Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/apwK_C2jLXYtjM1_rywqkSP6SXM.roa
File:                     apwK_C2jLXYtjM1_rywqkSP6SXM.roa (raw, json)
Hash identifier:          Brus3GnJlwWOcIOQznlG1EIg3MnsNQ8Kg3KCHt4fQYM=
Subject key identifier:   6A:9C:0A:FC:2D:A3:2D:76:2D:8C:CD:7F:AF:2C:2A:91:23:FA:49:73
Certificate issuer:       /CN=ad9681f144db1430ac315c8306e1c14730c5fec2
Certificate serial:       0196E29B99CF19B0AD93D8EE9FDAF3833962
Authority key identifier: AD:96:81:F1:44:DB:14:30:AC:31:5C:83:06:E1:C1:47:30:C5:FE:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/apwK_C2jLXYtjM1_rywqkSP6SXM.roa
Signing time:             Sun 18 May 2025 08:56:10 +0000
ROA not before:           Sun 18 May 2025 08:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41881
IP address blocks:        89.221.84.0/22 maxlen: 22
                          89.221.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e2:9b:99:cf:19:b0:ad:93:d8:ee:9f:da:f3:83:39:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad9681f144db1430ac315c8306e1c14730c5fec2
        Validity
            Not Before: May 18 08:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a9c0afc2da32d762d8ccd7faf2c2a9123fa4973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:09:23:f8:df:66:a1:63:2d:02:d2:87:c7:6f:
                    67:55:5d:36:af:b0:42:3d:13:59:82:14:2a:08:b3:
                    43:75:c2:b4:eb:51:f7:19:5a:bb:26:38:7f:86:68:
                    a8:c5:57:bc:86:85:39:e0:d2:b6:b1:0f:33:a7:6c:
                    b3:dd:98:1b:4c:3e:3a:8f:5d:e8:35:29:3c:14:6b:
                    a8:d2:73:07:e4:f7:73:d6:e2:2e:a1:72:4c:db:6e:
                    97:bd:bc:41:1f:27:b1:d8:3b:99:e7:f6:f4:92:44:
                    5f:62:76:19:e9:1c:0a:91:2d:28:47:2a:ef:6d:7e:
                    a8:d2:3b:07:b2:7b:26:09:f1:cb:24:16:84:5d:01:
                    93:95:fc:0b:d8:f2:bf:98:24:55:de:24:3b:05:23:
                    22:76:e8:f9:30:e9:b9:a5:fc:89:76:3b:53:7d:bb:
                    0d:c6:a8:de:8a:60:97:22:6c:84:32:bd:a7:ef:1a:
                    9e:d7:f9:ce:df:d1:e9:71:be:d2:0d:5b:fc:42:b3:
                    fb:d8:95:c0:d6:f2:23:d6:bb:f7:84:a1:a2:d6:af:
                    9a:89:75:38:ab:40:73:bc:ab:e1:ca:7f:fb:c2:28:
                    9d:c8:31:8f:f1:a5:22:78:a1:a8:8a:6c:55:a9:7d:
                    07:fd:34:fb:f9:93:fb:c7:f1:a1:f8:0f:0e:d6:38:
                    0c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:9C:0A:FC:2D:A3:2D:76:2D:8C:CD:7F:AF:2C:2A:91:23:FA:49:73
            X509v3 Authority Key Identifier:
                keyid:AD:96:81:F1:44:DB:14:30:AC:31:5C:83:06:E1:C1:47:30:C5:FE:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/apwK_C2jLXYtjM1_rywqkSP6SXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.221.84.0/22
                  89.221.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:3c:13:5a:61:69:8a:a5:06:49:03:07:87:e4:e9:6a:ee:55:
         96:50:80:ae:33:95:31:43:a3:5c:ab:01:59:65:a0:52:44:0c:
         ec:63:7d:3d:85:f8:5c:4a:72:1b:6b:80:22:63:56:a8:8b:87:
         eb:48:3e:e5:53:fc:71:12:ab:e4:98:c5:c2:76:13:33:98:50:
         41:fe:4c:85:7e:34:1b:52:35:f4:12:a8:87:82:16:9d:44:b0:
         b0:3f:d8:c3:78:61:63:e2:9f:59:8c:0c:67:35:68:c5:6d:7b:
         ee:cd:ee:41:65:4c:a4:f1:c0:b9:f0:9f:06:fa:9c:c6:7d:56:
         33:b7:c9:9c:b3:9c:95:00:02:d0:17:a2:8b:4b:16:ba:86:83:
         5f:c9:d6:e9:f6:da:74:da:81:19:25:ac:13:e9:51:10:3f:94:
         db:bc:39:a4:bc:e8:6f:99:95:b2:c3:94:68:c8:01:d6:7b:6b:
         12:a3:73:3b:18:c3:f4:58:13:57:04:8e:84:ae:56:b5:50:2d:
         ee:a2:db:3e:65:c6:1f:45:8b:cf:9b:04:97:0e:82:6d:f3:9f:
         af:f5:a0:7c:e3:54:59:ac:89:65:49:05:5f:74:36:65:04:b8:
         f6:3a:79:56:ee:22:8a:f7:71:c1:9a:4c:32:99:d1:60:d1:a5:
         7b:35:38:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbim5nPGbCtk9jun9rzgzliMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkOTY4MWYxNDRkYjE0MzBhYzMxNWM4MzA2ZTFjMTQ3MzBj
NWZlYzIwHhcNMjUwNTE4MDg1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTljMGFmYzJkYTMyZDc2MmQ4Y2NkN2ZhZjJjMmE5MTIzZmE0OTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Qkj+N9moWMtAtKHx29nVV02r7BC
PRNZghQqCLNDdcK061H3GVq7Jjh/hmioxVe8hoU54NK2sQ8zp2yz3ZgbTD46j13o
NSk8FGuo0nMH5Pdz1uIuoXJM226XvbxBHyex2DuZ5/b0kkRfYnYZ6RwKkS0oRyrv
bX6o0jsHsnsmCfHLJBaEXQGTlfwL2PK/mCRV3iQ7BSMiduj5MOm5pfyJdjtTfbsN
xqjeimCXImyEMr2n7xqe1/nO39Hpcb7SDVv8QrP72JXA1vIj1rv3hKGi1q+aiXU4
q0BzvKvhyn/7wiidyDGP8aUieKGoimxVqX0H/TT7+ZP7x/Gh+A8O1jgMPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGqcCvwtoy12LYzNf68sKpEj+klzMB8GA1UdIwQY
MBaAFK2WgfFE2xQwrDFcgwbhwUcwxf7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclphQjhVVGJGRENzTVZ5REJ1SEJSekRGX3NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy80MDViNWYtOGQyNi00ZWUzLWI4N2Yt
YTNhMTNlM2E3ZDgwLzEvYXB3S19DMmpMWFl0ak0xX3J5d3FrU1A2U1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy80MDViNWYtOGQyNi00ZWUzLWI4N2YtYTNhMTNlM2E3ZDgw
LzEvclphQjhVVGJGRENzTVZ5REJ1SEJSekRGX3NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWd1UAwQA
Wd1fMA0GCSqGSIb3DQEBCwUAA4IBAQAAPBNaYWmKpQZJAweH5Olq7lWWUICuM5Ux
Q6NcqwFZZaBSRAzsY309hfhcSnIba4AiY1aoi4frSD7lU/xxEqvkmMXCdhMzmFBB
/kyFfjQbUjX0EqiHghadRLCwP9jDeGFj4p9ZjAxnNWjFbXvuze5BZUyk8cC58J8G
+pzGfVYzt8mcs5yVAALQF6KLSxa6hoNfydbp9tp02oEZJawT6VEQP5TbvDmkvOhv
mZWyw5RoyAHWe2sSo3M7GMP0WBNXBI6Erla1UC3uots+ZcYfRYvPmwSXDoJt85+v
9aB841RZrIllSQVfdDZlBLj2OnlW7iKK93HBmkwymdFg0aV7NTjd
-----END CERTIFICATE-----