Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/RI3LFPhg4jmbP8O1e85KP3aj8lk.roa
File:                     RI3LFPhg4jmbP8O1e85KP3aj8lk.roa (raw, json)
Hash identifier:          gUcCXtIOZXayvFIzH8aC27OcYWb3MO5PirxCf5ErU0k=
Subject key identifier:   44:8D:CB:14:F8:60:E2:39:9B:3F:C3:B5:7B:CE:4A:3F:76:A3:F2:59
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019A554C1E89532323BE711B63324EC7EFE8
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/RI3LFPhg4jmbP8O1e85KP3aj8lk.roa
Signing time:             Wed 05 Nov 2025 18:34:03 +0000
ROA not before:           Wed 05 Nov 2025 18:34:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199737
IP address blocks:        89.42.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Nov 2025 00:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:55:4c:1e:89:53:23:23:be:71:1b:63:32:4e:c7:ef:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Nov  5 18:34:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=448dcb14f860e2399b3fc3b57bce4a3f76a3f259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:72:f0:e1:67:08:89:38:97:aa:21:34:03:76:
                    dc:2d:a9:4e:d1:f2:e7:8b:15:2a:07:cc:ab:6c:79:
                    da:88:a8:59:0c:02:74:eb:79:38:6d:6f:cc:09:da:
                    3f:0a:d2:ba:35:13:82:3d:36:83:62:c1:fa:41:fe:
                    ce:2c:a1:56:00:6b:f3:47:25:f5:7f:a3:8b:15:9f:
                    ff:f8:f8:27:9c:3a:6e:c8:e7:88:a8:21:6e:b8:36:
                    b2:fa:07:03:ee:b3:d8:67:9e:09:36:f1:6c:7a:74:
                    fc:30:ca:3c:e7:85:18:d6:2c:4e:04:54:7c:2e:af:
                    40:b2:9d:8a:e9:26:2f:b6:5e:29:2b:91:cd:e9:fc:
                    04:e8:7e:c6:f4:76:33:75:c2:4f:20:bd:45:00:cd:
                    bf:98:19:e0:03:e7:30:53:a2:78:cf:a2:5b:cf:7a:
                    9d:54:8f:ee:2c:ec:c2:76:12:30:5f:c6:dc:37:90:
                    35:8d:57:8f:68:b2:7e:eb:16:2c:31:ce:b5:b1:8c:
                    4c:bb:5c:00:88:77:f0:df:5d:50:95:2e:d8:51:5b:
                    00:9d:a2:c6:ed:53:48:f2:3a:18:81:6a:c4:30:6b:
                    e5:01:fe:4f:50:c7:5b:1a:14:c5:ba:d7:05:78:14:
                    db:30:d2:21:89:9d:67:b3:ec:ff:3f:9d:1b:15:90:
                    98:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:8D:CB:14:F8:60:E2:39:9B:3F:C3:B5:7B:CE:4A:3F:76:A3:F2:59
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/RI3LFPhg4jmbP8O1e85KP3aj8lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:92:4f:a6:1f:cd:83:65:ea:c8:98:7d:f7:49:fe:43:f1:da:
         b7:b1:57:76:78:a7:04:f6:67:ef:54:7e:f6:37:ba:87:f1:ae:
         6c:34:77:34:90:6f:e7:57:9c:25:eb:33:30:e9:73:c5:44:d6:
         8f:98:f9:0a:60:32:98:a8:a5:ae:bd:c9:14:8b:f1:66:a3:68:
         9d:5e:41:18:07:d4:69:32:da:12:a4:6d:d4:d9:4d:87:af:c0:
         1e:f7:d4:b9:0f:4c:31:7a:ec:a1:a5:e3:8e:9d:c0:7d:02:67:
         87:39:8b:92:f2:8c:f2:d1:6e:b9:93:09:20:dc:30:31:62:fc:
         ca:fe:5a:59:96:57:39:08:e2:00:fe:43:79:77:1a:72:c9:c4:
         b2:8e:35:d8:3f:96:fa:6c:e2:86:ce:16:9a:3f:92:24:33:c6:
         09:e3:b1:bb:cf:ea:ee:fd:54:84:34:c9:c4:7b:3f:4b:2c:59:
         27:fc:e7:a4:9d:98:90:02:f7:45:78:25:df:b2:5f:25:42:9d:
         ba:c4:d7:c5:1c:25:de:24:14:0e:0f:ee:23:d3:d3:cb:8e:a8:
         e9:10:e0:d1:42:bf:3e:cd:9e:99:32:82:9a:fb:38:0b:ec:e8:
         3a:d4:30:59:34:e4:db:d9:de:55:95:4f:b3:44:f8:f1:d1:9e:
         5f:dd:d9:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpVTB6JUyMjvnEbYzJOx+/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUxMTA1MTgzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDhkY2IxNGY4NjBlMjM5OWIzZmMzYjU3YmNlNGEzZjc2YTNmMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3Lw4WcIiTiXqiE0A3bcLalO0fLn
ixUqB8yrbHnaiKhZDAJ063k4bW/MCdo/CtK6NROCPTaDYsH6Qf7OLKFWAGvzRyX1
f6OLFZ//+PgnnDpuyOeIqCFuuDay+gcD7rPYZ54JNvFsenT8MMo854UY1ixOBFR8
Lq9Asp2K6SYvtl4pK5HN6fwE6H7G9HYzdcJPIL1FAM2/mBngA+cwU6J4z6Jbz3qd
VI/uLOzCdhIwX8bcN5A1jVePaLJ+6xYsMc61sYxMu1wAiHfw311QlS7YUVsAnaLG
7VNI8joYgWrEMGvlAf5PUMdbGhTFutcFeBTbMNIhiZ1ns+z/P50bFZCYvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESNyxT4YOI5mz/DtXvOSj92o/JZMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvUkkzTEZQaGc0am1iUDhPMWU4NUtQM2FqOGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSodMA0G
CSqGSIb3DQEBCwUAA4IBAQCBkk+mH82DZerImH33Sf5D8dq3sVd2eKcE9mfvVH72
N7qH8a5sNHc0kG/nV5wl6zMw6XPFRNaPmPkKYDKYqKWuvckUi/Fmo2idXkEYB9Rp
MtoSpG3U2U2Hr8Ae99S5D0wxeuyhpeOOncB9AmeHOYuS8ozy0W65kwkg3DAxYvzK
/lpZllc5COIA/kN5dxpyycSyjjXYP5b6bOKGzhaaP5IkM8YJ47G7z+ru/VSENMnE
ez9LLFkn/OeknZiQAvdFeCXfsl8lQp26xNfFHCXeJBQOD+4j09PLjqjpEODRQr8+
zZ6ZMoKa+zgL7Og61DBZNOTb2d5VlU+zRPjx0Z5f3dkp
-----END CERTIFICATE-----