:c4:ef:6d:ad:51:db:87:b4:
         d7:b3:e4:cf:72:f9:11:cf:79:14:54:2d:cf:bc:c3:ce:aa:21:
         2a:36:37:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdEb/euxoO+fzNjFhkPcGX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNjA2MDg1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDgxYTU2MjEwYjgzZjY5MzU4Nzc4ZWYzOTI5YjQxNjc4ZDU3YjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBekJwSbxG03QyoJaMTlE8scv11L
2fESzs3+TiUnT1pFsKTEsi9dj8K2HwjbwSaXZzvFV41J+h4+n6fi9vSlCCog5vNj
741+RyHtC01GO2cnsf5RMy4LhqbWORLlmopNkc/5MPUD4oAVgBPfZA60zXTm/4kj
MkoMJx1qqWlKqg9J5pZLN6FEf7Vdo5z/yIpX3A3Aihf7BSykGivKfxKmYjpxDv1Z
pPido2dV5o9pkV2fshjk8++6bvMXVVY0IC1icJOW+uaO+SLPIW1vTujrgLtfgbTI
DILQj4xmGJd8bJgNfs8Fk4WU711T8SY1NPYhKurfdBr4RYuQFmJ8VrzFtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKSBpWIQuD9pNYd47zkptBZ41XtnMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvcElHbFloQzRQMmsxaDNqdk9TbTBGbmpWZTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSpHAwQA
WS3RMA0GCSqGSIb3DQEBCwUAA4IBAQAoBmMEyKNPq6Xm/ls1m6gFGYG6XKDn+vpE
Hmue10qn/Kn04tq38dNKmxMBfWMc59puk1T6E/cGelK/SIS7zxLciVZaQdeTjg7j
ocTnpco38TQUqfUwOU9QlH+09//T6c8/GsAjEXkufRyQOzwaeRhB/SHyrRpjNUoX
AsslSo+wgz9f4khmyLnv6SWGR1M2EXFG3+90E/wGyktwldGY0m8CKN2HDrR0roxt
SeuISAkp6vthqmpjM5LNJr/HnKlEvzfzet81de1afwyWeoOaFy7Ma22hk2B90gCA
mZBAEYHxR9LxxO9trVHbh7TXs+TPcvkRz3kUVC3PvMPOqiEqNjdO
-----END CERTIFICATE-----