Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/6OtKmTEgJhEIk0Dz0L52FDn_Rxg.roa
File:                     6OtKmTEgJhEIk0Dz0L52FDn_Rxg.roa (raw, json)
Hash identifier:          ++83jB7VPRyh2VqDTxG+SKyYdSiPfkffv1qvHCEPuJw=
Subject key identifier:   E8:EB:4A:99:31:20:26:11:08:93:40:F3:D0:BE:76:14:39:FF:47:18
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0196B68A793CB9EC8A4CCD1064E68E62FB22
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/6OtKmTEgJhEIk0Dz0L52FDn_Rxg.roa
Signing time:             Fri 09 May 2025 19:34:10 +0000
ROA not before:           Fri 09 May 2025 19:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.251.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b6:8a:79:3c:b9:ec:8a:4c:cd:10:64:e6:8e:62:fb:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May  9 19:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8eb4a9931202611089340f3d0be761439ff4718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:7a:a8:2d:71:a9:c7:c5:dd:2b:9f:3b:dd:b1:
                    e0:c9:46:0c:7c:17:44:5e:b0:e2:ab:33:6f:07:f6:
                    5c:df:56:3b:62:68:c2:aa:13:da:9d:96:df:29:d6:
                    56:05:8b:d7:14:52:7e:c6:5b:1e:34:9c:07:13:64:
                    a1:b9:f9:8b:24:af:df:60:3e:b4:4c:b5:30:d8:15:
                    5d:e4:fa:cf:18:b0:5b:ce:b4:b4:c6:2e:0f:de:50:
                    fa:b2:1f:38:cb:11:f2:74:2e:20:98:cc:8b:66:7c:
                    12:0b:bf:11:ad:21:e7:60:75:0c:28:19:31:f4:ea:
                    7d:96:84:2f:fd:8b:0c:20:5a:9a:79:f2:db:da:9d:
                    17:af:e6:84:07:86:f4:fd:61:8b:ef:07:76:be:6e:
                    0f:aa:24:52:9e:64:20:8c:d3:0f:fd:96:7e:56:12:
                    31:cc:a0:dc:1f:90:05:7f:bb:e6:68:6c:a5:bc:7d:
                    06:c9:e7:62:a3:28:37:bc:31:63:6b:f0:bb:22:aa:
                    ff:04:35:4f:cc:15:fb:ee:b8:21:7f:03:9e:fd:31:
                    d4:16:96:b0:99:57:a2:a9:04:67:c6:d8:bd:88:02:
                    a4:73:79:72:90:64:87:88:d5:30:26:93:f3:3b:29:
                    d7:8d:07:57:90:e1:b4:c0:de:29:5c:09:52:80:3d:
                    bf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:EB:4A:99:31:20:26:11:08:93:40:F3:D0:BE:76:14:39:FF:47:18
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/6OtKmTEgJhEIk0Dz0L52FDn_Rxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:32:ce:83:b3:7c:f7:2f:14:4d:c3:78:23:25:84:d8:80:45:
         cf:aa:1c:44:ce:e9:79:ae:a6:18:c7:73:f3:94:97:63:40:05:
         1a:07:68:dc:79:df:81:20:44:35:47:f2:b7:ea:64:e7:3e:fc:
         06:37:cc:2d:32:d0:a7:f7:17:3b:1d:ac:d3:61:2b:87:28:04:
         90:2b:e3:26:5e:82:95:d4:a3:a4:14:f3:2b:d6:6c:fd:93:65:
         0f:07:c8:ea:68:21:bf:6c:0e:12:18:92:fa:9f:3a:49:78:29:
         24:22:f9:00:4c:cd:73:7b:8a:a6:12:b2:0e:ca:f5:ba:3e:3c:
         14:1a:66:3b:c1:d1:e3:d3:52:bb:49:9a:48:e9:7a:a0:6d:7f:
         c4:47:57:91:84:9d:eb:f3:04:a9:63:93:dc:9e:49:95:c9:69:
         85:06:3a:4b:c6:3c:b3:d6:75:23:f8:99:24:d8:98:d5:dc:c7:
         68:59:4a:33:ee:bc:72:8f:c0:dd:99:68:e9:c1:dc:d4:9c:b9:
         c4:6c:bb:17:d8:1e:bc:70:a5:b4:46:b5:e8:57:d4:cc:fa:5a:
         7a:df:92:ce:0d:8b:80:6f:51:f7:42:2d:f5:5e:7e:9d:ab:53:
         86:41:e9:9f:71:5d:5f:ec:4a:da:bb:0c:63:fd:ce:51:c5:78:
         f3:d2:24:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa2ink8ueyKTM0QZOaOYvsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNTA5MTkzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGViNGE5OTMxMjAyNjExMDg5MzQwZjNkMGJlNzYxNDM5ZmY0NzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HqoLXGpx8XdK5873bHgyUYMfBdE
XrDiqzNvB/Zc31Y7YmjCqhPanZbfKdZWBYvXFFJ+xlseNJwHE2ShufmLJK/fYD60
TLUw2BVd5PrPGLBbzrS0xi4P3lD6sh84yxHydC4gmMyLZnwSC78RrSHnYHUMKBkx
9Op9loQv/YsMIFqaefLb2p0Xr+aEB4b0/WGL7wd2vm4PqiRSnmQgjNMP/ZZ+VhIx
zKDcH5AFf7vmaGylvH0Gyedioyg3vDFja/C7Iqr/BDVPzBX77rghfwOe/THUFpaw
mVeiqQRnxti9iAKkc3lykGSHiNUwJpPzOynXjQdXkOG0wN4pXAlSgD2/HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjrSpkxICYRCJNA89C+dhQ5/0cYMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvNk90S21URWdKaEVJazBEejBMNTJGRG5fUnhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfscMA0G
CSqGSIb3DQEBCwUAA4IBAQCOMs6Ds3z3LxRNw3gjJYTYgEXPqhxEzul5rqYYx3Pz
lJdjQAUaB2jced+BIEQ1R/K36mTnPvwGN8wtMtCn9xc7HazTYSuHKASQK+MmXoKV
1KOkFPMr1mz9k2UPB8jqaCG/bA4SGJL6nzpJeCkkIvkATM1ze4qmErIOyvW6PjwU
GmY7wdHj01K7SZpI6XqgbX/ER1eRhJ3r8wSpY5PcnkmVyWmFBjpLxjyz1nUj+Jkk
2JjV3MdoWUoz7rxyj8DdmWjpwdzUnLnEbLsX2B68cKW0RrXoV9TM+lp635LODYuA
b1H3Qi31Xn6dq1OGQemfcV1f7Erauwxj/c5RxXjz0iTH
-----END CERTIFICATE-----