Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/onti25-JZvJon17Q7b3mRPl6Mrw.roa
File:                     onti25-JZvJon17Q7b3mRPl6Mrw.roa (raw, json)
Hash identifier:          eFtLIhStzkHcBC91ELCxCp9D1wgeBA4k1w9QlT6qZVU=
Subject key identifier:   A2:7B:62:DB:9F:89:66:F2:68:9F:5E:D0:ED:BD:E6:44:F9:7A:32:BC
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01993957711BBDC237CD658B5639F7CBB7D3
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/onti25-JZvJon17Q7b3mRPl6Mrw.roa
Signing time:             Thu 11 Sep 2025 15:14:15 +0000
ROA not before:           Thu 11 Sep 2025 15:14:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     154115
IP address blocks:        89.106.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:39:57:71:1b:bd:c2:37:cd:65:8b:56:39:f7:cb:b7:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Sep 11 15:14:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a27b62db9f8966f2689f5ed0edbde644f97a32bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:72:3c:a5:29:0a:03:26:ee:4c:79:48:66:b5:
                    e1:ba:ba:48:21:68:68:db:9a:2c:c2:f9:38:1e:63:
                    6d:41:0f:df:91:1a:c5:20:7c:72:8c:9d:16:87:3d:
                    c5:be:95:9f:c0:69:a2:89:cc:e5:74:17:9c:39:d5:
                    81:0b:d9:4c:4c:a1:4d:a5:32:d0:cc:ca:ac:c8:ef:
                    b1:4c:22:d2:e1:8c:60:75:ff:63:ac:80:6c:1e:e8:
                    d5:d2:49:fe:f1:5f:bb:c4:1e:a7:b3:dd:2a:71:40:
                    ee:87:8a:db:d2:b7:64:11:32:e7:c0:4e:49:c9:36:
                    91:bb:20:12:ef:a8:3a:f7:71:b6:4f:6d:a4:1c:dc:
                    1b:56:e2:bd:be:d3:c9:40:91:52:45:81:ed:7b:6a:
                    39:d5:c1:68:5a:f7:4c:fd:e1:47:33:1b:2d:83:5a:
                    a7:c0:ae:94:21:2e:42:e3:ff:be:cd:ea:34:9c:42:
                    11:aa:bd:f2:cb:30:54:10:04:1b:7f:8d:f2:eb:ce:
                    b8:81:c9:97:9a:c1:d8:1f:b3:76:9e:45:8e:db:73:
                    4a:df:ff:e2:9a:3d:b0:41:3d:c6:e7:85:46:1c:3d:
                    5c:b5:b2:29:c3:87:60:7a:4a:18:42:55:72:8f:90:
                    be:e3:a5:c2:44:29:3d:9c:0a:8a:af:64:02:af:24:
                    45:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:7B:62:DB:9F:89:66:F2:68:9F:5E:D0:ED:BD:E6:44:F9:7A:32:BC
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/onti25-JZvJon17Q7b3mRPl6Mrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ea:18:58:56:31:5c:05:55:e9:10:8e:90:a7:7e:e4:8a:a5:84:
         89:3d:a4:4f:9f:5b:7e:d2:13:4f:4b:26:0f:b2:c7:7a:5b:c7:
         9c:6d:a0:65:11:90:8b:32:70:61:ce:58:53:ad:ad:43:f3:37:
         c3:4c:73:58:ca:60:e5:20:5f:39:0a:4d:d4:e8:fe:ff:9e:34:
         97:6b:14:6d:dd:a6:f5:79:57:64:48:5a:a5:a4:62:96:f7:62:
         df:50:21:46:f5:2c:be:77:3e:85:ab:c1:ba:d6:09:6c:a2:08:
         94:37:02:dd:ba:a5:59:dd:10:53:35:20:15:3d:b2:d6:db:55:
         d0:d0:b0:e6:2b:a7:9a:ab:11:83:7e:7e:e9:68:2d:6b:fd:ee:
         2d:78:c3:64:c0:fd:48:62:e0:ed:3e:fc:01:df:e1:7b:bf:98:
         e2:b6:1b:fc:77:49:d3:2a:85:0b:ec:a5:b9:3b:63:a4:8f:02:
         6c:c0:70:14:8f:e4:ed:e5:d1:14:4b:71:79:e6:7f:85:e7:60:
         3e:4b:d1:f8:4e:98:b2:48:38:62:e1:28:54:b8:07:e1:c4:7e:
         f4:a5:e9:01:a9:39:ee:22:5b:dd:6d:16:c4:67:a9:9d:6c:04:
         9f:16:77:33:e8:f7:44:9f:bc:13:45:e9:da:e6:c2:a0:91:cc:
         81:51:83:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk5V3EbvcI3zWWLVjn3y7fTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwOTExMTUxNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjdiNjJkYjlmODk2NmYyNjg5ZjVlZDBlZGJkZTY0NGY5N2EzMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nI8pSkKAybuTHlIZrXhurpIIWho
25oswvk4HmNtQQ/fkRrFIHxyjJ0Whz3FvpWfwGmiiczldBecOdWBC9lMTKFNpTLQ
zMqsyO+xTCLS4Yxgdf9jrIBsHujV0kn+8V+7xB6ns90qcUDuh4rb0rdkETLnwE5J
yTaRuyAS76g693G2T22kHNwbVuK9vtPJQJFSRYHte2o51cFoWvdM/eFHMxstg1qn
wK6UIS5C4/++zeo0nEIRqr3yyzBUEAQbf43y6864gcmXmsHYH7N2nkWO23NK3//i
mj2wQT3G54VGHD1ctbIpw4dgekoYQlVyj5C+46XCRCk9nAqKr2QCryRFZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJ7YtufiWbyaJ9e0O295kT5ejK8MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvb250aTI1LUpadkpvbjE3UTdiM21SUGw2TXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWpYMA0G
CSqGSIb3DQEBCwUAA4IBAQDqGFhWMVwFVekQjpCnfuSKpYSJPaRPn1t+0hNPSyYP
ssd6W8ecbaBlEZCLMnBhzlhTra1D8zfDTHNYymDlIF85Ck3U6P7/njSXaxRt3ab1
eVdkSFqlpGKW92LfUCFG9Sy+dz6Fq8G61glsogiUNwLduqVZ3RBTNSAVPbLW21XQ
0LDmK6eaqxGDfn7paC1r/e4teMNkwP1IYuDtPvwB3+F7v5jithv8d0nTKoUL7KW5
O2OkjwJswHAUj+Tt5dEUS3F55n+F52A+S9H4TpiySDhi4ShUuAfhxH70pekBqTnu
IlvdbRbEZ6mdbASfFncz6PdEn7wTRena5sKgkcyBUYMR
-----END CERTIFICATE-----