Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/yS4gxCiyxv-6Eo_qaFTdHS-1_f0.roa
File:                     yS4gxCiyxv-6Eo_qaFTdHS-1_f0.roa (raw, json)
Hash identifier:          4bv1Fv/+FlNMdg4hH2LqipPwgjlMt4gTsStcEknTXUI=
Subject key identifier:   C9:2E:20:C4:28:B2:C6:FF:BA:12:8F:EA:68:54:DD:1D:2F:B5:FD:FD
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       019985E9988F2833221FFED20A436E0F9732
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/yS4gxCiyxv-6Eo_qaFTdHS-1_f0.roa
Signing time:             Fri 26 Sep 2025 12:05:02 +0000
ROA not before:           Fri 26 Sep 2025 12:05:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25098
IP address blocks:        89.34.112.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:e9:98:8f:28:33:22:1f:fe:d2:0a:43:6e:0f:97:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Sep 26 12:05:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c92e20c428b2c6ffba128fea6854dd1d2fb5fdfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2c:73:de:fe:d9:65:6c:1c:11:6b:9b:c1:26:
                    b7:32:49:d5:33:61:52:5e:38:ab:f7:4e:49:36:be:
                    50:0c:5a:ba:ed:55:47:b7:a7:5e:e8:c0:02:cc:10:
                    fb:3a:5d:09:ee:a0:24:ef:1f:81:c1:8b:fa:c1:cf:
                    02:41:fa:51:dc:4e:e1:c9:21:ce:46:59:e4:bc:0f:
                    c0:7f:5d:cc:6e:21:6c:a4:3e:b2:b8:38:c8:46:92:
                    74:84:78:15:eb:8d:06:29:de:cb:a8:42:4c:35:25:
                    b2:f7:67:e3:d8:3a:52:49:91:98:4a:be:78:21:12:
                    6f:01:c6:39:e2:ba:a5:70:53:c5:ff:7e:1a:31:37:
                    04:a2:8f:bc:56:f7:68:ab:30:4a:13:5f:f3:e5:7d:
                    36:83:0d:d9:9b:14:88:f4:2d:2a:0b:c6:5a:94:02:
                    3b:5f:d6:95:a9:d5:ae:3c:e7:a3:4a:b6:99:02:2b:
                    06:9c:3d:c7:be:55:1f:97:d3:7f:c2:af:56:be:a0:
                    d3:c5:bb:b6:2d:0c:24:fa:d3:87:b1:4b:89:1d:e7:
                    b1:e6:0a:24:98:d5:df:92:b0:08:f4:6d:ef:f5:f2:
                    2e:cc:c7:95:93:e2:b8:8d:dd:26:fe:50:ec:40:f7:
                    94:c5:22:b9:98:c3:7b:f2:19:8e:07:54:89:c0:27:
                    34:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:2E:20:C4:28:B2:C6:FF:BA:12:8F:EA:68:54:DD:1D:2F:B5:FD:FD
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/yS4gxCiyxv-6Eo_qaFTdHS-1_f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ce:52:3c:bc:98:1e:7b:5a:46:91:40:22:48:a7:a4:58:c7:5c:
         08:48:96:6e:84:f1:b6:6b:09:e0:4f:9b:95:65:80:dd:66:52:
         82:cf:46:12:83:cb:e0:e6:b5:98:90:4a:80:4d:05:32:87:04:
         97:20:e1:0a:83:41:4b:d6:7a:2c:ef:99:be:31:a3:41:5b:15:
         33:a8:03:fc:a5:cc:af:65:ec:52:bd:80:cf:a2:3a:1e:89:72:
         35:f2:a2:18:c5:5a:8d:e1:92:9a:7c:b1:c9:d1:5a:3b:df:3d:
         0f:59:c7:bd:3a:34:24:ea:99:a0:99:7c:89:88:e8:38:f5:8b:
         06:4f:b6:3e:6f:1f:71:df:c9:74:56:97:aa:65:9b:65:82:dc:
         29:fd:c6:44:ef:a2:b5:2c:10:07:a9:54:52:e4:d6:04:32:55:
         7b:07:80:ea:08:72:a6:0f:e8:f3:06:4e:be:d8:23:40:c8:7d:
         e3:a5:22:fc:dd:df:c1:4b:a3:7c:32:23:88:e5:dd:f1:62:a1:
         10:8d:83:37:60:97:c5:3c:d1:4b:80:a1:18:88:fe:d8:dc:6d:
         c6:41:9a:16:4d:e3:47:4b:b9:a2:a4:ab:51:87:5b:5f:9e:28:
         24:26:6b:1e:a6:07:4f:d2:3e:1d:8d:a3:5f:db:1c:ef:fd:d4:
         0d:9b:91:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmF6ZiPKDMiH/7SCkNuD5cyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjUwOTI2MTIwNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTJlMjBjNDI4YjJjNmZmYmExMjhmZWE2ODU0ZGQxZDJmYjVmZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCxz3v7ZZWwcEWubwSa3MknVM2FS
Xjir905JNr5QDFq67VVHt6de6MACzBD7Ol0J7qAk7x+BwYv6wc8CQfpR3E7hySHO
RlnkvA/Af13MbiFspD6yuDjIRpJ0hHgV640GKd7LqEJMNSWy92fj2DpSSZGYSr54
IRJvAcY54rqlcFPF/34aMTcEoo+8VvdoqzBKE1/z5X02gw3ZmxSI9C0qC8ZalAI7
X9aVqdWuPOejSraZAisGnD3HvlUfl9N/wq9WvqDTxbu2LQwk+tOHsUuJHeex5gok
mNXfkrAI9G3v9fIuzMeVk+K4jd0m/lDsQPeUxSK5mMN78hmOB1SJwCc0IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkuIMQossb/uhKP6mhU3R0vtf39MB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEveVM0Z3hDaXl4di02RW9fcWFGVGRIUy0xX2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWSJwMA0G
CSqGSIb3DQEBCwUAA4IBAQDOUjy8mB57WkaRQCJIp6RYx1wISJZuhPG2awngT5uV
ZYDdZlKCz0YSg8vg5rWYkEqATQUyhwSXIOEKg0FL1nos75m+MaNBWxUzqAP8pcyv
ZexSvYDPojoeiXI18qIYxVqN4ZKafLHJ0Vo73z0PWce9OjQk6pmgmXyJiOg49YsG
T7Y+bx9x38l0VpeqZZtlgtwp/cZE76K1LBAHqVRS5NYEMlV7B4DqCHKmD+jzBk6+
2CNAyH3jpSL83d/BS6N8MiOI5d3xYqEQjYM3YJfFPNFLgKEYiP7Y3G3GQZoWTeNH
S7mipKtRh1tfnigkJmsepgdP0j4djaNf2xzv/dQNm5HT
-----END CERTIFICATE-----