Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/kqgGhTxJAHOFMUNL3EFp83GA7Xo.roa
File:                     kqgGhTxJAHOFMUNL3EFp83GA7Xo.roa (raw, json)
Hash identifier:          YbWtoAqUQYcbJzxbPZ7TL2mv+/kqmj3HAGafEmcOApM=
Subject key identifier:   92:A8:06:85:3C:49:00:73:85:31:43:4B:DC:41:69:F3:71:80:ED:7A
Certificate issuer:       /CN=f0a9005423147453909366c6b4d09c31958acc1c
Certificate serial:       019915133550B3281C215E87758A92DBC644
Authority key identifier: F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/kqgGhTxJAHOFMUNL3EFp83GA7Xo.roa
Signing time:             Thu 04 Sep 2025 14:13:24 +0000
ROA not before:           Thu 04 Sep 2025 14:13:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57353
IP address blocks:        89.58.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 02:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:13:35:50:b3:28:1c:21:5e:87:75:8a:92:db:c6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0a9005423147453909366c6b4d09c31958acc1c
        Validity
            Not Before: Sep  4 14:13:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92a806853c4900738531434bdc4169f37180ed7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e8:52:04:a6:f9:9e:91:5a:1f:2a:8d:11:5d:
                    dd:7c:e5:93:3b:31:ed:27:72:8b:ba:58:84:59:a1:
                    18:7a:2a:72:56:77:18:03:d0:1c:38:f4:a7:60:fd:
                    11:cf:aa:ab:43:e8:cb:ee:23:96:53:ce:c2:81:e8:
                    75:67:06:1f:a3:79:e9:29:84:1a:33:f1:d9:20:1d:
                    9e:72:a4:49:b4:9f:55:55:8c:c5:bf:fc:73:a0:af:
                    0c:3c:f3:fd:f0:10:df:2e:32:b3:9e:4d:83:8d:4e:
                    e7:6b:05:77:4d:5c:34:a7:70:23:10:36:3d:be:8a:
                    f7:9b:2e:49:0e:e0:7b:83:3a:c3:87:da:5f:a1:27:
                    ff:a7:1f:63:fa:3e:85:1c:69:00:6c:45:ab:33:9e:
                    09:b9:94:23:44:4d:1e:af:9d:19:71:f6:3e:18:aa:
                    54:25:8d:2f:71:11:ff:d7:c4:4f:c0:f9:86:8f:b8:
                    e3:79:ad:d5:54:a4:6f:94:09:f4:e9:f8:56:e8:11:
                    2d:94:08:0e:32:0d:8e:4d:36:a5:bf:7c:2b:f3:4d:
                    ad:4e:57:a3:c2:3d:2d:7c:e9:38:58:03:d4:17:7e:
                    dd:5b:6c:60:80:0d:96:83:34:8e:49:2a:36:d9:e9:
                    e8:9b:8c:dc:b7:f5:99:b6:2a:ff:96:70:5d:fe:d8:
                    90:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A8:06:85:3C:49:00:73:85:31:43:4B:DC:41:69:F3:71:80:ED:7A
            X509v3 Authority Key Identifier:
                keyid:F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/kqgGhTxJAHOFMUNL3EFp83GA7Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         72:46:f2:e7:2e:89:4d:89:2b:18:18:1a:f1:dc:d6:45:5c:e3:
         33:37:e9:c9:b7:8c:09:5e:ca:76:0e:9c:90:d1:f0:1c:f7:48:
         d9:db:82:5d:56:2f:22:0c:0e:60:18:d9:0a:93:60:bc:cf:fc:
         13:b0:5f:ac:3b:bf:03:fc:da:02:dc:8a:81:f7:99:18:02:3a:
         3e:82:13:33:0b:f9:0d:81:f3:ca:c5:8c:3f:80:af:f4:16:4c:
         65:06:a0:a8:76:a3:43:44:ba:94:4c:19:17:29:5b:bb:a9:f7:
         62:01:e1:dc:56:c2:0e:00:35:22:5d:a2:cd:c0:e9:3e:8b:cb:
         21:2f:d9:c6:35:1d:0a:1f:83:3e:e6:c8:30:83:4e:78:7e:9f:
         a6:28:a8:a6:00:b6:72:bb:65:b5:46:d6:5e:9a:ee:29:8a:9b:
         ac:d4:29:a2:a4:fa:1f:fc:bb:d4:57:6e:42:56:67:26:01:c3:
         f4:d7:07:a1:cc:4b:cd:98:49:7a:c4:40:bc:1d:87:1c:56:b1:
         3e:c2:7a:e0:9c:01:5f:f4:eb:7e:9f:2e:82:db:ff:14:f9:16:
         79:45:79:cb:c5:1a:2c:4d:dc:cd:11:8e:36:1c:44:8c:42:a7:
         ca:f9:48:b1:5b:3a:c9:0f:e9:ca:e0:47:cf:65:72:7d:88:d4:
         4b:c3:e8:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVEzVQsygcIV6HdYqS28ZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYTkwMDU0MjMxNDc0NTM5MDkzNjZjNmI0ZDA5YzMxOTU4
YWNjMWMwHhcNMjUwOTA0MTQxMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmE4MDY4NTNjNDkwMDczODUzMTQzNGJkYzQxNjlmMzcxODBlZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+hSBKb5npFaHyqNEV3dfOWTOzHt
J3KLuliEWaEYeipyVncYA9AcOPSnYP0Rz6qrQ+jL7iOWU87Cgeh1ZwYfo3npKYQa
M/HZIB2ecqRJtJ9VVYzFv/xzoK8MPPP98BDfLjKznk2DjU7nawV3TVw0p3AjEDY9
vor3my5JDuB7gzrDh9pfoSf/px9j+j6FHGkAbEWrM54JuZQjRE0er50ZcfY+GKpU
JY0vcRH/18RPwPmGj7jjea3VVKRvlAn06fhW6BEtlAgOMg2OTTalv3wr802tTlej
wj0tfOk4WAPUF37dW2xggA2WgzSOSSo22enom4zct/WZtir/lnBd/tiQHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKoBoU8SQBzhTFDS9xBafNxgO16MB8GA1UdIwQY
MBaAFPCpAFQjFHRTkJNmxrTQnDGViswcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMt
MzBkNzlmOWFhODc3LzEva3FnR2hUeEpBSE9GTVVOTDNFRnA4M0dBN1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMtMzBkNzlmOWFhODc3
LzEvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWTrAMA0G
CSqGSIb3DQEBCwUAA4IBAQByRvLnLolNiSsYGBrx3NZFXOMzN+nJt4wJXsp2DpyQ
0fAc90jZ24JdVi8iDA5gGNkKk2C8z/wTsF+sO78D/NoC3IqB95kYAjo+ghMzC/kN
gfPKxYw/gK/0FkxlBqCodqNDRLqUTBkXKVu7qfdiAeHcVsIOADUiXaLNwOk+i8sh
L9nGNR0KH4M+5sgwg054fp+mKKimALZyu2W1RtZemu4pipus1CmipPof/LvUV25C
VmcmAcP01wehzEvNmEl6xEC8HYccVrE+wnrgnAFf9Ot+ny6C2/8U+RZ5RXnLxRos
TdzNEY42HESMQqfK+UixWzrJD+nK4EfPZXJ9iNRLw+hP
-----END CERTIFICATE-----