Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/t0doH4-uoarXeCxfQj_6omQmnd8.roa
File:                     t0doH4-uoarXeCxfQj_6omQmnd8.roa (raw, json)
Hash identifier:          YzCKvkZ9cxENWoFVg2sL5uNJPWkVdZgOpHkaIm5schw=
Subject key identifier:   B7:47:68:1F:8F:AE:A1:AA:D7:78:2C:5F:42:3F:FA:A2:64:26:9D:DF
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0198A46EDB7E4323E881316A0C43A2AAE3DF
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/t0doH4-uoarXeCxfQj_6omQmnd8.roa
Signing time:             Wed 13 Aug 2025 17:16:25 +0000
ROA not before:           Wed 13 Aug 2025 17:16:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213449
IP address blocks:        89.106.95.0/24 maxlen: 24
                          89.144.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a4:6e:db:7e:43:23:e8:81:31:6a:0c:43:a2:aa:e3:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug 13 17:16:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b747681f8faea1aad7782c5f423ffaa264269ddf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:70:0d:a6:b6:9d:42:9e:fd:81:3d:60:f8:2e:
                    b6:81:df:5f:8e:4a:c9:bd:b6:11:35:b2:42:81:93:
                    57:7b:53:bf:db:15:5a:eb:ae:66:a2:37:7b:c5:03:
                    6a:32:96:a4:f1:b0:12:ae:fb:c7:e2:95:1d:1e:bb:
                    3b:92:4f:e4:2a:69:08:1f:33:a5:14:ca:92:3d:78:
                    1c:02:e7:55:c7:89:91:ea:c6:55:e1:f3:2c:5d:27:
                    e2:e8:b0:7c:e1:eb:e4:bb:aa:eb:6c:0d:78:d3:f5:
                    ee:c0:58:3a:64:16:de:2b:8d:a8:47:f4:bc:ba:59:
                    c2:ea:48:bc:5e:7e:0c:e0:55:a1:db:07:f2:28:b1:
                    43:03:5a:db:9e:ae:ac:a0:7e:3d:f5:5a:d4:2d:67:
                    e5:22:90:f7:f6:69:b4:2e:bf:c3:5c:25:83:ba:f8:
                    6a:4e:ed:c4:eb:61:cb:19:46:d0:5b:7a:25:76:1e:
                    24:b9:08:a0:9d:e5:bf:2b:71:c0:14:31:24:6c:a3:
                    7b:dc:6f:62:20:10:8b:ef:5c:55:16:29:db:a7:87:
                    29:13:36:57:0c:67:e0:fa:98:f3:9f:95:31:dd:f4:
                    9e:3e:6d:32:b4:a5:6b:f8:8f:e8:10:fc:c3:c2:fd:
                    b9:f1:fb:e4:68:2b:1c:87:6c:94:0d:2c:33:19:21:
                    82:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:47:68:1F:8F:AE:A1:AA:D7:78:2C:5F:42:3F:FA:A2:64:26:9D:DF
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/t0doH4-uoarXeCxfQj_6omQmnd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.95.0/24
                  89.144.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:e2:0d:c7:6b:37:d4:ce:8a:52:20:72:ae:9f:da:5f:39:14:
         2c:3b:13:0c:24:2c:0d:1b:e8:72:92:ba:4b:88:e6:0a:94:46:
         8a:cb:a5:d1:24:12:38:29:aa:eb:1c:02:a7:74:3a:6c:77:e1:
         bd:42:a0:89:2b:a4:1b:10:d4:7b:0b:0d:ce:cf:b6:45:02:ad:
         fc:76:83:68:3b:77:61:f3:47:7f:54:c2:fe:39:c8:ce:63:be:
         a6:b2:b5:26:9c:77:a9:19:a0:3b:4c:dc:3d:a7:cb:64:23:1a:
         25:52:b1:a3:a0:8d:f4:24:32:b3:2e:28:03:0e:25:65:81:57:
         03:cb:f7:11:9b:7a:1e:44:23:95:0e:f1:e6:ba:7b:62:08:ab:
         75:f7:bf:14:c4:08:8b:20:7d:46:8c:95:02:06:d2:9d:e3:c4:
         ac:2f:2d:20:0f:ff:24:07:b7:1f:83:f8:06:a7:05:75:59:e4:
         9f:2b:d7:e3:02:56:de:0f:76:c7:91:b5:63:e7:90:21:63:ef:
         26:1f:b3:c5:b8:cb:04:a6:3d:c5:be:01:b4:c8:a1:d4:9a:31:
         f8:22:30:25:56:b6:fa:ce:ff:1f:ce:2d:eb:bb:73:17:92:af:
         9b:d6:7f:a4:f0:04:a6:a6:cd:53:6a:b2:4b:8b:c9:3e:e7:3a:
         f8:97:45:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZikbtt+QyPogTFqDEOiquPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwODEzMTcxNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQ3NjgxZjhmYWVhMWFhZDc3ODJjNWY0MjNmZmFhMjY0MjY5ZGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3ANpradQp79gT1g+C62gd9fjkrJ
vbYRNbJCgZNXe1O/2xVa665mojd7xQNqMpak8bASrvvH4pUdHrs7kk/kKmkIHzOl
FMqSPXgcAudVx4mR6sZV4fMsXSfi6LB84evku6rrbA140/XuwFg6ZBbeK42oR/S8
ulnC6ki8Xn4M4FWh2wfyKLFDA1rbnq6soH499VrULWflIpD39mm0Lr/DXCWDuvhq
Tu3E62HLGUbQW3oldh4kuQigneW/K3HAFDEkbKN73G9iIBCL71xVFinbp4cpEzZX
DGfg+pjzn5Ux3fSePm0ytKVr+I/oEPzDwv258fvkaCsch2yUDSwzGSGCQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLdHaB+PrqGq13gsX0I/+qJkJp3fMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvdDBkb0g0LXVvYXJYZUN4ZlFqXzZvbVFtbmQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWpfAwQA
WZA/MA0GCSqGSIb3DQEBCwUAA4IBAQDb4g3HazfUzopSIHKun9pfORQsOxMMJCwN
G+hykrpLiOYKlEaKy6XRJBI4KarrHAKndDpsd+G9QqCJK6QbENR7Cw3Oz7ZFAq38
doNoO3dh80d/VML+OcjOY76msrUmnHepGaA7TNw9p8tkIxolUrGjoI30JDKzLigD
DiVlgVcDy/cRm3oeRCOVDvHmuntiCKt1978UxAiLIH1GjJUCBtKd48SsLy0gD/8k
B7cfg/gGpwV1WeSfK9fjAlbeD3bHkbVj55AhY+8mH7PFuMsEpj3FvgG0yKHUmjH4
IjAlVrb6zv8fzi3ru3MXkq+b1n+k8ASmps1TarJLi8k+5zr4l0Xy
-----END CERTIFICATE-----