Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/mgJ3Sc6KxuSRQNVYzl0KbaYNlDY.roa
File:                     mgJ3Sc6KxuSRQNVYzl0KbaYNlDY.roa (raw, json)
Hash identifier:          +UkcMaXx37s6HLo3vytB7ItB+h6lkh9Nk4bNEQS1Dtg=
Subject key identifier:   9A:02:77:49:CE:8A:C6:E4:91:40:D5:58:CE:5D:0A:6D:A6:0D:94:36
Certificate issuer:       /CN=2ca37da970c466457583bbe02b2a0e72fbdc6328
Certificate serial:       01990F8CDEB93776FD6C2C92FB3D25B967C9
Authority key identifier: 2C:A3:7D:A9:70:C4:66:45:75:83:BB:E0:2B:2A:0E:72:FB:DC:63:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/mgJ3Sc6KxuSRQNVYzl0KbaYNlDY.roa
Signing time:             Wed 03 Sep 2025 12:28:34 +0000
ROA not before:           Wed 03 Sep 2025 12:28:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209372
IP address blocks:        80.89.0.0/24 maxlen: 24
                          80.89.1.0/24 maxlen: 24
                          80.89.2.0/24 maxlen: 24
                          80.89.3.0/24 maxlen: 24
                          80.89.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 00:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:8c:de:b9:37:76:fd:6c:2c:92:fb:3d:25:b9:67:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ca37da970c466457583bbe02b2a0e72fbdc6328
        Validity
            Not Before: Sep  3 12:28:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a027749ce8ac6e49140d558ce5d0a6da60d9436
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:2a:e6:91:2f:cf:d3:ad:be:13:2b:f1:68:41:
                    60:70:a0:24:cc:48:ca:4c:64:8e:db:11:21:d5:5d:
                    76:57:14:b8:41:55:37:11:f7:65:8e:46:d9:d3:ce:
                    77:fe:d0:7b:a7:47:15:09:f6:04:eb:e7:58:8b:24:
                    32:d1:fd:aa:14:30:44:fd:57:da:93:d3:e9:39:c9:
                    44:40:d6:e6:10:bb:d5:e0:e4:cd:31:72:9e:d7:97:
                    39:c5:e0:db:2a:53:11:12:90:da:04:36:3f:e3:77:
                    96:4c:26:36:44:a5:b3:17:7c:75:22:ad:13:4a:18:
                    cd:22:81:03:08:45:2a:c2:79:71:36:26:60:9e:5f:
                    01:78:af:a1:f2:29:99:a1:4b:43:9c:48:da:c2:0b:
                    8c:26:28:c0:ea:7e:1c:25:86:e4:ea:8f:dd:5c:bd:
                    e6:64:18:f9:cc:52:22:74:b4:f5:b5:cc:09:0e:71:
                    91:28:54:60:1c:b4:3a:76:22:a5:b9:2a:33:76:bd:
                    26:41:a1:4c:b9:ee:f1:14:a2:4f:c9:45:bf:81:14:
                    8e:69:6f:61:52:46:f4:c4:90:72:14:66:91:e5:1d:
                    44:85:7b:b1:11:46:cc:0d:2a:ad:53:9c:32:be:4f:
                    12:84:e5:55:35:bb:a3:fb:48:2b:aa:99:bf:1e:ac:
                    ba:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:02:77:49:CE:8A:C6:E4:91:40:D5:58:CE:5D:0A:6D:A6:0D:94:36
            X509v3 Authority Key Identifier:
                keyid:2C:A3:7D:A9:70:C4:66:45:75:83:BB:E0:2B:2A:0E:72:FB:DC:63:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/mgJ3Sc6KxuSRQNVYzl0KbaYNlDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d6:6c:65:e6:68:79:ab:61:56:c8:5c:fe:57:04:35:e1:2d:6a:
         09:c2:7a:36:7f:ce:df:60:30:98:d3:6b:d9:fa:10:be:1b:70:
         1a:60:e5:7f:53:d0:18:d2:05:16:95:e5:22:26:d3:c2:25:d4:
         1c:8b:6b:f6:c1:ae:0e:da:18:c9:c8:a8:2c:6c:bf:32:b4:21:
         17:3e:bd:ef:dd:26:5d:08:30:93:9c:24:00:4b:74:ac:a0:26:
         d2:8a:93:fa:13:c5:5e:e6:be:da:40:75:82:2f:e8:e7:fc:9d:
         73:0a:9a:2d:c2:3f:3c:dc:f4:df:62:e7:08:cb:68:b6:02:f5:
         76:21:98:e9:1d:90:3f:e3:6b:50:ad:59:5b:fe:29:6e:5a:d5:
         c5:77:ce:0c:1e:7b:69:e7:d5:aa:9e:ba:ad:67:01:81:97:0a:
         40:64:93:eb:b3:81:a6:ba:da:cb:ba:ae:36:f7:c8:7a:aa:ba:
         4c:d7:16:f9:b3:02:b2:fe:93:ca:2d:c1:64:a9:9b:1b:81:4b:
         30:5c:1c:cf:a7:f5:43:d3:55:9f:f7:1e:4e:7a:c0:28:85:fb:
         83:23:6f:3a:86:46:25:21:75:4f:03:37:84:f4:08:7b:4f:04:
         50:a7:ac:76:b8:f1:45:cf:38:d9:38:79:fc:64:2f:f4:2a:1e:
         5b:2c:3e:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkPjN65N3b9bCyS+z0luWfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYTM3ZGE5NzBjNDY2NDU3NTgzYmJlMDJiMmEwZTcyZmJk
YzYzMjgwHhcNMjUwOTAzMTIyODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTAyNzc0OWNlOGFjNmU0OTE0MGQ1NThjZTVkMGE2ZGE2MGQ5NDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSrmkS/P062+EyvxaEFgcKAkzEjK
TGSO2xEh1V12VxS4QVU3EfdljkbZ0853/tB7p0cVCfYE6+dYiyQy0f2qFDBE/Vfa
k9PpOclEQNbmELvV4OTNMXKe15c5xeDbKlMREpDaBDY/43eWTCY2RKWzF3x1Iq0T
ShjNIoEDCEUqwnlxNiZgnl8BeK+h8imZoUtDnEjawguMJijA6n4cJYbk6o/dXL3m
ZBj5zFIidLT1tcwJDnGRKFRgHLQ6diKluSozdr0mQaFMue7xFKJPyUW/gRSOaW9h
Ukb0xJByFGaR5R1EhXuxEUbMDSqtU5wyvk8ShOVVNbuj+0grqpm/Hqy6aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJoCd0nOisbkkUDVWM5dCm2mDZQ2MB8GA1UdIwQY
MBaAFCyjfalwxGZFdYO74CsqDnL73GMoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEtOOXFYREVaa1YxZzd2Z0t5b09jdnZjWXlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yNDkyZmQtNmUzNy00NTgyLTg0ZTgt
OGNhMjVmNDg4ZWJmLzEvbWdKM1NjNkt4dVNSUU5WWXpsMEtiYVlObERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yNDkyZmQtNmUzNy00NTgyLTg0ZTgtOGNhMjVmNDg4ZWJm
LzEvTEtOOXFYREVaa1YxZzd2Z0t5b09jdnZjWXlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUFkAMA0G
CSqGSIb3DQEBCwUAA4IBAQDWbGXmaHmrYVbIXP5XBDXhLWoJwno2f87fYDCY02vZ
+hC+G3AaYOV/U9AY0gUWleUiJtPCJdQci2v2wa4O2hjJyKgsbL8ytCEXPr3v3SZd
CDCTnCQAS3SsoCbSipP6E8Ve5r7aQHWCL+jn/J1zCpotwj883PTfYucIy2i2AvV2
IZjpHZA/42tQrVlb/iluWtXFd84MHntp59WqnrqtZwGBlwpAZJPrs4GmutrLuq42
98h6qrpM1xb5swKy/pPKLcFkqZsbgUswXBzPp/VD01Wf9x5OesAohfuDI286hkYl
IXVPAzeE9Ah7TwRQp6x2uPFFzzjZOHn8ZC/0Kh5bLD6f
-----END CERTIFICATE-----