Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/oDzpo9P1CSTveVeS7HO-MB_9-so.roa
File:                     oDzpo9P1CSTveVeS7HO-MB_9-so.roa (raw, json)
Hash identifier:          TBsZnZ6Hce91sBTky4DlDhCeMhJRvacSOmd1DwZB9+E=
Subject key identifier:   A0:3C:E9:A3:D3:F5:09:24:EF:79:57:92:EC:73:BE:30:1F:FD:FA:CA
Certificate issuer:       /CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
Certificate serial:       019720DCDD3E7AB362F796BDE8B85793D935
Authority key identifier: 75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/oDzpo9P1CSTveVeS7HO-MB_9-so.roa
Signing time:             Fri 30 May 2025 11:03:54 +0000
ROA not before:           Fri 30 May 2025 11:03:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6805
IP address blocks:        89.32.182.0/24 maxlen: 24
                          2001:1498:c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 17:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:dc:dd:3e:7a:b3:62:f7:96:bd:e8:b8:57:93:d9:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
        Validity
            Not Before: May 30 11:03:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a03ce9a3d3f50924ef795792ec73be301ffdfaca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3f:28:b1:50:c9:8b:ff:e5:85:7a:48:9d:43:
                    b8:a8:cd:1d:66:24:c4:97:27:04:7d:67:5a:5c:27:
                    35:01:eb:69:d9:d1:df:78:ee:b7:92:f0:4c:7a:b0:
                    27:af:75:f2:86:13:55:18:fc:ee:7f:bf:eb:1d:0a:
                    7d:79:ae:04:ad:c8:f3:ba:53:c5:4a:58:a4:f0:87:
                    e4:d4:5a:f9:92:f9:4a:43:c9:51:9d:ea:5e:10:6d:
                    cd:2a:57:bb:b8:a7:b3:5b:e9:30:0c:ba:ce:53:f3:
                    1b:3e:fa:00:f3:df:da:9f:41:fe:7b:0d:ad:ab:86:
                    1d:82:c5:df:ad:de:67:b5:ec:1e:1c:5e:6d:ac:bb:
                    24:64:fd:b5:15:0c:b8:f7:85:6f:fa:de:73:a1:db:
                    d8:57:f8:56:e9:57:2d:d6:39:90:53:92:bd:87:42:
                    21:83:ca:a0:d4:dd:73:f5:9d:c5:e3:df:bb:bc:87:
                    fa:22:41:35:1a:29:11:57:c8:5f:18:de:ff:70:42:
                    fa:ac:2b:27:6c:2f:aa:be:0b:05:1a:83:2b:37:ec:
                    fa:2a:dc:fe:3a:29:17:af:5a:91:3f:5c:81:1c:19:
                    10:1a:ed:3e:41:32:6e:62:b3:33:4f:09:29:d2:6c:
                    10:14:2f:1d:db:d1:42:68:7a:e6:bc:df:4d:74:56:
                    df:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:3C:E9:A3:D3:F5:09:24:EF:79:57:92:EC:73:BE:30:1F:FD:FA:CA
            X509v3 Authority Key Identifier:
                keyid:75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/oDzpo9P1CSTveVeS7HO-MB_9-so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.32.182.0/24
                IPv6:
                  2001:1498:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:9b:b6:2c:d2:ae:98:d6:7d:6c:b8:3f:da:48:37:26:a7:9d:
         8c:21:27:2d:03:18:57:ef:e9:eb:c1:e3:76:cd:04:d0:aa:07:
         8b:45:c2:1a:47:30:9c:49:f2:4d:df:95:d5:d8:ce:11:05:dd:
         66:55:37:2c:9c:18:c3:f2:3a:48:0c:e5:52:43:9b:a7:42:75:
         64:f7:75:7a:26:39:76:81:ae:c8:af:9d:d7:48:bb:7b:74:7c:
         25:f3:13:7d:59:e6:14:db:8e:57:31:26:ec:1f:81:45:89:8a:
         63:95:00:c8:2f:7e:5b:d8:4a:d1:f8:c4:47:34:27:81:a5:cf:
         c3:94:b0:2a:43:d5:32:6d:3f:7d:cb:9f:0f:a7:c2:81:ad:21:
         fc:a3:a8:97:b7:64:65:b6:23:76:10:95:10:a1:85:d3:f3:df:
         4a:aa:70:23:5b:b3:dd:61:7f:b4:0f:00:6a:b1:eb:04:4e:8e:
         ab:e4:d2:5e:08:f9:88:05:71:5a:71:92:36:e1:bb:3b:48:fb:
         b7:df:f4:70:16:d9:a2:cf:d8:30:e6:dc:7e:06:a7:4b:ae:9c:
         08:09:1c:f9:51:8b:07:25:68:a2:dd:4c:02:ea:e9:00:73:e6:
         d2:3a:7a:8c:30:7c:08:e9:24:64:90:eb:b2:8c:22:cd:b7:52:
         83:56:9f:6a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcg3N0+erNi95a96LhXk9k1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZTA1YmMyMWIyYTZmMTAzMzcxMWZmY2E2NDkxYzZjMzBj
ZTVhNGEwHhcNMjUwNTMwMTEwMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDNjZTlhM2QzZjUwOTI0ZWY3OTU3OTJlYzczYmUzMDFmZmRmYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD8osVDJi//lhXpInUO4qM0dZiTE
lycEfWdaXCc1Aetp2dHfeO63kvBMerAnr3XyhhNVGPzuf7/rHQp9ea4ErcjzulPF
Slik8Ifk1Fr5kvlKQ8lRnepeEG3NKle7uKezW+kwDLrOU/MbPvoA89/an0H+ew2t
q4YdgsXfrd5nteweHF5trLskZP21FQy494Vv+t5zodvYV/hW6Vct1jmQU5K9h0Ih
g8qg1N1z9Z3F49+7vIf6IkE1GikRV8hfGN7/cEL6rCsnbC+qvgsFGoMrN+z6Ktz+
OikXr1qRP1yBHBkQGu0+QTJuYrMzTwkp0mwQFC8d29FCaHrmvN9NdFbfwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKA86aPT9Qkk73lXkuxzvjAf/frKMB8GA1UdIwQY
MBaAFHXgW8IbKm8QM3Ef/KZJHGwwzlpKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDct
ZDQ1YWI3ZGYyZGUxLzEvb0R6cG85UDFDU1R2ZVZlUzdITy1NQl85LXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDctZDQ1YWI3ZGYyZGUx
LzEvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWSC2MA8E
AgACMAkDBwAgARSYAAwwDQYJKoZIhvcNAQELBQADggEBAA6btizSrpjWfWy4P9pI
NyannYwhJy0DGFfv6evB43bNBNCqB4tFwhpHMJxJ8k3fldXYzhEF3WZVNyycGMPy
OkgM5VJDm6dCdWT3dXomOXaBrsivnddIu3t0fCXzE31Z5hTbjlcxJuwfgUWJimOV
AMgvflvYStH4xEc0J4Glz8OUsCpD1TJtP33Lnw+nwoGtIfyjqJe3ZGW2I3YQlRCh
hdPz30qqcCNbs91hf7QPAGqx6wROjqvk0l4I+YgFcVpxkjbhuztI+7ff9HAW2aLP
2DDm3H4Gp0uunAgJHPlRiwclaKLdTALq6QBz5tI6eowwfAjpJGSQ67KMIs23UoNW
n2o=
-----END CERTIFICATE-----