Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/5WLg_OQ77v-fOT9qxALPiv6xIJU.roa
File:                     5WLg_OQ77v-fOT9qxALPiv6xIJU.roa (raw, json)
Hash identifier:          Of5ILIgkLOFeAYv4HvRO9bh/m8O2gTiP63LRrjsXyCc=
Subject key identifier:   E5:62:E0:FC:E4:3B:EE:FF:9F:39:3F:6A:C4:02:CF:8A:FE:B1:20:95
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       019957BF403FFBB84E74DE96CA4F2D382967
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/5WLg_OQ77v-fOT9qxALPiv6xIJU.roa
Signing time:             Wed 17 Sep 2025 12:56:15 +0000
ROA not before:           Wed 17 Sep 2025 12:56:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64433
IP address blocks:        94.137.74.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:bf:40:3f:fb:b8:4e:74:de:96:ca:4f:2d:38:29:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Sep 17 12:56:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e562e0fce43beeff9f393f6ac402cf8afeb12095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:11:cc:98:de:e4:01:8f:b5:a1:88:4d:c4:8c:
                    7f:2b:1d:f3:b6:b6:5c:e9:2d:9b:04:b5:2c:dc:5b:
                    92:76:eb:24:7b:f9:dd:2a:70:36:7b:2c:9d:77:72:
                    d2:17:94:26:dd:8b:0c:a3:a1:92:c7:08:61:69:20:
                    7d:f3:f8:6d:1e:b1:7a:7f:8c:19:b8:36:4f:55:01:
                    9f:7a:18:46:b4:04:32:0b:68:93:3d:c9:cf:e1:43:
                    b3:30:b1:cd:86:8d:e2:7b:c3:0c:49:b5:44:4a:e9:
                    a8:62:e3:0e:53:8e:aa:b6:6d:68:a4:9b:5e:46:88:
                    a7:a4:69:65:4a:e0:d6:8c:31:06:19:4b:5a:a0:d2:
                    11:49:39:f0:6e:aa:df:41:dc:26:56:dd:fb:97:86:
                    65:8c:69:e4:bb:cd:7c:de:58:85:a7:ec:60:37:b0:
                    a7:3d:b0:3f:54:46:3b:ce:b0:6c:dd:81:50:1d:4f:
                    ff:c9:f3:54:d3:32:0a:a6:0c:87:46:9f:5e:45:52:
                    ae:95:3b:75:ee:2b:18:c0:ec:e0:28:29:28:9c:ff:
                    21:0a:df:5a:79:f9:75:0f:1f:a2:d1:ca:04:8b:1c:
                    a9:98:b5:d7:91:b3:01:85:72:0b:44:e6:2e:0c:5c:
                    c9:0b:15:97:c8:ff:35:02:24:f7:7a:65:43:09:88:
                    eb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:62:E0:FC:E4:3B:EE:FF:9F:39:3F:6A:C4:02:CF:8A:FE:B1:20:95
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/5WLg_OQ77v-fOT9qxALPiv6xIJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:73:38:99:ed:ee:a9:84:47:89:4e:b8:a8:d4:9e:cd:37:fe:
         c7:dc:bf:6c:8d:82:89:6e:4f:e4:60:69:9c:4e:c8:33:0d:91:
         4c:e9:b5:2a:96:2a:ad:de:8c:87:d5:3a:ac:30:f8:40:47:3f:
         16:13:ec:6e:ab:5b:53:68:13:a8:43:b2:13:85:84:4a:f2:13:
         69:2e:03:5c:b5:75:1e:f1:34:e3:aa:2b:ea:5f:18:47:a5:1b:
         a7:4b:a7:3e:28:b9:85:5f:7e:2e:97:14:88:72:e6:57:fb:43:
         69:26:41:22:34:66:b5:98:3b:af:ca:7d:d6:cf:30:7e:56:c0:
         1f:a9:ec:98:56:75:2b:4e:0d:80:18:f4:92:c0:8a:d1:92:10:
         33:ba:18:6e:9f:56:8f:3a:c6:64:4d:15:34:07:e2:67:3b:1c:
         a6:bb:d4:84:17:11:af:bd:17:d4:d5:55:2d:c5:94:f0:6e:e4:
         57:74:32:40:6d:7d:cd:ff:8d:a4:57:f0:72:8f:ef:5f:d4:3f:
         72:9b:01:96:69:ce:1e:8e:5e:fc:c1:56:82:6f:e0:ac:a6:f6:
         a0:5a:1b:09:0e:0e:06:10:44:ce:16:23:4a:cd:ea:56:60:53:
         06:aa:a1:8f:32:ca:79:65:82:31:2d:22:c7:90:ce:22:85:c5:
         d3:39:f3:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlXv0A/+7hOdN6Wyk8tOClnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjUwOTE3MTI1NjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTYyZTBmY2U0M2JlZWZmOWYzOTNmNmFjNDAyY2Y4YWZlYjEyMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BHMmN7kAY+1oYhNxIx/Kx3ztrZc
6S2bBLUs3FuSduske/ndKnA2eyydd3LSF5Qm3YsMo6GSxwhhaSB98/htHrF6f4wZ
uDZPVQGfehhGtAQyC2iTPcnP4UOzMLHNho3ie8MMSbVESumoYuMOU46qtm1opJte
RoinpGllSuDWjDEGGUtaoNIRSTnwbqrfQdwmVt37l4ZljGnku8183liFp+xgN7Cn
PbA/VEY7zrBs3YFQHU//yfNU0zIKpgyHRp9eRVKulTt17isYwOzgKCkonP8hCt9a
efl1Dx+i0coEixypmLXXkbMBhXILROYuDFzJCxWXyP81AiT3emVDCYjrqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVi4PzkO+7/nzk/asQCz4r+sSCVMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvNVdMZ19PUTc3di1mT1Q5cXhBTFBpdjZ4SUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXolKMA0G
CSqGSIb3DQEBCwUAA4IBAQBIcziZ7e6phEeJTrio1J7NN/7H3L9sjYKJbk/kYGmc
TsgzDZFM6bUqliqt3oyH1TqsMPhARz8WE+xuq1tTaBOoQ7IThYRK8hNpLgNctXUe
8TTjqivqXxhHpRunS6c+KLmFX34ulxSIcuZX+0NpJkEiNGa1mDuvyn3WzzB+VsAf
qeyYVnUrTg2AGPSSwIrRkhAzuhhun1aPOsZkTRU0B+JnOxymu9SEFxGvvRfU1VUt
xZTwbuRXdDJAbX3N/42kV/Byj+9f1D9ymwGWac4ejl78wVaCb+CspvagWhsJDg4G
EETOFiNKzepWYFMGqqGPMsp5ZYIxLSLHkM4ihcXTOfN1
-----END CERTIFICATE-----