Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/IFrDv6Ls6n5V8fwzlZ-9RjYsC1A.roa
File:                     IFrDv6Ls6n5V8fwzlZ-9RjYsC1A.roa (raw, json)
Hash identifier:          /KA/Ir1BpmGewtvhuM2WTh9hgPTfLUu7FlDEzEKhle8=
Subject key identifier:   20:5A:C3:BF:A2:EC:EA:7E:55:F1:FC:33:95:9F:BD:46:36:2C:0B:50
Certificate issuer:       /CN=ca290db2f72905f0db626b005bacf08878d17bac
Certificate serial:       019952124E6FFD9B286C90BDF78B0DBFAC28
Authority key identifier: CA:29:0D:B2:F7:29:05:F0:DB:62:6B:00:5B:AC:F0:88:78:D1:7B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/IFrDv6Ls6n5V8fwzlZ-9RjYsC1A.roa
Signing time:             Tue 16 Sep 2025 10:29:15 +0000
ROA not before:           Tue 16 Sep 2025 10:29:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34549
IP address blocks:        89.37.101.0/24 maxlen: 24
                          89.47.58.0/24 maxlen: 24
                          185.131.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 10:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:12:4e:6f:fd:9b:28:6c:90:bd:f7:8b:0d:bf:ac:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca290db2f72905f0db626b005bacf08878d17bac
        Validity
            Not Before: Sep 16 10:29:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=205ac3bfa2ecea7e55f1fc33959fbd46362c0b50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:65:c9:04:3d:16:d4:e9:95:6e:cf:bc:dc:6d:
                    f2:d5:2c:5d:b0:72:ef:9b:e7:0b:e1:97:fb:cb:96:
                    26:8a:88:3c:5b:e3:54:55:cb:e6:f9:e5:a7:bd:1d:
                    bb:27:86:10:0b:54:1d:5f:01:7b:61:c0:2b:b6:d6:
                    09:7e:41:b8:1f:a8:32:95:38:c8:f8:b3:3a:17:68:
                    6f:74:5d:c6:a1:16:72:b1:ea:99:93:6f:c1:4b:74:
                    43:9e:7c:a0:30:38:8a:20:96:16:d9:d0:45:d2:cb:
                    5a:bb:28:1d:04:7e:62:8b:2a:e9:58:fe:f5:e5:89:
                    82:8f:25:d6:81:ed:cd:dd:f8:c4:53:ce:17:d2:5f:
                    6d:12:bf:de:48:c6:12:89:7b:23:11:7a:1a:28:17:
                    04:29:f8:a8:86:bf:84:7b:2c:c5:86:ff:d4:01:78:
                    f3:c0:dd:7d:b3:35:a9:3a:ae:19:3c:b0:ae:c0:9d:
                    a8:9a:e1:9f:a7:20:9a:53:12:7f:7c:ec:d3:46:ad:
                    23:22:9f:5e:fe:8a:b5:96:e9:75:a8:95:61:d9:83:
                    66:bb:65:2d:c2:93:ec:7b:be:2e:72:6b:56:03:3b:
                    b7:cf:8e:b9:f3:d6:da:6f:31:f0:50:48:9f:d9:ad:
                    c8:d1:a7:d7:f5:f1:c2:1b:58:e5:da:cd:8d:91:9a:
                    d8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:5A:C3:BF:A2:EC:EA:7E:55:F1:FC:33:95:9F:BD:46:36:2C:0B:50
            X509v3 Authority Key Identifier:
                keyid:CA:29:0D:B2:F7:29:05:F0:DB:62:6B:00:5B:AC:F0:88:78:D1:7B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/IFrDv6Ls6n5V8fwzlZ-9RjYsC1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.101.0/24
                  89.47.58.0/24
                  185.131.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:d8:43:28:1d:3f:64:1c:88:92:6a:10:8b:d4:f2:81:2d:ad:
         b3:89:5e:50:44:2b:ee:1f:57:c0:15:3f:12:f8:95:b4:a8:55:
         f4:48:0d:d5:c5:f6:1d:b0:a8:b3:56:51:5e:87:d7:cb:59:79:
         cc:3a:6e:af:11:46:4d:f5:e3:b1:a9:0b:97:4a:e1:54:55:4f:
         f3:db:7e:24:61:36:82:76:80:1d:ce:30:63:10:3b:24:d5:4f:
         41:4a:b2:6b:57:2c:42:08:f8:7d:11:06:d6:dd:f7:29:2d:2d:
         63:a9:cf:e1:91:6a:f1:c4:21:0a:21:b3:c1:13:50:93:0e:19:
         e2:b5:b3:11:25:19:97:c1:0f:10:c7:42:0a:e7:f0:6c:8f:58:
         3d:ef:8f:02:33:32:b0:b4:df:2e:82:ae:8e:a8:e5:3a:9c:0d:
         67:04:6e:33:98:e7:5a:81:f7:97:de:a4:11:ac:0f:ab:b1:90:
         f4:d8:a3:30:af:86:88:fe:51:d0:41:0b:94:97:37:26:35:a9:
         28:05:83:7c:a0:34:c0:21:a5:58:02:7b:ac:e3:8d:f8:88:78:
         09:30:da:06:6e:31:aa:6a:aa:5f:1b:b8:7d:b7:47:d6:4d:a3:
         33:ae:24:77:2c:18:9d:6b:ba:e4:33:68:15:e8:80:be:04:b4:
         30:f1:09:35
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlSEk5v/ZsobJC994sNv6woMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMjkwZGIyZjcyOTA1ZjBkYjYyNmIwMDViYWNmMDg4Nzhk
MTdiYWMwHhcNMjUwOTE2MTAyOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDVhYzNiZmEyZWNlYTdlNTVmMWZjMzM5NTlmYmQ0NjM2MmMwYjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmXJBD0W1OmVbs+83G3y1SxdsHLv
m+cL4Zf7y5Ymiog8W+NUVcvm+eWnvR27J4YQC1QdXwF7YcArttYJfkG4H6gylTjI
+LM6F2hvdF3GoRZyseqZk2/BS3RDnnygMDiKIJYW2dBF0stauygdBH5iiyrpWP71
5YmCjyXWge3N3fjEU84X0l9tEr/eSMYSiXsjEXoaKBcEKfiohr+EeyzFhv/UAXjz
wN19szWpOq4ZPLCuwJ2omuGfpyCaUxJ/fOzTRq0jIp9e/oq1lul1qJVh2YNmu2Ut
wpPse74ucmtWAzu3z46589babzHwUEif2a3I0afX9fHCG1jl2s2NkZrYNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCBaw7+i7Op+VfH8M5WfvUY2LAtQMB8GA1UdIwQY
MBaAFMopDbL3KQXw22JrAFus8Ih40XusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWlrTnN2Y3BCZkRiWW1zQVc2endpSGpSZTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yMTY5NzMtNTE2Zi00NTAxLTkxNjQt
N2Y0MzViZjU1MDFjLzEvSUZyRHY2THM2bjVWOGZ3emxaLTlSallzQzFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yMTY5NzMtNTE2Zi00NTAxLTkxNjQtN2Y0MzViZjU1MDFj
LzEveWlrTnN2Y3BCZkRiWW1zQVc2endpSGpSZTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSVlAwQA
WS86AwQAuYM0MA0GCSqGSIb3DQEBCwUAA4IBAQCq2EMoHT9kHIiSahCL1PKBLa2z
iV5QRCvuH1fAFT8S+JW0qFX0SA3VxfYdsKizVlFeh9fLWXnMOm6vEUZN9eOxqQuX
SuFUVU/z234kYTaCdoAdzjBjEDsk1U9BSrJrVyxCCPh9EQbW3fcpLS1jqc/hkWrx
xCEKIbPBE1CTDhnitbMRJRmXwQ8Qx0IK5/Bsj1g9748CMzKwtN8ugq6OqOU6nA1n
BG4zmOdagfeX3qQRrA+rsZD02KMwr4aI/lHQQQuUlzcmNakoBYN8oDTAIaVYAnus
4434iHgJMNoGbjGqaqpfG7h9t0fWTaMzriR3LBida7rkM2gV6IC+BLQw8Qk1
-----END CERTIFICATE-----