Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/pmxFhlPPQLXGUv6hd8fA82dYGtE.roa
File:                     pmxFhlPPQLXGUv6hd8fA82dYGtE.roa (raw, json)
Hash identifier:          a6LynfLW7GHcGAYPPMXAzMR7yEq39V2Fcbsey8YM/M8=
Subject key identifier:   A6:6C:45:86:53:CF:40:B5:C6:52:FE:A1:77:C7:C0:F3:67:58:1A:D1
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019775198C706FFC5F157BA7AEC9E016FA85
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/pmxFhlPPQLXGUv6hd8fA82dYGtE.roa
Signing time:             Sun 15 Jun 2025 19:38:17 +0000
ROA not before:           Sun 15 Jun 2025 19:38:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206987
IP address blocks:        89.21.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 03:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:75:19:8c:70:6f:fc:5f:15:7b:a7:ae:c9:e0:16:fa:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jun 15 19:38:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a66c458653cf40b5c652fea177c7c0f367581ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:37:42:dc:28:bb:65:ea:b7:db:b5:c6:65:db:
                    e9:68:ed:58:38:db:59:9e:22:23:36:cb:9b:71:37:
                    57:25:c3:74:d1:b1:ba:db:2a:d3:ad:26:3d:fd:9a:
                    22:56:60:dd:54:99:ef:d6:e2:4e:34:fa:ae:b1:f7:
                    ba:d5:f1:98:4c:38:9d:ad:ab:c2:f3:a0:38:bd:8d:
                    c9:63:1f:1a:6e:24:b0:9f:4f:71:77:a1:c5:96:4b:
                    e6:d0:66:16:50:8b:cb:f3:e8:fc:dd:b0:49:8e:b7:
                    91:b8:9e:d6:5c:ed:b2:48:19:e8:ab:f5:f4:be:b0:
                    08:11:50:57:d6:cb:d6:d9:5f:dc:02:44:d3:eb:de:
                    9a:3d:94:4a:a5:ba:4f:29:22:65:ff:c6:7b:91:9f:
                    01:05:4d:c5:1c:d9:24:1e:4b:ca:5b:d2:34:08:ca:
                    a1:5c:a1:97:5f:39:9a:9a:38:dd:7a:dd:d9:ba:df:
                    5c:6e:7a:16:d0:78:c6:b3:11:78:e3:ce:92:62:cc:
                    a2:5a:9c:16:50:82:bd:c2:f6:77:87:48:77:64:2b:
                    8a:c5:df:39:7c:2b:ba:00:75:5b:71:72:b0:cf:14:
                    f9:a8:7a:11:7f:37:e0:09:08:23:08:23:f2:40:06:
                    9d:dc:8c:66:14:19:7e:c4:c7:60:d9:a1:c3:26:af:
                    6b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:6C:45:86:53:CF:40:B5:C6:52:FE:A1:77:C7:C0:F3:67:58:1A:D1
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/pmxFhlPPQLXGUv6hd8fA82dYGtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:1e:d7:0c:73:ed:08:10:1e:28:13:6d:95:31:8c:66:af:96:
         84:a6:01:3e:c8:f1:40:b3:2b:a6:ec:82:88:b8:01:80:a2:b5:
         08:0b:6a:75:1f:bf:63:12:25:ee:6c:c2:0e:ff:35:cb:53:19:
         26:e1:ea:d1:39:59:ae:77:99:61:ec:73:1c:04:db:8d:a3:ab:
         95:2a:af:dd:05:bf:ef:df:5f:53:91:e0:c1:2d:5d:58:39:59:
         87:b5:1c:e7:c8:46:c5:bf:35:cc:0d:b3:14:0b:13:3b:cc:d0:
         80:02:03:7a:f7:10:a2:e5:bb:10:09:b7:f9:ce:9d:ed:8e:87:
         a2:4c:01:4b:99:08:32:46:07:06:01:5e:44:d6:62:15:6e:7b:
         9c:0e:41:8c:ab:9d:5f:ef:9b:2b:28:49:4b:c3:a4:07:db:24:
         79:2b:17:93:5c:6c:bb:c8:b2:4f:2e:48:56:93:49:21:34:a0:
         f3:3e:30:0c:99:11:c0:ae:dc:e5:7a:a3:3e:33:30:b0:f3:ba:
         2a:fb:8a:a5:49:b1:fc:06:76:58:54:24:ad:69:79:d5:40:3a:
         e9:84:e1:ff:c0:6b:94:40:b9:29:9c:2a:1e:d3:b5:11:47:a7:
         03:3b:6a:4b:34:1d:31:76:5b:55:cc:05:4b:eb:c7:96:79:7f:
         23:aa:38:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd1GYxwb/xfFXunrsngFvqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNjE1MTkzODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjZjNDU4NjUzY2Y0MGI1YzY1MmZlYTE3N2M3YzBmMzY3NTgxYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTdC3Ci7Zeq327XGZdvpaO1YONtZ
niIjNsubcTdXJcN00bG62yrTrSY9/ZoiVmDdVJnv1uJONPqusfe61fGYTDidravC
86A4vY3JYx8abiSwn09xd6HFlkvm0GYWUIvL8+j83bBJjreRuJ7WXO2ySBnoq/X0
vrAIEVBX1svW2V/cAkTT696aPZRKpbpPKSJl/8Z7kZ8BBU3FHNkkHkvKW9I0CMqh
XKGXXzmamjjdet3Zut9cbnoW0HjGsxF4486SYsyiWpwWUIK9wvZ3h0h3ZCuKxd85
fCu6AHVbcXKwzxT5qHoRfzfgCQgjCCPyQAad3IxmFBl+xMdg2aHDJq9rJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZsRYZTz0C1xlL+oXfHwPNnWBrRMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvcG14RmhsUFBRTFhHVXY2aGQ4ZkE4MmRZR3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRVUMA0G
CSqGSIb3DQEBCwUAA4IBAQAyHtcMc+0IEB4oE22VMYxmr5aEpgE+yPFAsyum7IKI
uAGAorUIC2p1H79jEiXubMIO/zXLUxkm4erROVmud5lh7HMcBNuNo6uVKq/dBb/v
319TkeDBLV1YOVmHtRznyEbFvzXMDbMUCxM7zNCAAgN69xCi5bsQCbf5zp3tjoei
TAFLmQgyRgcGAV5E1mIVbnucDkGMq51f75srKElLw6QH2yR5KxeTXGy7yLJPLkhW
k0khNKDzPjAMmRHArtzleqM+MzCw87oq+4qlSbH8BnZYVCStaXnVQDrphOH/wGuU
QLkpnCoe07URR6cDO2pLNB0xdltVzAVL68eWeX8jqjj+
-----END CERTIFICATE-----