Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/Ms_pDtAjK9tb1e5h7bLoQWbyHs8.roa
File:                     Ms_pDtAjK9tb1e5h7bLoQWbyHs8.roa (raw, json)
Hash identifier:          cL+zxxB8p9BDEROGB77OysHEV8P4dX2U5M5xqP9Q6C0=
Subject key identifier:   32:CF:E9:0E:D0:23:2B:DB:5B:D5:EE:61:ED:B2:E8:41:66:F2:1E:CF
Certificate issuer:       /CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
Certificate serial:       0196B54A0971CA18A9EE458689AA98925C0F
Authority key identifier: 87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/Ms_pDtAjK9tb1e5h7bLoQWbyHs8.roa
Signing time:             Fri 09 May 2025 13:44:10 +0000
ROA not before:           Fri 09 May 2025 13:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206125
IP address blocks:        89.190.6.0/24 maxlen: 24
                          185.151.76.0/22 maxlen: 22
                          2a03:7c03::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b5:4a:09:71:ca:18:a9:ee:45:86:89:aa:98:92:5c:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
        Validity
            Not Before: May  9 13:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32cfe90ed0232bdb5bd5ee61edb2e84166f21ecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:95:e7:35:5c:1b:e1:23:7b:08:89:4b:72:dc:
                    11:7a:e0:6f:76:38:07:34:68:2e:b4:d1:2f:55:55:
                    55:9a:c2:cd:56:eb:8d:ad:41:72:f2:4e:b9:0c:6f:
                    f5:9f:08:ea:87:a0:bc:b4:b7:af:2b:ea:d9:e6:c6:
                    b1:b5:4a:ba:e3:4c:30:dd:e0:a6:e9:7b:8f:80:40:
                    99:e0:f2:3e:87:80:9a:2d:c9:bd:ea:99:38:fa:62:
                    ea:36:24:37:89:81:be:33:7b:f7:ab:79:eb:f2:5e:
                    8a:69:d3:8d:54:fc:75:ad:60:f7:c7:5f:84:01:6c:
                    0f:87:9a:c2:19:dd:d0:4b:25:69:1b:f3:48:00:c4:
                    5a:e6:c2:d1:bb:e1:03:f8:9b:66:f3:fd:06:ca:20:
                    b2:47:a3:7a:ef:ac:67:1e:72:bf:c1:c4:7e:41:1f:
                    2f:ad:be:a4:23:d3:30:df:da:fd:69:2a:5b:d8:bb:
                    ae:6a:06:b9:e5:51:1b:5e:f8:93:d7:0b:f1:20:0e:
                    f1:89:07:52:92:e3:bd:73:81:c2:f9:bd:c5:b3:53:
                    25:e3:8b:e1:7a:78:c3:43:9a:d4:cd:55:26:2e:4e:
                    85:53:8f:ad:c1:b0:06:bc:0c:34:b3:91:be:ac:58:
                    46:4f:fc:81:73:87:05:05:9f:93:58:30:a5:62:e7:
                    45:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:CF:E9:0E:D0:23:2B:DB:5B:D5:EE:61:ED:B2:E8:41:66:F2:1E:CF
            X509v3 Authority Key Identifier:
                keyid:87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/Ms_pDtAjK9tb1e5h7bLoQWbyHs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.6.0/24
                  185.151.76.0/22
                IPv6:
                  2a03:7c03::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:bb:4a:ef:a8:87:ea:1d:de:0f:f2:94:d7:2b:3f:c3:4a:cc:
         36:87:d6:8e:6c:39:d1:85:ec:2a:a7:0d:bc:bb:d3:e0:23:3f:
         15:3f:d5:4c:0d:93:e5:af:d1:d4:99:d3:0c:b4:3c:05:25:14:
         82:5a:13:7b:64:60:c1:a2:32:c6:62:ad:8a:56:43:4a:85:57:
         19:70:14:91:b5:2b:fc:44:59:c3:a9:f6:60:28:17:c1:62:52:
         ba:8c:2d:43:44:de:5b:7a:c9:82:9e:c8:df:83:f7:c2:3c:c4:
         5c:5d:b0:b1:f9:0a:49:52:5e:ee:27:34:38:e0:37:d7:6c:bb:
         29:d0:4c:3e:f2:d4:9d:f9:4a:fc:58:46:10:03:48:79:e4:3c:
         11:65:59:78:49:39:52:d7:a4:6b:89:5d:bd:8e:47:a4:51:72:
         ed:1c:ae:d0:ce:92:b3:22:19:81:db:3f:83:77:ad:f7:50:0a:
         c8:e8:c8:7f:36:df:ea:d6:5b:c3:84:ad:71:f4:ca:f4:8a:3f:
         20:4b:a5:0c:d5:05:55:f4:85:7f:0a:e4:39:74:4d:bd:7a:bd:
         6c:8e:29:e3:6e:aa:f3:6a:5f:6d:80:e7:00:20:a6:89:aa:6f:
         29:01:ac:d7:51:5f:1a:85:57:42:60:69:79:27:37:5c:42:97:
         0d:a1:98:97
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZa1Sglxyhip7kWGiaqYklwPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZjQxYWUwNzc5ZTM3ZGVmYzY5YjJhNWIwZjdhYjhmZDQw
Y2QzZTcwHhcNMjUwNTA5MTM0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmNmZTkwZWQwMjMyYmRiNWJkNWVlNjFlZGIyZTg0MTY2ZjIxZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45XnNVwb4SN7CIlLctwReuBvdjgH
NGgutNEvVVVVmsLNVuuNrUFy8k65DG/1nwjqh6C8tLevK+rZ5saxtUq640ww3eCm
6XuPgECZ4PI+h4CaLcm96pk4+mLqNiQ3iYG+M3v3q3nr8l6KadONVPx1rWD3x1+E
AWwPh5rCGd3QSyVpG/NIAMRa5sLRu+ED+Jtm8/0GyiCyR6N676xnHnK/wcR+QR8v
rb6kI9Mw39r9aSpb2Luuaga55VEbXviT1wvxIA7xiQdSkuO9c4HC+b3Fs1Ml44vh
enjDQ5rUzVUmLk6FU4+twbAGvAw0s5G+rFhGT/yBc4cFBZ+TWDClYudFqwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDLP6Q7QIyvbW9XuYe2y6EFm8h7PMB8GA1UdIwQY
MBaAFIf0GuB3njfe/GmypbD3q4/UDNPnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYt
YzQzYWIyYTEyZDU1LzEvTXNfcER0QWpLOXRiMWU1aDdiTG9RV2J5SHM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYtYzQzYWIyYTEyZDU1
LzEvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAWb4GAwQC
uZdMMA0EAgACMAcDBQAqA3wDMA0GCSqGSIb3DQEBCwUAA4IBAQBku0rvqIfqHd4P
8pTXKz/DSsw2h9aObDnRhewqpw28u9PgIz8VP9VMDZPlr9HUmdMMtDwFJRSCWhN7
ZGDBojLGYq2KVkNKhVcZcBSRtSv8RFnDqfZgKBfBYlK6jC1DRN5besmCnsjfg/fC
PMRcXbCx+QpJUl7uJzQ44DfXbLsp0Ew+8tSd+Ur8WEYQA0h55DwRZVl4STlS16Rr
iV29jkekUXLtHK7QzpKzIhmB2z+Dd633UArI6Mh/Nt/q1lvDhK1x9Mr0ij8gS6UM
1QVV9IV/CuQ5dE29er1sjinjbqrzal9tgOcAIKaJqm8pAazXUV8ahVdCYGl5Jzdc
QpcNoZiX
-----END CERTIFICATE-----