Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132352e302f32342d3234203d3e2039333034.roa
File:                     3135322e38392e3132352e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          Onrn/f0tn9nEVmShlDNhXlih7x6kmtk+N9vdaF58Og8=
Subject key identifier:   89:B4:B9:08:C0:CD:45:AD:4B:32:7F:CD:DB:8C:AF:90:A3:67:94:A8
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       465F06625A62C69CD24C107233608F3631CC25CA
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132352e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 03 Jun 2025 08:29:42 +0000
ROA not before:           Tue 03 Jun 2025 08:24:42 +0000
ROA not after:            Tue 02 Jun 2026 08:29:42 +0000
asID:                     9304
IP address blocks:        152.89.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:5f:06:62:5a:62:c6:9c:d2:4c:10:72:33:60:8f:36:31:cc:25:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jun  3 08:24:42 2025 GMT
            Not After : Jun  2 08:29:42 2026 GMT
        Subject: CN=89B4B908C0CD45AD4B327FCDDB8CAF90A36794A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fc:56:1a:ac:3b:e7:70:99:47:47:61:fb:f5:
                    31:c8:0f:a0:fa:72:15:56:73:00:4f:99:10:ac:fe:
                    ba:bd:11:a7:25:a4:13:4e:bc:f0:95:c8:01:77:e4:
                    99:e4:fe:00:79:88:d6:62:36:99:13:5b:8f:d6:3f:
                    8f:f8:d0:ca:73:83:37:1f:df:4b:c9:8a:8f:93:5e:
                    69:1e:b7:69:0e:3a:35:51:de:ab:58:dc:3b:8a:b9:
                    ab:35:df:28:0c:40:7c:f0:58:83:17:b7:3c:db:e1:
                    3a:ef:5c:c8:67:b1:f3:fd:4a:df:cd:a2:71:24:6a:
                    62:76:35:c6:08:ef:be:49:9c:6e:9d:bc:e9:6b:5f:
                    1f:56:e3:9e:8c:86:63:eb:b2:15:84:4c:63:a3:38:
                    4e:4b:80:4c:2a:66:19:f1:f0:77:b4:75:82:6c:3e:
                    00:41:51:ea:22:89:2f:d1:c3:02:58:d5:30:0f:4b:
                    a2:99:66:46:5a:0f:9a:f5:c9:a6:77:c4:33:a0:fa:
                    81:1e:55:4e:fb:66:4b:50:77:ef:6d:ec:97:49:3d:
                    b6:97:75:3f:25:26:da:ff:74:95:5d:c8:7f:26:17:
                    a0:23:86:18:22:d2:18:10:ae:16:40:78:8c:83:81:
                    e8:08:a5:8f:03:40:19:bd:ca:1b:92:d4:48:e1:7c:
                    d0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B4:B9:08:C0:CD:45:AD:4B:32:7F:CD:DB:8C:AF:90:A3:67:94:A8
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132352e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:1a:1d:d7:0e:e8:ff:1b:f2:6a:26:22:d0:71:37:94:81:a8:
         94:06:85:d4:7a:89:91:73:70:2e:da:aa:1f:ab:e2:b6:83:12:
         47:21:09:7d:b7:fb:09:99:d5:59:1a:fa:30:88:f1:7b:e4:bd:
         bf:1f:a3:6b:ab:67:a3:2c:76:9e:6c:a8:f3:8b:1e:51:cb:3b:
         0f:12:f6:55:96:64:48:90:d1:a4:be:e1:05:be:fa:5d:8b:0e:
         7e:63:ef:28:f8:fb:06:74:27:29:8b:e5:a1:77:72:47:cf:fd:
         f2:c7:46:b6:72:74:4e:f4:8b:8b:cc:e0:c0:84:b1:6b:af:82:
         4f:8f:ae:70:20:7f:f6:6e:2f:14:1b:2d:32:f5:be:5d:8a:3e:
         f3:80:9f:d2:47:33:3b:40:92:cd:85:fd:30:4e:d9:87:4d:7a:
         2e:69:f7:e5:39:82:58:ba:59:ec:e0:ca:b4:b2:e4:5c:8e:eb:
         0d:dc:84:7f:7a:d7:43:af:33:8e:27:0d:a5:20:61:82:3b:e5:
         44:f0:5e:5d:1c:e3:82:3a:e3:85:6c:db:f8:af:41:01:04:cc:
         5c:4a:10:e7:cf:83:c3:3d:12:9b:fc:6f:96:0c:31:b4:5a:7b:
         ea:37:78:1e:e6:fe:64:51:94:9c:89:63:ac:11:52:a0:e6:76:
         ee:c9:9d:24
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURl8GYlpixpzSTBByM2CPNjHMJcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA2MDMwODI0NDJaFw0yNjA2MDIwODI5NDJaMDMxMTAvBgNV
BAMTKDg5QjRCOTA4QzBDRDQ1QUQ0QjMyN0ZDRERCOENBRjkwQTM2Nzk0QTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx/FYarDvncJlHR2H79THID6D6
chVWcwBPmRCs/rq9EaclpBNOvPCVyAF35Jnk/gB5iNZiNpkTW4/WP4/40Mpzgzcf
30vJio+TXmket2kOOjVR3qtY3DuKuas13ygMQHzwWIMXtzzb4TrvXMhnsfP9St/N
onEkamJ2NcYI775JnG6dvOlrXx9W456MhmPrshWETGOjOE5LgEwqZhnx8He0dYJs
PgBBUeoiiS/RwwJY1TAPS6KZZkZaD5r1yaZ3xDOg+oEeVU77ZktQd+9t7JdJPbaX
dT8lJtr/dJVdyH8mF6Ajhhgi0hgQrhZAeIyDgegIpY8DQBm9yhuS1EjhfNClAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUibS5CMDNRa1LMn/N24yvkKNnlKgwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzNTMyMmUzODM5MmUzMTMy
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJhZ
fTANBgkqhkiG9w0BAQsFAAOCAQEAaBod1w7o/xvyaiYi0HE3lIGolAaF1HqJkXNw
LtqqH6vitoMSRyEJfbf7CZnVWRr6MIjxe+S9vx+ja6tnoyx2nmyo84seUcs7DxL2
VZZkSJDRpL7hBb76XYsOfmPvKPj7BnQnKYvloXdyR8/98sdGtnJ0TvSLi8zgwISx
a6+CT4+ucCB/9m4vFBstMvW+XYo+84Cf0kczO0CSzYX9ME7Zh016Lmn35TmCWLpZ
7ODKtLLkXI7rDdyEf3rXQ68zjicNpSBhgjvlRPBeXRzjgjrjhWzb+K9BAQTMXEoQ
58+Dwz0Sm/xvlgwxtFp76jd4Hub+ZFGUnIljrBFSoOZ27smdJA==
-----END CERTIFICATE-----