Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/vvKX9oflY3swSadfJukjOxOYg3M.roa
File:                     vvKX9oflY3swSadfJukjOxOYg3M.roa (raw, json)
Hash identifier:          wjPx8ZTmwvSDu1PVRFMY+WcMogZCOGW5+T7IBF9kYL4=
Subject key identifier:   BE:F2:97:F6:87:E5:63:7B:30:49:A7:5F:26:E9:23:3B:13:98:83:73
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01978EE072266B69E55B966A4778A0CEA865
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/vvKX9oflY3swSadfJukjOxOYg3M.roa
Signing time:             Fri 20 Jun 2025 19:46:03 +0000
ROA not before:           Fri 20 Jun 2025 19:46:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211056
IP address blocks:        89.44.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 01:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8e:e0:72:26:6b:69:e5:5b:96:6a:47:78:a0:ce:a8:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun 20 19:46:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bef297f687e5637b3049a75f26e9233b13988373
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:66:99:ec:4f:b7:29:81:c3:ca:04:82:f4:4f:
                    cb:cf:f8:b9:d1:5c:78:65:13:f1:fb:e7:24:df:2f:
                    bf:59:98:0a:2a:12:bc:95:ee:0a:90:ab:57:1a:96:
                    5f:f3:70:df:72:76:95:80:50:69:b0:51:86:26:94:
                    30:99:1c:3f:93:ee:c8:60:46:cd:bc:aa:01:5e:21:
                    be:d5:52:f0:52:02:a8:3f:9e:58:c6:17:9a:42:60:
                    4f:20:7e:79:cc:63:33:fb:ad:d2:f3:eb:1d:7c:fc:
                    15:f4:fd:44:43:72:1a:e3:9b:07:6c:d9:e5:da:e8:
                    0f:ba:ac:bb:52:32:85:5c:8d:15:a3:ee:6f:e5:c0:
                    24:3f:3f:45:25:90:9f:59:ea:ea:e5:1b:c7:c0:e8:
                    75:1c:6e:e3:fc:16:fc:eb:1f:76:a3:a5:ca:49:d2:
                    dc:4d:4e:2a:6b:4d:60:3b:04:b4:f4:55:37:57:33:
                    90:1d:57:4f:15:8e:31:47:62:4e:f5:68:bc:e3:0e:
                    97:c5:54:0a:46:38:d8:26:8b:63:80:d6:c0:f0:34:
                    33:93:12:42:05:5d:f6:a2:fd:9e:55:be:a5:dd:4e:
                    84:c3:37:b9:2e:a5:c8:5e:e9:3d:d8:0c:21:1d:ab:
                    35:39:26:2a:ba:8f:7e:fe:1f:00:b4:74:67:56:96:
                    2f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:F2:97:F6:87:E5:63:7B:30:49:A7:5F:26:E9:23:3B:13:98:83:73
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/vvKX9oflY3swSadfJukjOxOYg3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:62:76:d2:db:f9:63:47:32:60:ed:e1:26:2d:c9:96:be:9e:
         a9:a0:0d:4b:00:e6:cf:85:21:7c:dd:4a:ff:a5:58:e3:c1:75:
         70:7d:e7:a1:ab:dc:9a:24:72:7f:df:5b:96:a3:d2:0e:88:4f:
         27:56:33:02:0d:50:48:05:a0:2d:b0:95:69:61:a5:00:47:2c:
         bc:d4:d7:e1:74:9a:ab:b0:51:f1:7a:70:b0:6e:00:9c:97:d8:
         8b:dc:33:59:59:9b:67:88:b4:54:45:fe:a6:81:7e:ba:a0:09:
         a0:c4:2a:db:ac:87:4e:4b:99:b9:e3:0a:84:01:55:1e:6f:69:
         e4:1e:ad:d8:0f:37:f4:bb:2c:42:66:64:44:84:c4:95:b8:aa:
         b3:49:c7:39:12:a9:93:04:bd:7b:65:f0:99:58:32:3b:09:e2:
         b0:ad:a0:ea:af:33:c4:d8:1d:71:42:4b:4f:c9:ef:de:98:bf:
         cc:aa:a9:eb:ea:8d:35:d7:9a:0d:29:d5:66:fb:60:2e:87:ee:
         dd:e1:a0:86:99:64:9c:94:57:cc:87:47:10:40:ee:40:3b:fe:
         52:29:04:9a:9c:ec:67:01:16:f0:3f:e3:90:ff:1f:10:80:0b:
         4f:7c:10:86:2d:c2:e7:20:c0:b3:dd:e4:99:8e:07:64:bc:c3:
         ea:99:e1:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeO4HIma2nlW5ZqR3igzqhlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNjIwMTk0NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWYyOTdmNjg3ZTU2MzdiMzA0OWE3NWYyNmU5MjMzYjEzOTg4MzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGaZ7E+3KYHDygSC9E/Lz/i50Vx4
ZRPx++ck3y+/WZgKKhK8le4KkKtXGpZf83DfcnaVgFBpsFGGJpQwmRw/k+7IYEbN
vKoBXiG+1VLwUgKoP55YxheaQmBPIH55zGMz+63S8+sdfPwV9P1EQ3Ia45sHbNnl
2ugPuqy7UjKFXI0Vo+5v5cAkPz9FJZCfWerq5RvHwOh1HG7j/Bb86x92o6XKSdLc
TU4qa01gOwS09FU3VzOQHVdPFY4xR2JO9Wi84w6XxVQKRjjYJotjgNbA8DQzkxJC
BV32ov2eVb6l3U6Ewze5LqXIXuk92AwhHas1OSYquo9+/h8AtHRnVpYv0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7yl/aH5WN7MEmnXybpIzsTmINzMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvdnZLWDlvZmxZM3N3U2FkZkp1a2pPeE9ZZzNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzzMA0G
CSqGSIb3DQEBCwUAA4IBAQCJYnbS2/ljRzJg7eEmLcmWvp6poA1LAObPhSF83Ur/
pVjjwXVwfeehq9yaJHJ/31uWo9IOiE8nVjMCDVBIBaAtsJVpYaUARyy81NfhdJqr
sFHxenCwbgCcl9iL3DNZWZtniLRURf6mgX66oAmgxCrbrIdOS5m54wqEAVUeb2nk
Hq3YDzf0uyxCZmREhMSVuKqzScc5EqmTBL17ZfCZWDI7CeKwraDqrzPE2B1xQktP
ye/emL/Mqqnr6o0115oNKdVm+2Auh+7d4aCGmWSclFfMh0cQQO5AO/5SKQSanOxn
ARbwP+OQ/x8QgAtPfBCGLcLnIMCz3eSZjgdkvMPqmeGC
-----END CERTIFICATE-----