Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/I9hwRnmqHHEGNHxF3QtJQGHeNco.roa
File:                     I9hwRnmqHHEGNHxF3QtJQGHeNco.roa (raw, json)
Hash identifier:          L5+zR7a2A7dRD2AsCwuIHvZZBGlb628GAU2pItv8oaU=
Subject key identifier:   23:D8:70:46:79:AA:1C:71:06:34:7C:45:DD:0B:49:40:61:DE:35:CA
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       0198CD180831CB19317CA66CD35F19B4BAD5
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/I9hwRnmqHHEGNHxF3QtJQGHeNco.roa
Signing time:             Thu 21 Aug 2025 14:46:00 +0000
ROA not before:           Thu 21 Aug 2025 14:46:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12325
IP address blocks:        89.40.204.0/24 maxlen: 24
                          89.40.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:18:08:31:cb:19:31:7c:a6:6c:d3:5f:19:b4:ba:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Aug 21 14:46:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23d8704679aa1c7106347c45dd0b494061de35ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:27:8e:ae:b0:e7:6b:d7:01:f5:e9:35:4e:c2:
                    01:50:4d:70:bf:0f:a1:9d:78:58:f8:8b:a7:99:30:
                    35:7d:07:b0:2f:c8:03:0b:9c:be:fa:32:ed:3b:3b:
                    34:e0:9b:71:7c:0e:bf:de:e5:c6:49:a0:74:d8:7b:
                    ff:b9:48:e0:51:12:1b:b4:20:c0:3f:72:82:52:ef:
                    76:04:5e:0f:7d:1d:d1:71:95:1e:5a:f3:7b:90:76:
                    92:e3:20:f3:88:ac:3e:e3:33:57:d8:3d:36:a1:17:
                    54:81:fa:f3:44:76:b4:5e:df:7d:ff:f8:50:ae:4e:
                    e6:9d:eb:71:51:4d:0c:d2:96:3b:25:69:93:d5:bc:
                    2b:36:b5:a1:13:d1:50:99:b3:dd:f9:29:ff:1d:ed:
                    65:33:f9:81:3d:b8:1a:50:ad:86:e8:3c:07:f4:43:
                    df:70:68:73:3d:2e:62:ab:5d:25:41:dd:8f:4b:96:
                    c5:d0:12:3d:8e:81:98:98:8c:65:dc:a5:cb:a8:4f:
                    a1:99:bd:27:cd:61:3e:59:48:2b:a8:fe:17:51:62:
                    3e:e0:7d:62:26:5c:78:52:a1:0f:86:2c:7c:d1:30:
                    89:17:b3:d7:94:c9:bb:1f:cc:b5:42:cb:dc:43:f1:
                    3b:19:88:90:5b:5c:6f:5a:f0:a0:9d:ed:ef:a3:ee:
                    4a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D8:70:46:79:AA:1C:71:06:34:7C:45:DD:0B:49:40:61:DE:35:CA
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/I9hwRnmqHHEGNHxF3QtJQGHeNco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.204.0/24
                  89.40.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:b1:5c:5f:93:7b:cc:45:5f:b9:01:c9:7f:f3:38:f7:91:59:
         54:10:a0:4e:d0:58:db:00:75:cc:49:7c:5c:68:4e:74:5d:d4:
         53:99:57:43:fe:26:d6:ac:e1:08:fc:01:2b:03:e5:30:a9:3c:
         d1:a9:0b:33:1b:9e:d6:a5:e5:09:61:7d:3f:e9:5f:69:e8:a3:
         b1:61:d1:40:6e:e2:47:8f:92:29:80:c3:1c:39:65:31:41:a4:
         65:33:f7:e2:ac:3c:b3:05:3f:b7:af:8d:af:cc:bb:63:00:88:
         fa:2b:df:48:7e:ea:1a:ee:9c:04:93:41:e8:34:95:7c:a5:20:
         7b:6b:91:16:4d:0d:60:5d:9c:e4:51:31:4f:0e:5d:74:64:6d:
         66:81:68:ad:7d:77:0a:ad:97:7c:0a:8d:86:1d:47:02:3a:bd:
         96:59:8d:01:99:2b:ce:62:c5:b9:85:51:78:5b:a3:eb:23:97:
         3f:b2:99:46:b1:a1:2e:c5:0d:b8:70:5f:db:ab:45:97:c0:ab:
         07:0e:a0:66:ec:f0:09:a4:92:97:e1:69:7b:b7:5f:fd:40:2c:
         77:cf:fe:2e:31:9f:2c:ea:19:3c:02:13:20:ff:b3:2b:cb:7e:
         b9:1f:39:c2:02:55:55:2c:7f:5a:4a:0b:f1:24:32:36:3a:12:
         12:b4:a4:dc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZjNGAgxyxkxfKZs018ZtLrVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwODIxMTQ0NjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Q4NzA0Njc5YWExYzcxMDYzNDdjNDVkZDBiNDk0MDYxZGUzNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyeOrrDna9cB9ek1TsIBUE1wvw+h
nXhY+IunmTA1fQewL8gDC5y++jLtOzs04JtxfA6/3uXGSaB02Hv/uUjgURIbtCDA
P3KCUu92BF4PfR3RcZUeWvN7kHaS4yDziKw+4zNX2D02oRdUgfrzRHa0Xt99//hQ
rk7mnetxUU0M0pY7JWmT1bwrNrWhE9FQmbPd+Sn/He1lM/mBPbgaUK2G6DwH9EPf
cGhzPS5iq10lQd2PS5bF0BI9joGYmIxl3KXLqE+hmb0nzWE+WUgrqP4XUWI+4H1i
Jlx4UqEPhix80TCJF7PXlMm7H8y1QsvcQ/E7GYiQW1xvWvCgne3vo+5KIQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCPYcEZ5qhxxBjR8Rd0LSUBh3jXKMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0k5aHdSbm1xSEhFR05IeEYzUXRKUUdIZU5jby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABZKMwD
BABZKOkwDQYJKoZIhvcNAQELBQADggEBAEWxXF+Te8xFX7kByX/zOPeRWVQQoE7Q
WNsAdcxJfFxoTnRd1FOZV0P+Jtas4Qj8ASsD5TCpPNGpCzMbntal5QlhfT/pX2no
o7Fh0UBu4kePkimAwxw5ZTFBpGUz9+KsPLMFP7evja/Mu2MAiPor30h+6hrunAST
Qeg0lXylIHtrkRZNDWBdnORRMU8OXXRkbWaBaK19dwqtl3wKjYYdRwI6vZZZjQGZ
K85ixbmFUXhbo+sjlz+ymUaxoS7FDbhwX9urRZfAqwcOoGbs8AmkkpfhaXu3X/1A
LHfP/i4xnyzqGTwCEyD/syvLfrkfOcICVVUsf1pKC/EkMjY6EhK0pNw=
-----END CERTIFICATE-----