Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/jgHkgotwUlDa7vyV8NwpOKOQ3Bg.roa
File:                     jgHkgotwUlDa7vyV8NwpOKOQ3Bg.roa (raw, json)
Hash identifier:          CARcq+MM79jGs0AyYYQWuKyff+oBzRUmXWJMUB4WUF8=
Subject key identifier:   8E:01:E4:82:8B:70:52:50:DA:EE:FC:95:F0:DC:29:38:A3:90:DC:18
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       0197B293D712220758C33562779343668EEF
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/jgHkgotwUlDa7vyV8NwpOKOQ3Bg.roa
Signing time:             Fri 27 Jun 2025 18:08:42 +0000
ROA not before:           Fri 27 Jun 2025 18:08:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44881
IP address blocks:        45.151.98.0/23 maxlen: 23
                          94.137.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b2:93:d7:12:22:07:58:c3:35:62:77:93:43:66:8e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jun 27 18:08:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e01e4828b705250daeefc95f0dc2938a390dc18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:45:60:ae:dd:e6:c9:e6:97:36:98:8e:12:ee:
                    63:87:43:1a:a8:ee:e5:fc:b5:13:cf:f0:fc:79:38:
                    5f:f0:9f:21:47:90:0a:b7:12:4e:48:d9:4e:d2:6f:
                    e0:2b:fe:d7:0f:4e:9d:00:51:78:40:ae:7e:d3:72:
                    00:50:6a:87:ee:86:78:6d:7c:b6:6c:8e:e4:1d:b8:
                    b7:25:8f:06:81:4d:89:fa:06:65:4e:2e:d1:76:e2:
                    be:54:9b:54:20:a4:a5:f7:cc:91:39:25:87:7c:6d:
                    b0:1a:d3:09:0f:4a:e0:1e:2d:61:f5:8e:99:2e:6f:
                    a2:fd:88:69:95:1d:64:6d:a0:c9:92:96:34:c2:a2:
                    94:67:68:3d:da:d3:34:9a:82:36:32:2f:57:e1:f0:
                    53:f4:fc:15:97:b4:3f:a5:7c:34:6d:2b:06:7c:60:
                    8b:24:d9:28:7f:3f:98:5c:d4:d3:be:86:99:8f:6b:
                    f4:9e:d6:cb:98:13:28:82:e2:ca:7c:6a:8e:76:80:
                    7f:99:b2:1a:8a:0f:76:8d:7b:81:55:71:22:2e:bf:
                    16:b0:76:39:53:04:59:3d:88:ec:05:06:ce:c1:69:
                    68:aa:76:12:92:02:6b:6f:28:a4:4a:28:2f:c9:61:
                    79:63:3f:c9:ef:75:e4:4d:32:2e:b1:f4:ce:43:d8:
                    65:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:01:E4:82:8B:70:52:50:DA:EE:FC:95:F0:DC:29:38:A3:90:DC:18
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/jgHkgotwUlDa7vyV8NwpOKOQ3Bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.98.0/23
                  94.137.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:84:5c:74:a2:17:ad:cb:7b:ba:09:e9:e6:cd:5b:29:33:48:
         81:52:db:1a:60:31:78:5f:c4:8e:10:5e:ba:63:e1:9c:ad:62:
         fe:9d:d5:1f:88:25:e8:40:71:f8:99:1b:ad:fc:b6:3a:73:0f:
         4c:6d:e5:d0:a4:99:3f:9c:a8:bd:f8:06:be:f1:53:d8:de:9f:
         ca:32:02:de:cc:8a:eb:b4:b2:d8:5f:9a:f2:f0:14:5b:d3:92:
         3f:2f:d2:e7:a9:3e:5f:60:8f:6d:ec:25:ae:6b:7b:d2:9d:2a:
         d7:1d:a9:47:53:37:82:af:e5:01:46:ff:ed:15:06:54:b7:0f:
         d7:b8:9b:cb:b3:3e:eb:10:ee:c5:b6:f4:dc:6c:ab:35:d6:d8:
         c3:05:d7:10:c7:f4:18:2a:e1:78:16:b1:29:d2:af:37:6b:2f:
         ec:fe:24:ab:8f:d6:b5:c8:1d:34:63:fd:d3:02:b6:29:d9:de:
         13:f7:29:b2:9d:3e:d6:c7:50:ab:05:e2:a1:5c:5a:8c:6f:c0:
         26:fe:fd:64:fb:57:d7:b9:4b:d8:c7:30:0e:ac:03:8b:02:35:
         d8:7d:17:ef:e3:54:25:3f:7e:94:0a:71:99:9b:84:aa:11:82:
         91:db:d1:f0:1c:8d:04:75:04:97:30:c7:44:8e:ba:64:fe:aa:
         f6:2a:b8:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeyk9cSIgdYwzVid5NDZo7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjUwNjI3MTgwODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTAxZTQ4MjhiNzA1MjUwZGFlZWZjOTVmMGRjMjkzOGEzOTBkYzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkVgrt3myeaXNpiOEu5jh0MaqO7l
/LUTz/D8eThf8J8hR5AKtxJOSNlO0m/gK/7XD06dAFF4QK5+03IAUGqH7oZ4bXy2
bI7kHbi3JY8GgU2J+gZlTi7RduK+VJtUIKSl98yROSWHfG2wGtMJD0rgHi1h9Y6Z
Lm+i/YhplR1kbaDJkpY0wqKUZ2g92tM0moI2Mi9X4fBT9PwVl7Q/pXw0bSsGfGCL
JNkofz+YXNTTvoaZj2v0ntbLmBMoguLKfGqOdoB/mbIaig92jXuBVXEiLr8WsHY5
UwRZPYjsBQbOwWloqnYSkgJrbyikSigvyWF5Yz/J73XkTTIusfTOQ9hl9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI4B5IKLcFJQ2u78lfDcKTijkNwYMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvamdIa2dvdHdVbERhN3Z5VjhOd3BPS09RM0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZdiAwQA
XolcMA0GCSqGSIb3DQEBCwUAA4IBAQB5hFx0ohety3u6CenmzVspM0iBUtsaYDF4
X8SOEF66Y+GcrWL+ndUfiCXoQHH4mRut/LY6cw9MbeXQpJk/nKi9+Aa+8VPY3p/K
MgLezIrrtLLYX5ry8BRb05I/L9LnqT5fYI9t7CWua3vSnSrXHalHUzeCr+UBRv/t
FQZUtw/XuJvLsz7rEO7FtvTcbKs11tjDBdcQx/QYKuF4FrEp0q83ay/s/iSrj9a1
yB00Y/3TArYp2d4T9ymynT7Wx1CrBeKhXFqMb8Am/v1k+1fXuUvYxzAOrAOLAjXY
fRfv41QlP36UCnGZm4SqEYKR29HwHI0EdQSXMMdEjrpk/qr2Kri0
-----END CERTIFICATE-----