Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/5dCYwgA9XnsPyTZF0PH2sEFIENQ.roa
File:                     5dCYwgA9XnsPyTZF0PH2sEFIENQ.roa (raw, json)
Hash identifier:          HeN6VLa+RLAMtmcxH1afx2NR8Pkm/Q2bNQH+mpmkM84=
Subject key identifier:   E5:D0:98:C2:00:3D:5E:7B:0F:C9:36:45:D0:F1:F6:B0:41:48:10:D4
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0198A5660C09688C738786275EEDB9B1E56C
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/5dCYwgA9XnsPyTZF0PH2sEFIENQ.roa
Signing time:             Wed 13 Aug 2025 21:46:25 +0000
ROA not before:           Wed 13 Aug 2025 21:46:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206129
IP address blocks:        89.187.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a5:66:0c:09:68:8c:73:87:86:27:5e:ed:b9:b1:e5:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Aug 13 21:46:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5d098c2003d5e7b0fc93645d0f1f6b0414810d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:5c:96:5f:2f:ce:78:71:f1:96:30:83:bc:14:
                    f9:99:0e:09:9c:a3:45:08:76:8d:de:69:ee:c5:85:
                    69:8c:d8:6e:b8:d6:39:fd:3c:19:9c:8e:80:55:e0:
                    4f:ef:be:bb:98:ea:e1:93:f2:74:f9:85:43:b0:5b:
                    64:b9:eb:83:f2:ba:3d:e0:12:98:ad:b0:27:4a:df:
                    c6:a9:83:5a:d6:65:92:49:fc:92:08:57:ce:f7:d1:
                    b3:af:72:70:86:72:2d:f4:50:97:2e:59:28:53:00:
                    94:87:00:bb:70:a1:fb:20:24:bb:4c:a7:45:6b:46:
                    07:da:35:9b:ff:e9:7b:0e:e6:12:c8:57:11:94:a9:
                    0a:7e:b2:53:2e:a9:05:a4:0c:4c:81:49:ca:6b:0e:
                    e8:f2:04:64:f8:74:ba:c0:85:0b:d0:19:de:2b:b4:
                    d0:36:0a:6e:bc:9d:ae:90:b7:70:5f:3e:a4:12:a5:
                    af:0a:79:d4:82:e3:37:ed:22:e9:81:0d:c6:65:fa:
                    0f:e6:f4:ce:5b:17:97:78:62:62:69:89:46:c6:bd:
                    44:37:d3:5c:f2:2b:6e:04:46:47:9b:0d:65:71:e7:
                    6f:9b:b9:73:58:f3:43:04:4f:21:8c:5a:f1:0f:45:
                    a9:c0:5a:b7:ab:65:ff:ac:fe:46:e8:ce:fa:73:b7:
                    59:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D0:98:C2:00:3D:5E:7B:0F:C9:36:45:D0:F1:F6:B0:41:48:10:D4
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/5dCYwgA9XnsPyTZF0PH2sEFIENQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:47:e4:e9:fe:96:21:3d:16:3f:ac:69:ee:84:92:28:b7:17:
         29:9f:4b:ad:ec:d5:d2:c6:95:0e:d7:4a:3e:7c:d4:ce:53:67:
         fa:29:ce:1c:1d:77:1f:88:ed:47:81:e9:54:b7:f3:89:ad:ae:
         8a:f1:2d:d6:64:4f:39:ef:b3:b3:27:53:e3:c8:79:2f:97:ba:
         fb:a1:4d:fb:2c:d3:92:f9:fe:3a:39:ac:29:fe:57:9b:e2:6f:
         09:93:92:41:25:09:f5:21:f6:7d:98:31:b0:b1:e0:08:85:b9:
         c8:c9:e0:0b:11:7a:25:f6:9d:74:fb:9f:7a:fc:64:ca:0c:9a:
         c4:d7:50:d1:d4:40:4c:c3:a1:73:dd:ac:79:04:c0:5e:29:42:
         75:1e:dd:30:93:84:35:19:5b:d6:89:6e:8e:b2:73:a6:d1:8e:
         c2:3f:9f:50:9d:44:6a:9c:c6:f8:02:bf:ea:65:94:c3:3f:26:
         15:34:8f:9a:c9:dd:ce:b9:c6:76:b4:77:3a:60:3f:16:1c:c6:
         ba:6d:8c:24:48:b6:7d:83:d2:00:61:42:3c:04:67:4e:86:b5:
         30:6c:7a:7a:15:96:58:7c:6f:6b:b0:b7:7f:2b:f1:e1:94:d3:
         89:ec:54:7c:d1:3d:7b:6c:04:78:08:a3:46:fe:d8:7e:4d:28:
         b9:3a:8a:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZilZgwJaIxzh4YnXu25seVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwODEzMjE0NjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQwOThjMjAwM2Q1ZTdiMGZjOTM2NDVkMGYxZjZiMDQxNDgxMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41yWXy/OeHHxljCDvBT5mQ4JnKNF
CHaN3mnuxYVpjNhuuNY5/TwZnI6AVeBP7767mOrhk/J0+YVDsFtkueuD8ro94BKY
rbAnSt/GqYNa1mWSSfySCFfO99Gzr3JwhnIt9FCXLlkoUwCUhwC7cKH7ICS7TKdF
a0YH2jWb/+l7DuYSyFcRlKkKfrJTLqkFpAxMgUnKaw7o8gRk+HS6wIUL0BneK7TQ
NgpuvJ2ukLdwXz6kEqWvCnnUguM37SLpgQ3GZfoP5vTOWxeXeGJiaYlGxr1EN9Nc
8ituBEZHmw1lcedvm7lzWPNDBE8hjFrxD0WpwFq3q2X/rP5G6M76c7dZ5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXQmMIAPV57D8k2RdDx9rBBSBDUMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvNWRDWXdnQTlYbnNQeVRaRjBQSDJzRUZJRU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsHMA0G
CSqGSIb3DQEBCwUAA4IBAQABR+Tp/pYhPRY/rGnuhJIotxcpn0ut7NXSxpUO10o+
fNTOU2f6Kc4cHXcfiO1HgelUt/OJra6K8S3WZE8577OzJ1PjyHkvl7r7oU37LNOS
+f46Oawp/leb4m8Jk5JBJQn1IfZ9mDGwseAIhbnIyeALEXol9p10+596/GTKDJrE
11DR1EBMw6Fz3ax5BMBeKUJ1Ht0wk4Q1GVvWiW6OsnOm0Y7CP59QnURqnMb4Ar/q
ZZTDPyYVNI+ayd3OucZ2tHc6YD8WHMa6bYwkSLZ9g9IAYUI8BGdOhrUwbHp6FZZY
fG9rsLd/K/HhlNOJ7FR80T17bAR4CKNG/th+TSi5Ooq/
-----END CERTIFICATE-----