Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/3O-D3rX4CFCdAkLP-WafPBWg7LI.roa
File:                     3O-D3rX4CFCdAkLP-WafPBWg7LI.roa (raw, json)
Hash identifier:          ZjKqIVEFVR9cfjOaAvV16cE3fi3JRCek3PrT1Bdh+pE=
Subject key identifier:   DC:EF:83:DE:B5:F8:08:50:9D:02:42:CF:F9:66:9F:3C:15:A0:EC:B2
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       0198F61742BEF2577E935120C6F2F1796548
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/3O-D3rX4CFCdAkLP-WafPBWg7LI.roa
Signing time:             Fri 29 Aug 2025 13:49:36 +0000
ROA not before:           Fri 29 Aug 2025 13:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209618
IP address blocks:        89.34.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f6:17:42:be:f2:57:7e:93:51:20:c6:f2:f1:79:65:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Aug 29 13:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcef83deb5f808509d0242cff9669f3c15a0ecb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ec:4e:49:59:e5:e4:25:ce:d7:f6:4a:e2:56:
                    c8:52:75:47:05:bf:12:0c:e1:e2:b9:12:af:70:5f:
                    77:9d:4f:2c:14:f1:94:17:cd:93:f4:a9:77:75:44:
                    2d:2c:ec:0d:8b:6a:dd:52:81:6b:a0:c1:ef:db:29:
                    a3:7a:ef:3b:fe:c7:2a:11:0e:71:40:cf:41:3c:9b:
                    1a:95:f9:d5:24:d6:57:48:0e:47:42:a9:b0:69:60:
                    1f:a6:54:8a:ba:e5:e0:90:49:02:fc:6d:35:59:ae:
                    3c:4b:9a:66:dc:17:24:f0:1a:df:79:8a:1d:0e:9f:
                    75:fb:e2:85:24:94:48:c7:42:41:49:ba:84:21:93:
                    55:6d:fd:61:e6:c3:f1:a9:d6:9d:bd:0f:22:54:9d:
                    2d:49:a6:a6:26:f3:40:40:e2:99:68:18:f9:c2:7c:
                    bb:b9:00:96:f6:e7:8e:bd:5f:f6:5a:de:bb:0d:06:
                    b3:a9:1a:52:39:6d:81:b8:c7:71:cc:83:5d:4e:9d:
                    a9:f1:70:9f:8e:4b:f3:14:ae:69:71:39:6a:79:0d:
                    09:9d:62:f8:52:a6:db:1f:35:41:ff:c4:14:a9:97:
                    6e:66:68:96:57:b0:aa:56:02:ed:ac:8d:ce:14:1f:
                    47:62:bc:fb:8a:0f:e7:11:b4:55:6f:5a:9d:df:fe:
                    47:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:EF:83:DE:B5:F8:08:50:9D:02:42:CF:F9:66:9F:3C:15:A0:EC:B2
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/3O-D3rX4CFCdAkLP-WafPBWg7LI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:ad:e8:c1:3c:98:e0:f4:a8:29:30:83:c0:72:12:34:3e:45:
         18:f5:74:b7:f9:93:08:1b:e8:1f:6e:c4:41:8b:60:91:15:0c:
         37:e1:6b:36:0b:22:a2:5d:c2:a3:af:11:34:0e:55:18:fb:2f:
         48:8d:65:77:a8:9e:08:29:b2:cc:07:fa:10:5e:ed:49:78:05:
         57:27:69:de:9d:b5:31:01:a5:06:64:a2:92:7f:ef:6b:a1:44:
         6c:dc:22:04:a5:f8:d1:1a:ad:bb:c2:36:14:b2:4b:6f:a9:1e:
         8a:3a:83:56:d9:49:14:4e:c7:1d:1d:10:f2:fb:94:77:41:44:
         24:89:79:8b:40:fa:33:a8:7e:a7:84:08:6d:31:c2:89:2a:38:
         f4:96:66:f2:4f:ca:b5:9e:02:28:42:3b:20:6e:2c:de:83:1c:
         9f:87:1e:a4:aa:51:57:76:06:79:c4:cf:8c:1a:bb:9e:44:cb:
         0b:24:25:7c:90:c6:f8:8e:41:d5:23:33:ed:c1:e7:e0:52:86:
         59:74:d0:84:16:7a:fd:2b:99:e3:2c:ff:57:f7:c9:a8:cb:81:
         8e:6d:86:f3:af:5b:d0:49:85:99:30:5b:94:8c:22:fd:bc:97:
         41:f6:da:9e:2e:68:3f:d1:f4:d9:82:53:a2:6e:dc:35:2b:59:
         d3:9e:f8:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj2F0K+8ld+k1EgxvLxeWVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjUwODI5MTM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2VmODNkZWI1ZjgwODUwOWQwMjQyY2ZmOTY2OWYzYzE1YTBlY2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+xOSVnl5CXO1/ZK4lbIUnVHBb8S
DOHiuRKvcF93nU8sFPGUF82T9Kl3dUQtLOwNi2rdUoFroMHv2ymjeu87/scqEQ5x
QM9BPJsalfnVJNZXSA5HQqmwaWAfplSKuuXgkEkC/G01Wa48S5pm3Bck8BrfeYod
Dp91++KFJJRIx0JBSbqEIZNVbf1h5sPxqdadvQ8iVJ0tSaamJvNAQOKZaBj5wny7
uQCW9ueOvV/2Wt67DQazqRpSOW2BuMdxzINdTp2p8XCfjkvzFK5pcTlqeQ0JnWL4
UqbbHzVB/8QUqZduZmiWV7CqVgLtrI3OFB9HYrz7ig/nEbRVb1qd3/5HUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzvg961+AhQnQJCz/lmnzwVoOyyMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvM08tRDNyWDRDRkNkQWtMUC1XYWZQQldnN0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSJMMA0G
CSqGSIb3DQEBCwUAA4IBAQAVrejBPJjg9KgpMIPAchI0PkUY9XS3+ZMIG+gfbsRB
i2CRFQw34Ws2CyKiXcKjrxE0DlUY+y9IjWV3qJ4IKbLMB/oQXu1JeAVXJ2nenbUx
AaUGZKKSf+9roURs3CIEpfjRGq27wjYUsktvqR6KOoNW2UkUTscdHRDy+5R3QUQk
iXmLQPozqH6nhAhtMcKJKjj0lmbyT8q1ngIoQjsgbizegxyfhx6kqlFXdgZ5xM+M
GrueRMsLJCV8kMb4jkHVIzPtwefgUoZZdNCEFnr9K5njLP9X98moy4GObYbzr1vQ
SYWZMFuUjCL9vJdB9tqeLmg/0fTZglOibtw1K1nTnvjO
-----END CERTIFICATE-----