Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/R-aTrSt-2ZV-lEf1_-snMmfd8J4.roa
File:                     R-aTrSt-2ZV-lEf1_-snMmfd8J4.roa (raw, json)
Hash identifier:          d8N5g8jVz0cpcp/i/Z5cwaIfBDnFIkgzwMup5/9HjUM=
Subject key identifier:   47:E6:93:AD:2B:7E:D9:95:7E:94:47:F5:FF:EB:27:32:67:DD:F0:9E
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0199B5CF390085BEE12B6837D2DA0F094BE7
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/R-aTrSt-2ZV-lEf1_-snMmfd8J4.roa
Signing time:             Sun 05 Oct 2025 19:18:00 +0000
ROA not before:           Sun 05 Oct 2025 19:18:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.21.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b5:cf:39:00:85:be:e1:2b:68:37:d2:da:0f:09:4b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct  5 19:18:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47e693ad2b7ed9957e9447f5ffeb273267ddf09e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:9e:86:bd:6d:0a:38:78:5e:5a:d8:47:e8:67:
                    ec:ae:48:b0:d2:f3:5a:62:9a:c9:6a:5b:2d:64:f0:
                    db:f8:e0:b4:9e:84:b9:05:b5:da:93:19:75:d2:3f:
                    93:ff:71:c3:b3:7e:61:8c:96:f2:42:23:d6:93:e8:
                    5a:8a:3d:b1:ee:8e:f5:3f:d3:06:18:c2:02:3b:7b:
                    c5:fe:cb:92:d9:0e:9e:91:25:ac:91:f4:90:1c:15:
                    fc:35:06:de:77:e4:9e:43:ae:cf:35:53:67:f1:cf:
                    76:21:66:be:2d:0c:24:06:aa:13:38:5e:5f:59:7c:
                    cd:81:86:9a:9b:8b:46:82:dc:bb:1e:62:5c:2c:42:
                    54:fc:86:93:37:a4:1c:47:10:10:9c:fd:bd:ef:dd:
                    bb:61:11:36:a8:3b:5b:84:cd:ae:79:94:5a:f5:29:
                    aa:80:31:2b:5a:81:dd:3b:c9:74:3f:c3:0e:a6:f3:
                    85:19:aa:45:8a:fd:aa:c9:7d:9e:3e:f5:2a:05:12:
                    83:83:ea:76:a1:75:b9:f1:cf:c0:fd:d7:85:9f:75:
                    95:5b:e4:4e:16:07:41:df:2a:de:c7:31:f8:f5:82:
                    5e:bc:e3:65:fe:c3:88:36:fc:13:4b:2e:63:55:5e:
                    aa:fd:34:e2:8b:28:44:94:e8:66:51:1d:9e:80:a7:
                    e2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E6:93:AD:2B:7E:D9:95:7E:94:47:F5:FF:EB:27:32:67:DD:F0:9E
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/R-aTrSt-2ZV-lEf1_-snMmfd8J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:40:5f:6d:a3:55:4a:84:d6:2c:f8:6c:43:1c:f5:dc:d4:94:
         e4:31:16:25:25:1e:2f:11:f3:d8:aa:30:6e:d3:7a:80:c1:77:
         c0:72:f6:8c:8d:48:35:50:df:74:53:d5:91:da:b5:d6:fa:f2:
         7c:15:d1:b2:bd:64:4a:e2:54:79:81:94:49:9a:1f:96:da:9f:
         0b:50:62:02:c4:88:59:34:41:33:fa:2d:2a:5b:32:e6:2b:57:
         18:0a:29:2a:fe:f8:fe:7a:d4:fa:00:8a:d1:18:c8:aa:e6:f1:
         35:ee:85:b7:da:5c:be:5c:f7:81:b2:68:2e:9a:91:ba:45:e2:
         fc:44:d8:24:d8:7b:9a:a8:c8:85:6d:61:06:73:bb:5c:26:e6:
         76:1e:bd:8f:9d:d1:d3:84:14:7f:e0:13:2a:d1:9c:0e:4c:39:
         0a:15:82:e5:2a:9b:95:1e:b1:cb:da:60:73:43:bf:2b:7f:28:
         df:20:4b:7b:81:25:02:ba:e6:89:ce:7d:63:ff:a6:3a:62:66:
         2e:46:7b:35:2b:91:0a:10:b6:02:03:32:9a:40:ab:39:30:60:
         9d:06:04:f1:2a:05:96:2b:44:e6:4c:3e:e2:8a:7e:52:8f:65:
         93:20:3e:56:e7:fc:d2:e8:d4:8f:6a:a9:82:0f:cb:9a:06:01:
         94:6e:46:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm1zzkAhb7hK2g30toPCUvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUxMDA1MTkxODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2U2OTNhZDJiN2VkOTk1N2U5NDQ3ZjVmZmViMjczMjY3ZGRmMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2p6GvW0KOHheWthH6Gfsrkiw0vNa
YprJalstZPDb+OC0noS5BbXakxl10j+T/3HDs35hjJbyQiPWk+haij2x7o71P9MG
GMICO3vF/suS2Q6ekSWskfSQHBX8NQbed+SeQ67PNVNn8c92IWa+LQwkBqoTOF5f
WXzNgYaam4tGgty7HmJcLEJU/IaTN6QcRxAQnP297927YRE2qDtbhM2ueZRa9Smq
gDErWoHdO8l0P8MOpvOFGapFiv2qyX2ePvUqBRKDg+p2oXW58c/A/deFn3WVW+RO
FgdB3yrexzH49YJevONl/sOINvwTSy5jVV6q/TTiiyhElOhmUR2egKfiKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfmk60rftmVfpRH9f/rJzJn3fCeMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvUi1hVHJTdC0yWlYtbEVmMV8tc25NbWZkOEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRVXMA0G
CSqGSIb3DQEBCwUAA4IBAQBnQF9to1VKhNYs+GxDHPXc1JTkMRYlJR4vEfPYqjBu
03qAwXfAcvaMjUg1UN90U9WR2rXW+vJ8FdGyvWRK4lR5gZRJmh+W2p8LUGICxIhZ
NEEz+i0qWzLmK1cYCikq/vj+etT6AIrRGMiq5vE17oW32ly+XPeBsmgumpG6ReL8
RNgk2HuaqMiFbWEGc7tcJuZ2Hr2PndHThBR/4BMq0ZwOTDkKFYLlKpuVHrHL2mBz
Q78rfyjfIEt7gSUCuuaJzn1j/6Y6YmYuRns1K5EKELYCAzKaQKs5MGCdBgTxKgWW
K0TmTD7iin5Sj2WTID5W5/zS6NSPaqmCD8uaBgGUbkZR
-----END CERTIFICATE-----