Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VKdsWpFNW7WeFF82FK3lBX1OZS0.roa
File:                     VKdsWpFNW7WeFF82FK3lBX1OZS0.roa (raw, json)
Hash identifier:          WRDYzwq7EBo6slfpSs2RW1Xogp4OW6h5bBptNoG9KX0=
Subject key identifier:   54:A7:6C:5A:91:4D:5B:B5:9E:14:5F:36:14:AD:E5:05:7D:4E:65:2D
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0199A8407EE6D19DF2E02CEA5AC64CC8E476
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VKdsWpFNW7WeFF82FK3lBX1OZS0.roa
Signing time:             Fri 03 Oct 2025 04:07:03 +0000
ROA not before:           Fri 03 Oct 2025 04:07:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215357
IP address blocks:        89.144.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a8:40:7e:e6:d1:9d:f2:e0:2c:ea:5a:c6:4c:c8:e4:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct  3 04:07:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54a76c5a914d5bb59e145f3614ade5057d4e652d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:29:6f:49:e9:7d:9e:0a:b0:ec:a8:41:71:9a:
                    00:7f:56:eb:0a:c0:7d:c1:8f:a4:6a:7b:d5:22:72:
                    dc:4b:26:b2:c6:4b:63:2d:60:05:cd:a2:ac:ef:f7:
                    a3:80:25:ae:57:6d:e9:b8:26:79:6e:df:14:a8:22:
                    82:a3:1f:14:7f:a8:35:73:01:2c:ef:10:8a:f0:52:
                    52:ee:64:1f:7a:c8:03:21:83:7f:ef:64:b7:9d:c2:
                    0a:fc:c2:0e:05:51:b3:0e:ff:24:d6:23:46:7e:15:
                    99:28:85:49:83:6d:10:a6:c4:bb:eb:fd:c3:d2:15:
                    dc:93:b5:4f:3e:42:04:e1:5c:86:1c:0c:07:b2:39:
                    3a:0c:ce:b8:a4:07:54:62:e2:6b:3f:cc:55:98:7d:
                    ce:77:af:45:8f:ce:36:dd:5d:0a:5d:73:b2:21:09:
                    0b:25:22:84:9f:ea:25:7e:e1:2c:07:a0:20:49:2a:
                    fb:29:0f:59:9d:e2:3e:38:da:01:5d:bc:71:1c:94:
                    4f:90:49:f6:7b:2c:b3:e6:ec:1f:e3:69:ab:17:02:
                    f4:42:5b:2f:b9:5f:ee:1b:ff:d9:13:05:bf:37:89:
                    02:18:5a:b4:79:8c:f9:31:1a:ff:94:b9:be:7c:b4:
                    66:4d:b0:67:0a:68:03:df:20:7c:e2:24:00:4d:a1:
                    3e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A7:6C:5A:91:4D:5B:B5:9E:14:5F:36:14:AD:E5:05:7D:4E:65:2D
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VKdsWpFNW7WeFF82FK3lBX1OZS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:cf:1a:9b:03:11:b6:88:c0:b2:ec:08:4f:5b:36:b6:ac:87:
         ae:aa:41:31:55:a7:e6:17:4b:e1:17:eb:5f:19:17:a1:11:56:
         62:a4:54:5c:80:47:a1:37:04:0c:3a:04:aa:eb:e3:dd:15:8e:
         f3:54:cf:24:0e:4c:c0:05:4c:74:ec:bc:9d:69:09:97:80:ae:
         63:dd:87:15:1a:a4:55:12:20:76:6a:0f:6b:6c:8d:d2:d7:97:
         30:64:b2:e7:50:89:93:78:c4:25:b5:34:f0:f2:0b:ee:f6:c8:
         ee:0f:bf:0f:45:3d:59:92:fe:e0:87:9a:54:d6:3c:37:6f:b2:
         20:8d:20:08:19:80:a4:81:3b:4d:f7:1c:89:29:4f:3d:12:14:
         5a:03:38:ac:93:5b:d3:ac:e6:73:c2:b3:f0:16:6e:cd:ba:7e:
         17:8c:fb:49:43:86:2c:42:34:e8:05:63:05:87:52:d9:0c:4f:
         bb:0a:88:07:80:55:bd:65:8e:97:f8:6b:a9:82:85:fe:b9:8f:
         96:4a:59:61:17:1e:37:bd:15:d2:9d:99:69:95:fe:4b:67:8e:
         c5:6f:71:df:55:54:ad:f2:40:11:ce:72:29:fa:85:ca:3e:eb:
         c3:42:5c:c3:6f:36:ad:01:d4:0b:5d:2a:e0:9c:8d:c4:5d:da:
         75:a2:4f:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmoQH7m0Z3y4CzqWsZMyOR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDAzMDQwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGE3NmM1YTkxNGQ1YmI1OWUxNDVmMzYxNGFkZTUwNTdkNGU2NTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsylvSel9ngqw7KhBcZoAf1brCsB9
wY+kanvVInLcSyayxktjLWAFzaKs7/ejgCWuV23puCZ5bt8UqCKCox8Uf6g1cwEs
7xCK8FJS7mQfesgDIYN/72S3ncIK/MIOBVGzDv8k1iNGfhWZKIVJg20QpsS76/3D
0hXck7VPPkIE4VyGHAwHsjk6DM64pAdUYuJrP8xVmH3Od69Fj8423V0KXXOyIQkL
JSKEn+olfuEsB6AgSSr7KQ9ZneI+ONoBXbxxHJRPkEn2eyyz5uwf42mrFwL0Qlsv
uV/uG//ZEwW/N4kCGFq0eYz5MRr/lLm+fLRmTbBnCmgD3yB84iQATaE+5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSnbFqRTVu1nhRfNhSt5QV9TmUtMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVktkc1dwRk5XN1dlRkY4MkZLM2xCWDFPWlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZADMA0G
CSqGSIb3DQEBCwUAA4IBAQB3zxqbAxG2iMCy7AhPWza2rIeuqkExVafmF0vhF+tf
GRehEVZipFRcgEehNwQMOgSq6+PdFY7zVM8kDkzABUx07LydaQmXgK5j3YcVGqRV
EiB2ag9rbI3S15cwZLLnUImTeMQltTTw8gvu9sjuD78PRT1Zkv7gh5pU1jw3b7Ig
jSAIGYCkgTtN9xyJKU89EhRaAzisk1vTrOZzwrPwFm7Nun4XjPtJQ4YsQjToBWMF
h1LZDE+7CogHgFW9ZY6X+GupgoX+uY+WSllhFx43vRXSnZlplf5LZ47Fb3HfVVSt
8kARznIp+oXKPuvDQlzDbzatAdQLXSrgnI3EXdp1ok9A
-----END CERTIFICATE-----