Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/328wcZUwLN_vfeq8C6isq-A3BoM.roa
File:                     328wcZUwLN_vfeq8C6isq-A3BoM.roa (raw, json)
Hash identifier:          GlJNad5vKZfYBMC3kSAskLw5gbwDcjVPCSvhXw5VGI0=
Subject key identifier:   DF:6F:30:71:95:30:2C:DF:EF:7D:EA:BC:0B:A8:AC:AB:E0:37:06:83
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       0198BBFCE45F804511839F6F06285C493F6C
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/328wcZUwLN_vfeq8C6isq-A3BoM.roa
Signing time:             Mon 18 Aug 2025 07:02:49 +0000
ROA not before:           Mon 18 Aug 2025 07:02:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        89.149.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bb:fc:e4:5f:80:45:11:83:9f:6f:06:28:5c:49:3f:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Aug 18 07:02:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df6f307195302cdfef7deabc0ba8acabe0370683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:23:26:61:5d:41:78:9e:0f:3b:02:51:36:dd:
                    c3:cc:b4:19:86:19:36:4c:20:95:c2:db:f3:cc:d1:
                    4d:dc:1e:9b:c4:8d:ed:a5:57:5e:db:31:42:6d:3b:
                    9f:2f:1a:38:54:a6:08:2c:b3:e7:f7:27:8e:3e:11:
                    ee:e9:dd:88:7b:7e:89:c6:ce:1f:21:aa:5a:64:c3:
                    83:b1:4e:20:75:68:f0:89:e9:d3:52:f8:23:37:2b:
                    b0:f1:0c:2e:81:d1:31:0e:5d:c5:9b:c2:43:fe:ee:
                    d6:a3:f0:ec:17:04:be:a5:c3:4c:00:37:78:cf:ab:
                    c1:7c:a3:86:97:c3:3d:73:26:d7:30:80:d5:b9:70:
                    3a:10:a1:89:69:2f:79:43:56:71:fe:9f:87:7f:a8:
                    ba:0d:69:37:e5:04:e1:41:4a:21:1d:72:c1:fd:5f:
                    80:28:e9:ee:52:26:4d:b0:43:d2:35:ae:c7:57:6d:
                    6f:0c:50:3f:df:2a:67:4a:75:6f:f1:99:76:9e:7a:
                    b6:99:8a:59:04:f9:4d:6d:c8:de:dd:b9:70:25:84:
                    8d:23:91:e8:96:f0:b7:ec:0c:f1:21:56:9b:ad:87:
                    37:6c:af:cb:8c:e9:d2:08:b6:81:19:22:1c:57:64:
                    35:51:32:88:86:18:b0:eb:67:91:54:f6:63:96:15:
                    20:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:6F:30:71:95:30:2C:DF:EF:7D:EA:BC:0B:A8:AC:AB:E0:37:06:83
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/328wcZUwLN_vfeq8C6isq-A3BoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.149.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:59:22:9a:2b:be:7f:12:36:84:ff:11:2d:8d:ef:7c:28:aa:
         26:56:7d:4b:cf:4e:60:d3:30:02:c5:cf:92:94:a3:78:e9:66:
         5b:dc:26:7e:7a:fc:c3:9e:bc:98:5a:32:e6:c1:1a:11:57:9c:
         fe:66:68:11:79:8c:20:95:0d:d6:55:80:3a:57:b8:ab:80:eb:
         1a:a6:ef:fb:f4:60:e4:ef:18:34:70:e3:a9:1a:f8:7a:22:3c:
         e2:aa:26:93:50:e4:77:2c:1f:46:06:18:2e:ad:a0:0a:31:19:
         8d:15:d2:ea:a1:d1:6d:0d:4b:26:2a:d1:19:3a:61:15:b4:b0:
         e4:67:71:d0:04:47:df:ee:2a:49:0f:64:d9:6b:06:1e:7f:2e:
         c9:15:74:ec:a2:2c:5f:0a:4e:73:8e:4c:55:3c:e6:92:eb:dc:
         ef:34:25:73:9e:87:6d:74:4b:34:9a:66:37:6c:0c:0a:9b:d4:
         79:8f:ce:42:e4:38:44:f8:8c:21:bf:9d:db:b4:fc:43:5e:63:
         8f:64:02:50:4a:87:2c:c0:dd:de:e3:2d:b4:d0:c1:77:ab:61:
         7b:60:77:60:4c:41:d5:71:67:34:21:97:0a:1f:1f:f7:1d:2e:
         f8:70:b4:91:de:6b:1c:7f:ac:f7:5f:3a:4d:b4:6f:c4:76:a1:
         74:92:33:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi7/ORfgEURg59vBihcST9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjUwODE4MDcwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjZmMzA3MTk1MzAyY2RmZWY3ZGVhYmMwYmE4YWNhYmUwMzcwNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8iMmYV1BeJ4POwJRNt3DzLQZhhk2
TCCVwtvzzNFN3B6bxI3tpVde2zFCbTufLxo4VKYILLPn9yeOPhHu6d2Ie36Jxs4f
IapaZMODsU4gdWjwienTUvgjNyuw8QwugdExDl3Fm8JD/u7Wo/DsFwS+pcNMADd4
z6vBfKOGl8M9cybXMIDVuXA6EKGJaS95Q1Zx/p+Hf6i6DWk35QThQUohHXLB/V+A
KOnuUiZNsEPSNa7HV21vDFA/3ypnSnVv8Zl2nnq2mYpZBPlNbcje3blwJYSNI5Ho
lvC37AzxIVabrYc3bK/LjOnSCLaBGSIcV2Q1UTKIhhiw62eRVPZjlhUgZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9vMHGVMCzf733qvAuorKvgNwaDMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvMzI4d2NaVXdMTl92ZmVxOEM2aXNxLUEzQm9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZU/MA0G
CSqGSIb3DQEBCwUAA4IBAQCGWSKaK75/EjaE/xEtje98KKomVn1Lz05g0zACxc+S
lKN46WZb3CZ+evzDnryYWjLmwRoRV5z+ZmgReYwglQ3WVYA6V7irgOsapu/79GDk
7xg0cOOpGvh6IjziqiaTUOR3LB9GBhguraAKMRmNFdLqodFtDUsmKtEZOmEVtLDk
Z3HQBEff7ipJD2TZawYefy7JFXTsoixfCk5zjkxVPOaS69zvNCVznodtdEs0mmY3
bAwKm9R5j85C5DhE+Iwhv53btPxDXmOPZAJQSocswN3e4y200MF3q2F7YHdgTEHV
cWc0IZcKHx/3HS74cLSR3mscf6z3XzpNtG/EdqF0kjN5
-----END CERTIFICATE-----