Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rPciKNxouTUmkCLDkFKKyn388Cc.roa
File:                     rPciKNxouTUmkCLDkFKKyn388Cc.roa (raw, json)
Hash identifier:          zI+gdKXH7CP5oPaL5HXMew7Kewt2hB10+HNYNloE0UY=
Subject key identifier:   AC:F7:22:28:DC:68:B9:35:26:90:22:C3:90:52:8A:CA:7D:FC:F0:27
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       01973744144BB1F72A7E3339D9A927B1CB8C
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rPciKNxouTUmkCLDkFKKyn388Cc.roa
Signing time:             Tue 03 Jun 2025 19:28:17 +0000
ROA not before:           Tue 03 Jun 2025 19:28:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        89.187.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:44:14:4b:b1:f7:2a:7e:33:39:d9:a9:27:b1:cb:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jun  3 19:28:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acf72228dc68b935269022c390528aca7dfcf027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e1:59:af:14:70:70:b7:26:77:9d:87:45:92:
                    ea:fc:c3:f2:5c:4e:21:0e:ce:8f:ee:ef:9a:b4:53:
                    37:87:2c:95:15:b7:cf:43:7e:1f:9d:35:af:93:5b:
                    54:63:bf:fd:5c:87:95:ff:65:32:a2:e2:39:34:9d:
                    68:ed:61:8c:de:14:36:2a:17:fe:c8:58:b5:3e:a6:
                    6e:03:52:a9:c5:87:64:26:02:1f:91:6e:37:e8:37:
                    17:79:8c:27:d9:67:47:a9:73:85:1d:03:b3:e5:2a:
                    3e:aa:cc:0b:a3:23:6b:68:1a:1b:95:ed:95:fb:ef:
                    dc:6a:57:6e:52:d5:57:66:a1:0b:55:8c:9c:98:97:
                    07:1f:8c:86:49:b0:94:1b:b7:a6:b3:d9:e9:0c:85:
                    8a:b5:5a:c1:8b:21:78:30:8d:cb:9d:b1:76:82:9f:
                    c0:e4:9a:92:2e:cd:18:91:f5:2d:9e:49:81:77:73:
                    f9:00:26:4b:a4:8e:1f:92:04:e1:f5:8a:86:0f:8e:
                    0c:3f:9d:2a:c4:db:71:7e:4a:38:f5:59:48:a6:ef:
                    09:7d:e5:a7:58:2e:06:91:96:f8:8d:f0:6e:b9:02:
                    29:16:92:4f:84:b8:25:c8:b7:98:c9:0e:71:b7:c5:
                    30:7a:1a:77:2b:91:d0:97:5c:a3:78:72:46:a5:30:
                    4f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F7:22:28:DC:68:B9:35:26:90:22:C3:90:52:8A:CA:7D:FC:F0:27
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rPciKNxouTUmkCLDkFKKyn388Cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:4c:b7:c3:d0:f5:2a:b9:7c:91:0a:82:13:5a:c4:fb:4f:ea:
         ef:4d:86:55:99:9a:88:99:83:f9:ab:60:69:57:c0:74:82:a9:
         b5:19:d7:d2:e5:a8:55:c5:75:94:3c:68:07:ee:e6:92:0b:5a:
         9c:ad:0c:bf:36:a9:7e:da:e4:41:86:6d:b8:2d:3c:67:a3:09:
         de:20:d4:2b:b6:be:2c:97:03:f4:59:bd:85:78:2b:65:a4:fb:
         17:ff:b2:de:13:dc:2a:83:6d:80:91:46:dd:e3:06:68:66:e6:
         ad:ec:45:53:12:a1:2e:fd:da:c9:cb:ed:09:de:91:60:ab:11:
         a0:da:b2:4d:f5:db:78:c6:03:cd:cc:de:55:04:33:69:e4:5b:
         25:12:af:aa:b5:66:f5:59:74:a4:4f:b7:8b:24:51:65:70:fe:
         0d:af:a8:2e:5a:87:c4:e7:70:ca:fb:04:9c:6e:c4:da:b0:33:
         c8:8e:f7:8a:d0:60:d7:bc:cb:e9:e1:5c:04:39:b7:1f:95:d9:
         ec:4e:5f:34:13:a9:d6:4c:74:57:3a:3a:8f:8f:df:f5:ce:8a:
         f4:f4:d6:df:1e:4d:2c:86:d6:51:bb:45:21:20:bd:1d:8f:26:
         9e:76:0a:8a:24:dd:34:5e:b0:bb:be:a9:d0:ce:66:c7:09:d0:
         25:a4:8e:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc3RBRLsfcqfjM52aknscuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwNjAzMTkyODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Y3MjIyOGRjNjhiOTM1MjY5MDIyYzM5MDUyOGFjYTdkZmNmMDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+FZrxRwcLcmd52HRZLq/MPyXE4h
Ds6P7u+atFM3hyyVFbfPQ34fnTWvk1tUY7/9XIeV/2UyouI5NJ1o7WGM3hQ2Khf+
yFi1PqZuA1KpxYdkJgIfkW436DcXeYwn2WdHqXOFHQOz5So+qswLoyNraBoble2V
++/calduUtVXZqELVYycmJcHH4yGSbCUG7ems9npDIWKtVrBiyF4MI3LnbF2gp/A
5JqSLs0YkfUtnkmBd3P5ACZLpI4fkgTh9YqGD44MP50qxNtxfko49VlIpu8JfeWn
WC4GkZb4jfBuuQIpFpJPhLglyLeYyQ5xt8Uwehp3K5HQl1yjeHJGpTBPuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKz3IijcaLk1JpAiw5BSisp9/PAnMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvclBjaUtOeG91VFVta0NMRGtGS0t5bjM4OENjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsUMA0G
CSqGSIb3DQEBCwUAA4IBAQB6TLfD0PUquXyRCoITWsT7T+rvTYZVmZqImYP5q2Bp
V8B0gqm1GdfS5ahVxXWUPGgH7uaSC1qcrQy/Nql+2uRBhm24LTxnowneINQrtr4s
lwP0Wb2FeCtlpPsX/7LeE9wqg22AkUbd4wZoZuat7EVTEqEu/drJy+0J3pFgqxGg
2rJN9dt4xgPNzN5VBDNp5FslEq+qtWb1WXSkT7eLJFFlcP4Nr6guWofE53DK+wSc
bsTasDPIjveK0GDXvMvp4VwEObcfldnsTl80E6nWTHRXOjqPj9/1zor09NbfHk0s
htZRu0UhIL0djyaedgqKJN00XrC7vqnQzmbHCdAlpI4D
-----END CERTIFICATE-----