Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/6CBdZpFqQHLueJb6CKqTG45G2Do.roa
File:                     6CBdZpFqQHLueJb6CKqTG45G2Do.roa (raw, json)
Hash identifier:          dj4EPskWd6dodaTyYk3j6mPnQBbAzXVtWQf8sMH8W0g=
Subject key identifier:   E8:20:5D:66:91:6A:40:72:EE:78:96:FA:08:AA:93:1B:8E:46:D8:3A
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       01974C7EA646608C3C2CD954469F60117CDA
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/6CBdZpFqQHLueJb6CKqTG45G2Do.roa
Signing time:             Sat 07 Jun 2025 22:24:17 +0000
ROA not before:           Sat 07 Jun 2025 22:24:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.187.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4c:7e:a6:46:60:8c:3c:2c:d9:54:46:9f:60:11:7c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jun  7 22:24:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8205d66916a4072ee7896fa08aa931b8e46d83a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:0d:0a:80:2d:66:6f:a5:cc:86:d5:96:d8:20:
                    f3:b0:7f:77:d1:6a:fa:1d:8c:3b:e6:7b:5f:c6:46:
                    65:01:3a:d0:36:4d:46:1c:73:aa:73:0b:65:2e:64:
                    a5:33:6f:39:5c:4c:2c:68:81:3a:6f:7a:e6:33:3e:
                    b4:9d:11:78:5b:01:d6:ac:ff:19:69:52:9f:a0:80:
                    95:ec:9f:14:9f:31:35:6e:c4:4a:9e:10:b7:2a:a4:
                    f4:44:bc:e4:73:ec:82:47:f8:5d:19:82:c8:e7:f2:
                    02:ea:3d:04:41:ce:3c:50:25:66:47:2a:49:cb:47:
                    d4:f7:5b:b4:22:4d:70:9d:66:78:17:1e:c1:8c:c6:
                    74:74:de:27:31:c8:58:62:25:cf:64:00:77:3c:27:
                    f7:a1:d9:27:d0:01:5c:85:2a:43:dd:c7:ce:fb:2a:
                    9b:92:de:c6:62:3e:42:4e:f2:30:33:dc:ec:8d:64:
                    e4:95:93:71:52:c0:d4:50:f1:50:9d:50:77:45:0e:
                    97:f6:7d:d0:f9:71:78:e2:66:17:77:59:9f:08:f4:
                    c7:fc:cc:40:df:1a:d9:f4:46:93:2a:b0:32:94:39:
                    f4:f9:34:14:ef:4b:35:52:59:9b:81:94:e2:f6:49:
                    f3:2c:da:19:4d:99:c7:59:44:0c:e5:06:48:7d:aa:
                    76:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:20:5D:66:91:6A:40:72:EE:78:96:FA:08:AA:93:1B:8E:46:D8:3A
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/6CBdZpFqQHLueJb6CKqTG45G2Do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:9d:23:03:60:8a:9c:4d:32:e7:aa:4d:3c:55:ea:89:62:9e:
         18:57:72:9c:01:d7:61:c4:c1:68:a8:8d:90:ef:4e:41:29:01:
         9a:c8:97:bd:06:f0:01:eb:70:82:6d:41:6a:d1:fb:81:48:99:
         54:cf:f4:68:f4:3d:1f:ed:e9:32:3f:72:2c:d5:4a:62:a5:d7:
         dd:83:2d:3c:ae:5c:3c:07:6f:6f:46:fc:54:b0:6e:77:c6:0d:
         16:8a:0b:83:f7:48:96:3b:f8:e7:b3:fd:80:da:50:32:c6:69:
         33:7d:7a:09:19:63:25:ef:e0:d2:9a:e1:08:9c:d1:9a:2b:61:
         06:b0:9a:43:b3:e1:9c:53:a0:23:80:3b:da:43:ef:6c:f2:ea:
         ba:01:b3:be:3a:cf:7c:36:db:1d:cf:ef:b0:c6:75:a9:e3:7c:
         ac:1d:c3:14:e6:84:ac:16:bc:6e:5c:54:b0:06:89:a3:21:fe:
         1d:f5:42:a3:01:47:38:99:62:a3:ad:f5:dc:7d:b3:89:c2:c0:
         fa:af:cf:68:73:9f:af:a7:ef:ae:8a:b9:c9:20:6d:6d:26:5a:
         10:ed:0c:4a:5c:c1:0f:39:d0:9f:0b:eb:0f:a1:6f:bf:ef:2a:
         16:ce:30:98:d0:b6:db:68:4b:1a:86:6d:22:62:c2:30:db:5a:
         e9:9c:36:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdMfqZGYIw8LNlURp9gEXzaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwNjA3MjIyNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODIwNWQ2NjkxNmE0MDcyZWU3ODk2ZmEwOGFhOTMxYjhlNDZkODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6g0KgC1mb6XMhtWW2CDzsH930Wr6
HYw75ntfxkZlATrQNk1GHHOqcwtlLmSlM285XEwsaIE6b3rmMz60nRF4WwHWrP8Z
aVKfoICV7J8UnzE1bsRKnhC3KqT0RLzkc+yCR/hdGYLI5/IC6j0EQc48UCVmRypJ
y0fU91u0Ik1wnWZ4Fx7BjMZ0dN4nMchYYiXPZAB3PCf3odkn0AFchSpD3cfO+yqb
kt7GYj5CTvIwM9zsjWTklZNxUsDUUPFQnVB3RQ6X9n3Q+XF44mYXd1mfCPTH/MxA
3xrZ9EaTKrAylDn0+TQU70s1UlmbgZTi9knzLNoZTZnHWUQM5QZIfap25QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOggXWaRakBy7niW+giqkxuORtg6MB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvNkNCZFpwRnFRSEx1ZUpiNkNLcVRHNDVHMkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsQMA0G
CSqGSIb3DQEBCwUAA4IBAQCDnSMDYIqcTTLnqk08VeqJYp4YV3KcAddhxMFoqI2Q
705BKQGayJe9BvAB63CCbUFq0fuBSJlUz/Ro9D0f7ekyP3Is1Upipdfdgy08rlw8
B29vRvxUsG53xg0WiguD90iWO/jns/2A2lAyxmkzfXoJGWMl7+DSmuEInNGaK2EG
sJpDs+GcU6AjgDvaQ+9s8uq6AbO+Os98Ntsdz++wxnWp43ysHcMU5oSsFrxuXFSw
BomjIf4d9UKjAUc4mWKjrfXcfbOJwsD6r89oc5+vp++uirnJIG1tJloQ7QxKXMEP
OdCfC+sPoW+/7yoWzjCY0LbbaEsahm0iYsIw21rpnDbC
-----END CERTIFICATE-----