Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/bzMU3U8Vjv7x0YDL2w7FIzqr-uU.roa
File:                     bzMU3U8Vjv7x0YDL2w7FIzqr-uU.roa (raw, json)
Hash identifier:          ncn1irLHozlVd4FDEOfjNM84g9Igow5OA6qCLZwUc4M=
Subject key identifier:   6F:33:14:DD:4F:15:8E:FE:F1:D1:80:CB:DB:0E:C5:23:3A:AB:FA:E5
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019A05A1D4D1BC5C996CDAC6B6DC579964E0
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/bzMU3U8Vjv7x0YDL2w7FIzqr-uU.roa
Signing time:             Tue 21 Oct 2025 07:18:03 +0000
ROA not before:           Tue 21 Oct 2025 07:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34538
IP address blocks:        89.33.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:a1:d4:d1:bc:5c:99:6c:da:c6:b6:dc:57:99:64:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Oct 21 07:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f3314dd4f158efef1d180cbdb0ec5233aabfae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:09:f3:88:3f:13:ac:2a:d1:4d:94:b2:e8:c7:
                    7e:ed:b0:f6:4c:df:3d:b6:ba:3a:33:f0:d2:ad:95:
                    ba:53:3f:d0:27:cb:9e:38:f2:8e:fb:d6:ee:25:29:
                    66:1f:78:46:4a:f1:64:a3:85:90:34:93:dc:91:10:
                    52:44:b9:e2:50:9c:49:df:7d:88:f5:90:9e:ed:8c:
                    bc:34:b9:d5:e5:7e:3a:48:0a:12:35:ca:55:5b:89:
                    b5:22:15:17:7c:9d:e1:8f:32:b7:b6:06:f6:04:4e:
                    fd:78:10:84:83:87:4e:f7:ff:e2:a0:1b:dd:ae:c0:
                    c2:33:83:b9:1b:69:4e:20:c4:62:e8:80:37:4b:7f:
                    f9:f1:c1:97:a5:8f:24:ef:fc:58:1c:72:b2:35:7a:
                    2b:0b:72:5a:23:8f:4e:bb:da:80:56:d1:ca:e1:60:
                    e9:db:fe:b0:2a:b3:79:d9:19:19:c9:c3:c4:46:5e:
                    1b:fc:5b:0e:31:78:a0:ef:98:ce:98:7b:61:a2:98:
                    30:24:e8:77:c5:bf:e7:00:0e:90:56:f5:bd:6c:24:
                    e5:fb:5a:eb:21:50:92:85:f5:de:8f:f2:de:5f:16:
                    53:a8:f3:3e:b9:ca:2e:20:df:52:3f:cc:62:1e:43:
                    70:b8:57:66:a1:23:3e:c7:7a:28:f7:bc:fe:3c:bc:
                    0c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:33:14:DD:4F:15:8E:FE:F1:D1:80:CB:DB:0E:C5:23:3A:AB:FA:E5
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/bzMU3U8Vjv7x0YDL2w7FIzqr-uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:88:8b:87:7e:f6:a0:cb:76:42:63:79:eb:b6:24:f8:34:71:
         5b:6c:bf:13:50:9c:58:83:6c:c9:df:8a:11:ff:19:9f:25:6f:
         c6:3f:a4:11:df:88:de:d6:03:ed:2a:49:89:94:58:31:c3:6b:
         8e:b2:09:ce:43:1d:f9:22:73:30:be:87:bc:26:6b:86:f2:9c:
         93:ea:07:bd:9c:5c:d0:2c:42:4d:56:96:92:f4:f1:2a:91:be:
         be:a0:82:5b:ff:25:fb:23:e6:0c:39:b3:4d:62:51:2b:8e:98:
         cf:9b:86:8d:c3:65:ee:9c:bf:96:d5:9b:eb:61:75:04:69:7c:
         f3:e5:60:5e:45:dc:cd:43:c9:da:44:17:46:a2:62:89:e7:1b:
         80:6d:ab:4a:5c:cf:a7:a2:33:0f:ba:d6:d6:8b:45:4f:ba:77:
         12:48:95:8c:0e:fa:4f:9d:97:9b:f5:8d:c3:07:f2:73:ee:d5:
         cc:4e:66:ec:28:5b:96:7b:6b:12:48:12:9a:cc:e3:db:fe:58:
         72:2b:1f:18:0f:92:ec:3e:41:fe:b3:a4:7d:46:dc:f8:05:c1:
         e0:51:20:9f:75:23:1b:e0:91:71:19:4b:8b:b4:98:12:4e:ae:
         6a:70:15:e3:7c:92:40:09:8c:fc:cd:6f:67:ea:e8:7e:3a:16:
         69:10:7f:64
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZoFodTRvFyZbNrGttxXmWTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUxMDIxMDcxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjMzMTRkZDRmMTU4ZWZlZjFkMTgwY2JkYjBlYzUyMzNhYWJmYWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgnziD8TrCrRTZSy6Md+7bD2TN89
tro6M/DSrZW6Uz/QJ8ueOPKO+9buJSlmH3hGSvFko4WQNJPckRBSRLniUJxJ332I
9ZCe7Yy8NLnV5X46SAoSNcpVW4m1IhUXfJ3hjzK3tgb2BE79eBCEg4dO9//ioBvd
rsDCM4O5G2lOIMRi6IA3S3/58cGXpY8k7/xYHHKyNXorC3JaI49Ou9qAVtHK4WDp
2/6wKrN52RkZycPERl4b/FsOMXig75jOmHthopgwJOh3xb/nAA6QVvW9bCTl+1rr
IVCShfXej/LeXxZTqPM+ucouIN9SP8xiHkNwuFdmoSM+x3oo97z+PLwM/wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG8zFN1PFY7+8dGAy9sOxSM6q/rlMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2J6TVUzVThWanY3eDBZREwydzdGSXpxci11VS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZIQQw
DQYJKoZIhvcNAQELBQADggEBAGqIi4d+9qDLdkJjeeu2JPg0cVtsvxNQnFiDbMnf
ihH/GZ8lb8Y/pBHfiN7WA+0qSYmUWDHDa46yCc5DHfkiczC+h7wma4bynJPqB72c
XNAsQk1WlpL08SqRvr6gglv/Jfsj5gw5s01iUSuOmM+bho3DZe6cv5bVm+thdQRp
fPPlYF5F3M1DydpEF0aiYonnG4Btq0pcz6eiMw+61taLRU+6dxJIlYwO+k+dl5v1
jcMH8nPu1cxOZuwoW5Z7axJIEprM49v+WHIrHxgPkuw+Qf6zpH1G3PgFweBRIJ91
IxvgkXEZS4u0mBJOrmpwFeN8kkAJjPzNb2fq6H46FmkQf2Q=
-----END CERTIFICATE-----