Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/pcJQ8KZexRsM2Lmfadrof4KEzN0.roa
File:                     pcJQ8KZexRsM2Lmfadrof4KEzN0.roa (raw, json)
Hash identifier:          rP6UGwcNssAYWIlOlcrJd0oGZt8l2O7dJWd5vpNS7QM=
Subject key identifier:   A5:C2:50:F0:A6:5E:C5:1B:0C:D8:B9:9F:69:DA:E8:7F:82:84:CC:DD
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       0195A93FDD139165CFA37B0A31D5B79C8D82
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/pcJQ8KZexRsM2Lmfadrof4KEzN0.roa
Signing time:             Tue 18 Mar 2025 12:34:49 +0000
ROA not before:           Tue 18 Mar 2025 12:34:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6762
IP address blocks:        89.222.80.0/23 maxlen: 24
                          89.222.82.0/23 maxlen: 24
                          89.222.84.0/23 maxlen: 24
                          89.222.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a9:3f:dd:13:91:65:cf:a3:7b:0a:31:d5:b7:9c:8d:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: Mar 18 12:34:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5c250f0a65ec51b0cd8b99f69dae87f8284ccdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2d:af:56:46:dd:fd:ed:4a:06:d1:e0:97:77:
                    4d:0d:fe:ee:37:ab:5c:7b:99:aa:42:73:1b:77:05:
                    18:31:f0:46:19:5a:6c:95:6d:8a:24:ed:69:69:ea:
                    52:98:7f:30:fc:73:de:3e:14:73:6a:53:b1:40:11:
                    2d:93:29:01:c5:e1:08:1b:04:a4:77:03:c3:13:61:
                    2d:3d:81:6b:cf:01:ad:2e:17:84:14:e7:65:e7:9c:
                    5e:11:01:db:bf:1e:8f:11:1b:19:d5:df:89:c8:1b:
                    f4:28:05:65:c6:24:77:6e:83:db:8b:c7:51:29:43:
                    44:93:54:52:92:f9:73:c4:cd:f8:60:c7:6a:b4:97:
                    14:fa:95:0e:d7:11:fc:aa:a5:be:4b:27:70:b7:3e:
                    65:b1:e4:fd:c0:94:f4:de:f0:54:da:21:94:c5:df:
                    35:49:a6:b3:cc:64:f9:b2:9d:58:85:cd:76:18:a3:
                    fb:91:98:12:9f:59:0b:f0:67:24:3b:a3:d8:af:b5:
                    4e:9c:5d:2b:fc:f9:df:41:5a:88:d7:1f:90:c0:b2:
                    91:fb:4f:f3:1f:38:ec:5c:b9:11:9c:96:ac:d5:3b:
                    30:44:92:f3:7b:1c:2a:ec:b6:6f:53:12:8d:fc:17:
                    07:7d:9b:76:48:38:72:3b:08:60:bb:42:59:18:95:
                    46:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:C2:50:F0:A6:5E:C5:1B:0C:D8:B9:9F:69:DA:E8:7F:82:84:CC:DD
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/pcJQ8KZexRsM2Lmfadrof4KEzN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.222.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c8:b2:5f:0c:2c:08:ac:0f:eb:96:4f:bc:d6:81:02:5d:28:67:
         3b:43:33:7e:ca:55:d7:a9:f3:8d:52:02:9c:07:54:07:0b:fe:
         97:c1:2f:03:34:e2:4d:ec:61:db:40:ea:91:c7:2f:34:1a:5d:
         55:52:93:95:2a:7b:d7:4e:90:8e:b6:32:48:e3:86:7a:e6:65:
         57:80:8a:bf:fa:fe:25:5e:af:93:95:c6:4e:82:52:9f:fd:ed:
         90:85:b0:53:3b:62:ee:df:6c:de:90:53:2e:a8:16:17:7d:b0:
         34:70:3a:31:52:24:fb:ee:f1:ce:e0:11:45:b4:ca:05:13:ce:
         f6:b6:79:5f:d8:f1:5b:a1:3a:80:e4:bc:eb:95:91:1d:c0:eb:
         4a:36:00:ac:d3:6a:ea:bb:b0:4c:15:0f:a4:93:34:22:3e:47:
         f2:d4:c6:ca:b8:2f:03:8f:7d:48:fe:50:a8:dc:47:86:3b:d2:
         7c:c9:43:1e:d6:45:4e:02:48:34:18:21:2b:ba:fd:1b:d7:0d:
         7b:b4:44:5a:4e:04:78:88:f8:0e:12:00:69:fc:b5:eb:bb:38:
         25:c5:c9:6f:38:53:61:a0:f6:f0:39:65:97:6a:35:41:1e:9d:
         43:79:b5:21:97:67:13:e0:00:8a:e4:94:a0:39:99:37:10:de:
         1b:23:98:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWpP90TkWXPo3sKMdW3nI2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjUwMzE4MTIzNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWMyNTBmMGE2NWVjNTFiMGNkOGI5OWY2OWRhZTg3ZjgyODRjY2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtS2vVkbd/e1KBtHgl3dNDf7uN6tc
e5mqQnMbdwUYMfBGGVpslW2KJO1paepSmH8w/HPePhRzalOxQBEtkykBxeEIGwSk
dwPDE2EtPYFrzwGtLheEFOdl55xeEQHbvx6PERsZ1d+JyBv0KAVlxiR3boPbi8dR
KUNEk1RSkvlzxM34YMdqtJcU+pUO1xH8qqW+Sydwtz5lseT9wJT03vBU2iGUxd81
SaazzGT5sp1Yhc12GKP7kZgSn1kL8GckO6PYr7VOnF0r/PnfQVqI1x+QwLKR+0/z
HzjsXLkRnJas1TswRJLzexwq7LZvUxKN/BcHfZt2SDhyOwhgu0JZGJVGWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXCUPCmXsUbDNi5n2na6H+ChMzdMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvcGNKUThLWmV4UnNNMkxtZmFkcm9mNEtFek4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWd5QMA0G
CSqGSIb3DQEBCwUAA4IBAQDIsl8MLAisD+uWT7zWgQJdKGc7QzN+ylXXqfONUgKc
B1QHC/6XwS8DNOJN7GHbQOqRxy80Gl1VUpOVKnvXTpCOtjJI44Z65mVXgIq/+v4l
Xq+TlcZOglKf/e2QhbBTO2Lu32zekFMuqBYXfbA0cDoxUiT77vHO4BFFtMoFE872
tnlf2PFboTqA5LzrlZEdwOtKNgCs02rqu7BMFQ+kkzQiPkfy1MbKuC8Dj31I/lCo
3EeGO9J8yUMe1kVOAkg0GCEruv0b1w17tERaTgR4iPgOEgBp/LXruzglxclvOFNh
oPbwOWWXajVBHp1DebUhl2cT4ACK5JSgOZk3EN4bI5hS
-----END CERTIFICATE-----