Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/GaYkrsgd2Ttub4_2R4LjzHE73ng.roa
File:                     GaYkrsgd2Ttub4_2R4LjzHE73ng.roa (raw, json)
Hash identifier:          aKu7JozM3h1uZuTy6FZkHtjsSrl1e1/VuZVJ+0OeCPo=
Subject key identifier:   19:A6:24:AE:C8:1D:D9:3B:6E:6F:8F:F6:47:82:E3:CC:71:3B:DE:78
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       01990EFEF81E52E3E74849170B2CDDF051DE
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/GaYkrsgd2Ttub4_2R4LjzHE73ng.roa
Signing time:             Wed 03 Sep 2025 09:53:34 +0000
ROA not before:           Wed 03 Sep 2025 09:53:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215809
IP address blocks:        62.89.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:fe:f8:1e:52:e3:e7:48:49:17:0b:2c:dd:f0:51:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Sep  3 09:53:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19a624aec81dd93b6e6f8ff64782e3cc713bde78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:69:37:f5:64:f1:12:c2:c8:70:85:98:93:f7:
                    04:c4:eb:ac:fd:32:eb:d4:31:3f:09:47:63:86:e8:
                    d4:bc:f6:a3:91:6a:60:fe:c5:fd:6b:ac:f1:72:92:
                    d9:04:65:c4:34:1a:3a:ee:70:4a:07:ca:af:be:f1:
                    8b:f4:04:29:01:d8:15:37:df:63:03:6b:50:6a:c6:
                    d7:88:b8:fa:9e:d9:d3:aa:29:67:ec:dd:bd:4e:f3:
                    2f:bd:39:93:05:88:c1:4f:01:89:ba:a5:fe:aa:34:
                    8b:02:a7:75:62:0c:42:61:e8:7a:1f:2c:25:3e:d3:
                    75:a5:dc:a8:c7:ef:1e:62:17:f0:f7:57:12:45:c0:
                    41:b2:75:3e:0f:0c:93:e3:48:27:7b:17:96:b8:26:
                    2f:f9:30:0e:c9:55:a5:63:6d:31:6d:2f:5e:72:88:
                    2e:60:70:c9:82:1f:f2:fc:79:7e:6b:67:cc:36:f1:
                    e7:2c:5c:6d:19:32:10:bb:b6:67:f7:50:75:57:d6:
                    49:6a:fa:a9:6b:4a:4e:62:ab:eb:09:59:fd:b6:15:
                    b1:b6:ed:e0:f9:60:8a:bf:57:26:59:6a:5d:17:5f:
                    ad:b2:b1:c8:22:21:dd:74:94:97:68:d6:0e:ab:ac:
                    a6:23:6b:bc:8b:12:ba:41:9a:b9:2b:0f:12:a8:37:
                    40:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A6:24:AE:C8:1D:D9:3B:6E:6F:8F:F6:47:82:E3:CC:71:3B:DE:78
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/GaYkrsgd2Ttub4_2R4LjzHE73ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.89.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:2b:07:a2:04:21:5c:ea:8c:b6:d6:89:c7:d0:86:8a:78:72:
         27:14:ca:6c:3a:dd:f0:36:e8:41:ba:25:47:54:81:88:bd:3e:
         ac:d8:f3:7b:91:fd:29:07:0c:92:e2:f6:6d:be:d1:e3:c2:1c:
         18:ad:9e:84:84:dc:85:0c:0d:a6:c0:90:7b:38:7a:d4:bb:b8:
         dd:98:f8:ac:8d:c5:70:91:1c:fc:ec:8e:43:bd:60:9a:e7:04:
         f6:9a:e3:dc:23:47:af:11:d0:08:ce:7b:8c:9c:45:90:c0:98:
         23:87:aa:52:c0:ac:ce:23:25:78:ad:ca:c5:e6:ff:ab:5b:6b:
         21:7b:f5:b9:d5:ac:e6:71:08:83:19:29:06:11:fa:b2:36:a7:
         24:9f:d0:58:ad:80:4b:18:a0:e9:18:f2:03:48:ee:6a:af:8a:
         b1:b3:64:5e:f7:eb:92:29:3a:94:d2:52:a2:dc:8e:c4:fd:91:
         a6:43:7f:23:c9:82:ff:07:22:c2:02:de:25:d5:91:bd:ae:da:
         06:e6:20:7d:26:95:d0:79:de:e2:63:07:d0:04:a1:ae:d9:f1:
         b3:58:a1:46:1c:a3:79:7c:13:6b:dc:11:b8:ad:4f:1e:66:e4:
         06:83:00:68:d7:41:58:20:b6:87:c0:99:55:3f:bc:78:21:9b:
         bb:16:35:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkO/vgeUuPnSEkXCyzd8FHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwOTAzMDk1MzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWE2MjRhZWM4MWRkOTNiNmU2ZjhmZjY0NzgyZTNjYzcxM2JkZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2k39WTxEsLIcIWYk/cExOus/TLr
1DE/CUdjhujUvPajkWpg/sX9a6zxcpLZBGXENBo67nBKB8qvvvGL9AQpAdgVN99j
A2tQasbXiLj6ntnTqiln7N29TvMvvTmTBYjBTwGJuqX+qjSLAqd1YgxCYeh6Hywl
PtN1pdyox+8eYhfw91cSRcBBsnU+DwyT40gnexeWuCYv+TAOyVWlY20xbS9ecogu
YHDJgh/y/Hl+a2fMNvHnLFxtGTIQu7Zn91B1V9ZJavqpa0pOYqvrCVn9thWxtu3g
+WCKv1cmWWpdF1+tsrHIIiHddJSXaNYOq6ymI2u8ixK6QZq5Kw8SqDdA/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmmJK7IHdk7bm+P9keC48xxO954MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvR2FZa3JzZ2QyVHR1YjRfMlI0TGp6SEU3M25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlnVMA0G
CSqGSIb3DQEBCwUAA4IBAQCCKweiBCFc6oy21onH0IaKeHInFMpsOt3wNuhBuiVH
VIGIvT6s2PN7kf0pBwyS4vZtvtHjwhwYrZ6EhNyFDA2mwJB7OHrUu7jdmPisjcVw
kRz87I5DvWCa5wT2muPcI0evEdAIznuMnEWQwJgjh6pSwKzOIyV4rcrF5v+rW2sh
e/W51azmcQiDGSkGEfqyNqckn9BYrYBLGKDpGPIDSO5qr4qxs2Re9+uSKTqU0lKi
3I7E/ZGmQ38jyYL/ByLCAt4l1ZG9rtoG5iB9JpXQed7iYwfQBKGu2fGzWKFGHKN5
fBNr3BG4rU8eZuQGgwBo10FYILaHwJlVP7x4IZu7FjUh
-----END CERTIFICATE-----