Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/sQoY_P3eWisKejdGUj_NTKKtjBQ.roa
File:                     sQoY_P3eWisKejdGUj_NTKKtjBQ.roa (raw, json)
Hash identifier:          wvg8V76VoKkP6eo76vmeDvBCD/zyxgaUHQ8qP7p0qKU=
Subject key identifier:   B1:0A:18:FC:FD:DE:5A:2B:0A:7A:37:46:52:3F:CD:4C:A2:AD:8C:14
Certificate issuer:       /CN=6a37982207e62ded0691dcb18ef6ea32d413f3f6
Certificate serial:       0196E879FB300435B08D7EE7100935FF9B0E
Authority key identifier: 6A:37:98:22:07:E6:2D:ED:06:91:DC:B1:8E:F6:EA:32:D4:13:F3:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/sQoY_P3eWisKejdGUj_NTKKtjBQ.roa
Signing time:             Mon 19 May 2025 12:17:10 +0000
ROA not before:           Mon 19 May 2025 12:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25279
IP address blocks:        89.251.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 19:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:79:fb:30:04:35:b0:8d:7e:e7:10:09:35:ff:9b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a37982207e62ded0691dcb18ef6ea32d413f3f6
        Validity
            Not Before: May 19 12:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b10a18fcfdde5a2b0a7a3746523fcd4ca2ad8c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:35:ae:bd:2c:38:9a:ee:27:8d:4a:e2:ad:61:
                    a2:13:f0:d9:6e:e6:a3:8c:d3:68:ac:50:da:8e:b3:
                    07:b1:5b:a6:85:1a:fd:df:c3:48:47:06:7e:95:6b:
                    66:aa:76:67:bf:40:93:6e:e0:1b:da:8c:82:c2:95:
                    f8:11:87:0f:b1:01:99:2f:2b:c1:70:fb:2d:4b:28:
                    5b:b7:6a:de:98:1a:59:0e:9c:64:4f:09:08:d2:0a:
                    2f:5b:81:bd:2b:b2:80:ae:ae:d6:0d:87:56:25:c5:
                    8a:a4:ae:d7:51:29:88:e4:6d:e8:74:10:b7:f0:75:
                    50:80:45:af:75:55:2e:25:e6:cf:49:71:0d:7c:9d:
                    81:20:a1:e4:18:3c:54:25:d3:60:25:56:9e:22:c7:
                    73:de:df:c8:a2:88:bc:ae:9d:f5:16:3a:e6:b1:d6:
                    08:fb:4c:2b:2d:00:69:b3:2a:dc:7e:15:37:d3:dc:
                    33:57:9a:54:a6:e0:60:27:6b:5f:41:b7:29:3f:40:
                    40:13:3e:d6:5a:cd:34:b9:5a:57:8e:8a:ed:cb:6d:
                    91:97:55:be:7e:d6:92:29:14:85:9a:d6:47:b4:c9:
                    29:6d:ce:c1:3f:1d:20:ba:79:b1:76:63:01:2e:a3:
                    e7:32:0d:da:91:b7:87:98:f0:16:bc:0f:b1:46:dd:
                    60:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:0A:18:FC:FD:DE:5A:2B:0A:7A:37:46:52:3F:CD:4C:A2:AD:8C:14
            X509v3 Authority Key Identifier:
                keyid:6A:37:98:22:07:E6:2D:ED:06:91:DC:B1:8E:F6:EA:32:D4:13:F3:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/sQoY_P3eWisKejdGUj_NTKKtjBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:62:67:f1:31:b7:00:77:33:36:9a:c4:d9:96:f7:bb:5f:50:
         48:2a:97:22:3e:af:ff:49:7a:9d:da:0f:73:9a:d5:3f:cd:84:
         65:c2:28:59:71:7c:9f:96:ab:c8:45:8f:dd:70:fa:50:e0:a1:
         66:7d:8b:1f:d5:73:49:2c:5c:9f:1c:2a:58:b0:6d:35:e7:3d:
         75:a3:ab:eb:70:53:64:a3:d0:64:af:dc:ad:46:a7:aa:81:e7:
         cb:e3:cb:06:56:e8:34:2b:da:63:ba:62:cd:b6:f5:eb:f6:88:
         0e:fd:03:4a:b9:35:ff:38:67:05:c7:ea:f0:14:60:7a:23:23:
         e7:6a:ef:0c:6d:b5:73:a7:ec:e8:dc:0c:e3:94:3a:c4:02:8f:
         cd:95:6f:bf:bb:53:17:f0:4d:9d:e6:4e:e1:b7:4c:c5:67:bf:
         ce:88:d2:13:8c:45:9f:c9:02:37:29:fd:b3:24:84:ad:fa:8d:
         00:2c:d0:db:86:f0:70:ec:73:94:4f:9c:b9:4b:64:77:1a:3a:
         db:b3:09:55:44:d8:80:6c:b1:7a:95:09:9b:16:e4:9d:57:1c:
         fb:94:32:04:82:8b:c2:28:95:de:1f:ed:a4:0b:69:87:b3:2c:
         9b:04:b7:a6:28:b0:83:67:78:71:08:85:65:f6:2c:d2:71:08:
         f6:e3:ac:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZboefswBDWwjX7nEAk1/5sOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMzc5ODIyMDdlNjJkZWQwNjkxZGNiMThlZjZlYTMyZDQx
M2YzZjYwHhcNMjUwNTE5MTIxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTBhMThmY2ZkZGU1YTJiMGE3YTM3NDY1MjNmY2Q0Y2EyYWQ4YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+zWuvSw4mu4njUrirWGiE/DZbuaj
jNNorFDajrMHsVumhRr938NIRwZ+lWtmqnZnv0CTbuAb2oyCwpX4EYcPsQGZLyvB
cPstSyhbt2remBpZDpxkTwkI0govW4G9K7KArq7WDYdWJcWKpK7XUSmI5G3odBC3
8HVQgEWvdVUuJebPSXENfJ2BIKHkGDxUJdNgJVaeIsdz3t/Iooi8rp31FjrmsdYI
+0wrLQBpsyrcfhU309wzV5pUpuBgJ2tfQbcpP0BAEz7WWs00uVpXjorty22Rl1W+
ftaSKRSFmtZHtMkpbc7BPx0gunmxdmMBLqPnMg3akbeHmPAWvA+xRt1g2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEKGPz93lorCno3RlI/zUyirYwUMB8GA1UdIwQY
MBaAFGo3mCIH5i3tBpHcsY726jLUE/P2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWplWUlnZm1MZTBHa2R5eGp2YnFNdFFUOF9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9iODExZDUtYmEzNS00MjNkLTg2MmYt
MjM1MzE2NTRlNTg5LzEvc1FvWV9QM2VXaXNLZWpkR1VqX05US0t0akJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9iODExZDUtYmEzNS00MjNkLTg2MmYtMjM1MzE2NTRlNTg5
LzEvYWplWUlnZm1MZTBHa2R5eGp2YnFNdFFUOF9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfuPMA0G
CSqGSIb3DQEBCwUAA4IBAQADYmfxMbcAdzM2msTZlve7X1BIKpciPq//SXqd2g9z
mtU/zYRlwihZcXyflqvIRY/dcPpQ4KFmfYsf1XNJLFyfHCpYsG015z11o6vrcFNk
o9Bkr9ytRqeqgefL48sGVug0K9pjumLNtvXr9ogO/QNKuTX/OGcFx+rwFGB6IyPn
au8MbbVzp+zo3AzjlDrEAo/NlW+/u1MX8E2d5k7ht0zFZ7/OiNITjEWfyQI3Kf2z
JISt+o0ALNDbhvBw7HOUT5y5S2R3GjrbswlVRNiAbLF6lQmbFuSdVxz7lDIEgovC
KJXeH+2kC2mHsyybBLemKLCDZ3hxCIVl9izScQj246wC
-----END CERTIFICATE-----