Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/b172b7-6ae5-46e1-b0c0-0065e4a890b4/1/Il8CSveHvqeNn_p3vs8bpbLd6io.roa
File:                     Il8CSveHvqeNn_p3vs8bpbLd6io.roa (raw, json)
Hash identifier:          uiHORBlA13Y/5lqKteAG7JddRpbP5NcKY0DSl6kuJ/A=
Subject key identifier:   22:5F:02:4A:F7:87:BE:A7:8D:9F:FA:77:BE:CF:1B:A5:B2:DD:EA:2A
Certificate issuer:       /CN=adca6e54acd026cefa362b4227b89081c0a50049
Certificate serial:       0198F945298BBBA7A7D897A78C880A9DA0A0
Authority key identifier: AD:CA:6E:54:AC:D0:26:CE:FA:36:2B:42:27:B8:90:81:C0:A5:00:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rcpuVKzQJs76NitCJ7iQgcClAEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/b172b7-6ae5-46e1-b0c0-0065e4a890b4/1/Il8CSveHvqeNn_p3vs8bpbLd6io.roa
Signing time:             Sat 30 Aug 2025 04:38:36 +0000
ROA not before:           Sat 30 Aug 2025 04:38:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214270
IP address blocks:        89.33.128.0/24 maxlen: 24
                          185.103.201.0/24 maxlen: 24
                          2a01:fb80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/b172b7-6ae5-46e1-b0c0-0065e4a890b4/1/rcpuVKzQJs76NitCJ7iQgcClAEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/b172b7-6ae5-46e1-b0c0-0065e4a890b4/1/rcpuVKzQJs76NitCJ7iQgcClAEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rcpuVKzQJs76NitCJ7iQgcClAEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f9:45:29:8b:bb:a7:a7:d8:97:a7:8c:88:0a:9d:a0:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adca6e54acd026cefa362b4227b89081c0a50049
        Validity
            Not Before: Aug 30 04:38:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=225f024af787bea78d9ffa77becf1ba5b2ddea2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:20:37:de:94:3d:a2:9b:92:82:ff:62:32:96:
                    c8:17:24:e7:3b:b6:91:e7:77:5f:41:f7:a1:ff:ca:
                    55:ce:3a:ff:c4:1f:31:f1:19:41:9e:84:30:5e:0c:
                    87:68:6d:44:29:db:eb:93:dc:93:d3:4c:d1:1c:3e:
                    0c:f3:c4:53:73:1f:35:56:15:5b:f5:47:de:7e:84:
                    ea:e6:81:ff:6a:88:d4:16:e2:5d:99:b6:6d:c4:f9:
                    fd:11:d7:d3:df:f4:97:4a:b1:c5:6d:e6:90:17:5d:
                    cf:3a:f1:e3:f7:d3:fe:51:09:67:67:be:e7:f6:70:
                    37:ea:34:00:08:b4:4c:c4:78:28:98:41:9f:e4:3a:
                    be:a5:44:ff:ca:1b:48:50:94:8c:a5:c2:7c:7d:85:
                    4e:24:7c:57:c1:29:eb:72:50:5e:71:cf:f1:8b:93:
                    ce:cf:93:d2:9a:35:ff:53:ab:6d:70:77:59:06:5a:
                    b2:22:6e:34:14:f3:67:97:f3:bb:41:9c:95:5e:49:
                    82:31:e5:24:54:cb:8b:7e:b8:46:a4:22:1a:bf:d6:
                    60:bd:db:de:6b:9e:aa:b4:19:00:be:79:46:33:8a:
                    99:de:21:1d:89:24:f4:e9:38:63:b1:85:5a:46:ee:
                    81:5e:a7:4d:f0:dd:21:bd:64:7b:6f:c4:57:0c:70:
                    1a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:5F:02:4A:F7:87:BE:A7:8D:9F:FA:77:BE:CF:1B:A5:B2:DD:EA:2A
            X509v3 Authority Key Identifier:
                keyid:AD:CA:6E:54:AC:D0:26:CE:FA:36:2B:42:27:B8:90:81:C0:A5:00:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rcpuVKzQJs76NitCJ7iQgcClAEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/b172b7-6ae5-46e1-b0c0-0065e4a890b4/1/Il8CSveHvqeNn_p3vs8bpbLd6io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/b172b7-6ae5-46e1-b0c0-0065e4a890b4/1/rcpuVKzQJs76NitCJ7iQgcClAEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.128.0/24
                  185.103.201.0/24
                IPv6:
                  2a01:fb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:e4:7e:c1:69:d9:28:4a:fe:05:8a:10:9c:08:7a:df:5c:cc:
         4d:30:c0:42:29:5b:1a:ac:84:d5:67:e6:9d:c1:76:dd:01:a2:
         7f:1f:91:da:8d:1e:ca:e3:50:c9:09:7f:0f:87:28:96:de:a5:
         c5:a7:22:4b:f7:08:e6:b0:40:97:67:b5:ab:12:f0:cf:9c:56:
         2e:c8:82:bc:1e:a8:b4:7c:58:f6:ed:e2:be:55:50:57:00:44:
         14:f3:9b:42:9a:cf:d7:84:75:9b:5d:bd:8e:6a:ca:f1:42:b6:
         a9:2d:86:16:e1:7a:c3:fd:a7:82:34:00:a2:7b:1b:3d:35:39:
         cd:5d:10:e3:da:84:3e:9a:e2:d4:36:98:39:36:1b:7a:c1:94:
         29:f1:5d:9b:bd:1c:f9:f1:91:c1:53:40:59:f5:5f:1a:15:4c:
         02:22:1d:9e:8c:c6:21:bf:19:c5:bd:5e:3f:c1:3c:28:e7:f8:
         8f:a9:ef:8b:65:3c:3b:9f:c3:f5:d1:8f:78:be:2c:13:1a:1f:
         7e:f0:6b:b0:d4:6b:00:08:41:ea:20:e6:54:a9:f2:43:e9:9d:
         ee:2e:99:7e:90:71:66:8f:8c:e7:ec:60:39:57:5d:49:bd:ca:
         aa:1a:cd:a4:86:39:9c:ae:53:23:3e:cd:3f:3f:67:b4:53:22:
         7f:36:dc:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZj5RSmLu6en2JenjIgKnaCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkY2E2ZTU0YWNkMDI2Y2VmYTM2MmI0MjI3Yjg5MDgxYzBh
NTAwNDkwHhcNMjUwODMwMDQzODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjVmMDI0YWY3ODdiZWE3OGQ5ZmZhNzdiZWNmMWJhNWIyZGRlYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSA33pQ9opuSgv9iMpbIFyTnO7aR
53dfQfeh/8pVzjr/xB8x8RlBnoQwXgyHaG1EKdvrk9yT00zRHD4M88RTcx81VhVb
9UfefoTq5oH/aojUFuJdmbZtxPn9EdfT3/SXSrHFbeaQF13POvHj99P+UQlnZ77n
9nA36jQACLRMxHgomEGf5Dq+pUT/yhtIUJSMpcJ8fYVOJHxXwSnrclBecc/xi5PO
z5PSmjX/U6ttcHdZBlqyIm40FPNnl/O7QZyVXkmCMeUkVMuLfrhGpCIav9Zgvdve
a56qtBkAvnlGM4qZ3iEdiST06ThjsYVaRu6BXqdN8N0hvWR7b8RXDHAaqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCJfAkr3h76njZ/6d77PG6Wy3eoqMB8GA1UdIwQY
MBaAFK3KblSs0CbO+jYrQie4kIHApQBJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmNwdVZLelFKczc2Tml0Q0o3aVFnY0NsQUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9iMTcyYjctNmFlNS00NmUxLWIwYzAt
MDA2NWU0YTg5MGI0LzEvSWw4Q1N2ZUh2cWVObl9wM3ZzOGJwYkxkNmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9iMTcyYjctNmFlNS00NmUxLWIwYzAtMDA2NWU0YTg5MGI0
LzEvcmNwdVZLelFKczc2Tml0Q0o3aVFnY0NsQUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAWSGAAwQA
uWfJMA0EAgACMAcDBQMqAfuAMA0GCSqGSIb3DQEBCwUAA4IBAQCd5H7BadkoSv4F
ihCcCHrfXMxNMMBCKVsarITVZ+adwXbdAaJ/H5HajR7K41DJCX8PhyiW3qXFpyJL
9wjmsECXZ7WrEvDPnFYuyIK8Hqi0fFj27eK+VVBXAEQU85tCms/XhHWbXb2Oasrx
QrapLYYW4XrD/aeCNACiexs9NTnNXRDj2oQ+muLUNpg5Nht6wZQp8V2bvRz58ZHB
U0BZ9V8aFUwCIh2ejMYhvxnFvV4/wTwo5/iPqe+LZTw7n8P10Y94viwTGh9+8Guw
1GsACEHqIOZUqfJD6Z3uLpl+kHFmj4zn7GA5V11JvcqqGs2khjmcrlMjPs0/P2e0
UyJ/Ntxf
-----END CERTIFICATE-----