Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/Nf0Y97WoRq7pU_teevRi4FwBAIs.roa
File:                     Nf0Y97WoRq7pU_teevRi4FwBAIs.roa (raw, json)
Hash identifier:          O1xztXnSDxA9BVjGt2O7JPCTRL9a6O2EeAtFUNC9SMU=
Subject key identifier:   35:FD:18:F7:B5:A8:46:AE:E9:53:FB:5E:7A:F4:62:E0:5C:01:00:8B
Certificate issuer:       /CN=cb608201f88aeae9486b9fa87189d796c54027dd
Certificate serial:       0198BF89518252FBEEEFDFF0AE1F40B384C1
Authority key identifier: CB:60:82:01:F8:8A:EA:E9:48:6B:9F:A8:71:89:D7:96:C5:40:27:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2CCAfiK6ulIa5-ocYnXlsVAJ90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/Nf0Y97WoRq7pU_teevRi4FwBAIs.roa
Signing time:             Mon 18 Aug 2025 23:35:04 +0000
ROA not before:           Mon 18 Aug 2025 23:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        89.23.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/y2CCAfiK6ulIa5-ocYnXlsVAJ90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/y2CCAfiK6ulIa5-ocYnXlsVAJ90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2CCAfiK6ulIa5-ocYnXlsVAJ90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bf:89:51:82:52:fb:ee:ef:df:f0:ae:1f:40:b3:84:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb608201f88aeae9486b9fa87189d796c54027dd
        Validity
            Not Before: Aug 18 23:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35fd18f7b5a846aee953fb5e7af462e05c01008b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8e:09:fb:e4:c5:71:44:e7:12:dc:6d:eb:a4:
                    6f:3a:e7:d3:55:bb:7c:64:27:65:8f:f7:e9:4d:2a:
                    90:82:89:41:82:98:f8:2e:81:c7:b4:84:61:db:11:
                    5f:0d:62:a7:62:ad:e5:77:d8:6b:af:6e:74:e5:c9:
                    0b:31:9d:ae:8a:0f:cb:c9:1c:41:f4:01:4a:b6:96:
                    c3:30:20:8c:c6:87:26:df:4b:e5:58:eb:5e:37:ce:
                    0a:a3:a1:c1:25:74:fd:e0:cb:36:ff:e9:cf:ed:40:
                    68:13:94:2a:23:ec:21:8d:79:48:ff:9b:2d:ca:a3:
                    47:61:93:43:10:a0:fd:1c:e2:7d:e0:d5:5e:aa:68:
                    81:3f:2b:3d:0e:9c:cd:ab:77:c8:45:99:e1:2e:5b:
                    c3:3e:af:fb:d3:a5:6b:27:97:2e:f7:6b:3c:52:6e:
                    9a:cb:ee:b8:26:b3:e4:42:c3:e2:08:c3:9d:7d:28:
                    01:ee:ab:d3:b5:b2:46:8e:63:0a:71:ea:72:32:56:
                    3c:7d:e4:8a:8b:54:63:24:6b:b9:58:a7:a8:72:61:
                    dc:f0:2e:2a:d2:01:6d:4f:2b:ae:8c:b1:be:bc:79:
                    60:0f:eb:a2:10:33:c3:ef:a1:40:c4:f4:4a:6b:b8:
                    12:ab:46:52:05:71:f5:83:8b:14:44:32:ad:a0:1e:
                    7d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FD:18:F7:B5:A8:46:AE:E9:53:FB:5E:7A:F4:62:E0:5C:01:00:8B
            X509v3 Authority Key Identifier:
                keyid:CB:60:82:01:F8:8A:EA:E9:48:6B:9F:A8:71:89:D7:96:C5:40:27:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2CCAfiK6ulIa5-ocYnXlsVAJ90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/Nf0Y97WoRq7pU_teevRi4FwBAIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/y2CCAfiK6ulIa5-ocYnXlsVAJ90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:9a:2a:de:f6:c4:93:70:67:3c:6c:48:9a:e7:48:4a:5e:1c:
         8d:01:ea:eb:f0:e8:e7:ea:55:d0:e3:64:0a:ef:22:2a:27:87:
         ce:50:9c:37:e6:18:4b:6c:19:26:69:b8:49:62:23:de:4f:c1:
         dc:66:0d:d9:67:23:d1:e4:d9:fe:6c:54:01:58:d5:46:55:ce:
         f6:5a:e1:68:ca:86:00:0c:83:e1:48:8e:58:57:e4:d4:f7:06:
         fd:a7:c8:76:65:25:9d:4a:e8:85:58:a3:18:9a:b0:76:f0:76:
         1b:12:89:24:bd:ed:7a:27:a8:11:0c:8c:d0:74:17:75:de:f2:
         25:60:32:d9:6b:42:11:65:99:cd:37:31:a2:de:69:5b:55:71:
         3c:1e:53:00:e1:1f:fc:bc:d7:13:a4:e8:b1:d5:69:f1:e5:54:
         74:a7:66:56:a0:5f:b1:47:c4:ea:f2:db:67:58:33:41:f6:89:
         8b:d6:70:77:38:db:15:49:b1:6b:ef:f9:23:fb:45:e4:96:a3:
         7f:27:1b:fc:ff:d6:a4:af:c7:21:b0:8d:31:9b:94:55:f0:4e:
         27:02:d1:4c:ea:5e:67:dd:9c:e8:2e:de:1b:c5:33:2b:cc:a6:
         22:d8:31:23:3d:f1:85:9d:36:cc:cd:24:0e:3a:db:33:e0:5c:
         40:4a:d7:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi/iVGCUvvu79/wrh9As4TBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjA4MjAxZjg4YWVhZTk0ODZiOWZhODcxODlkNzk2YzU0
MDI3ZGQwHhcNMjUwODE4MjMzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZkMThmN2I1YTg0NmFlZTk1M2ZiNWU3YWY0NjJlMDVjMDEwMDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzI4J++TFcUTnEtxt66RvOufTVbt8
ZCdlj/fpTSqQgolBgpj4LoHHtIRh2xFfDWKnYq3ld9hrr2505ckLMZ2uig/LyRxB
9AFKtpbDMCCMxocm30vlWOteN84Ko6HBJXT94Ms2/+nP7UBoE5QqI+whjXlI/5st
yqNHYZNDEKD9HOJ94NVeqmiBPys9DpzNq3fIRZnhLlvDPq/706VrJ5cu92s8Um6a
y+64JrPkQsPiCMOdfSgB7qvTtbJGjmMKcepyMlY8feSKi1RjJGu5WKeocmHc8C4q
0gFtTyuujLG+vHlgD+uiEDPD76FAxPRKa7gSq0ZSBXH1g4sURDKtoB59VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDX9GPe1qEau6VP7Xnr0YuBcAQCLMB8GA1UdIwQY
MBaAFMtgggH4iurpSGufqHGJ15bFQCfdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJDQ0FmaUs2dWxJYTUtb2NZblhsc1ZBSjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mZjEwYTUtMmZhMy00OTQyLWIyYTkt
YmZlNTJiNGFmOGI3LzEvTmYwWTk3V29ScTdwVV90ZWV2Umk0RndCQUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mZjEwYTUtMmZhMy00OTQyLWIyYTktYmZlNTJiNGFmOGI3
LzEveTJDQ0FmaUs2dWxJYTUtb2NZblhsc1ZBSjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRd+MA0G
CSqGSIb3DQEBCwUAA4IBAQBWmire9sSTcGc8bEia50hKXhyNAerr8Ojn6lXQ42QK
7yIqJ4fOUJw35hhLbBkmabhJYiPeT8HcZg3ZZyPR5Nn+bFQBWNVGVc72WuFoyoYA
DIPhSI5YV+TU9wb9p8h2ZSWdSuiFWKMYmrB28HYbEokkve16J6gRDIzQdBd13vIl
YDLZa0IRZZnNNzGi3mlbVXE8HlMA4R/8vNcTpOix1Wnx5VR0p2ZWoF+xR8Tq8ttn
WDNB9omL1nB3ONsVSbFr7/kj+0XklqN/Jxv8/9akr8chsI0xm5RV8E4nAtFM6l5n
3ZzoLt4bxTMrzKYi2DEjPfGFnTbMzSQOOtsz4FxAStfA
-----END CERTIFICATE-----