Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/cxzV2uhK2NjuqjPJkHztk_poT8Y.roa
File:                     cxzV2uhK2NjuqjPJkHztk_poT8Y.roa (raw, json)
Hash identifier:          mIo2YLuA/BZYjPz5OJ+ykf0uhzsa7DcTrJfwsJ7dA50=
Subject key identifier:   73:1C:D5:DA:E8:4A:D8:D8:EE:AA:33:C9:90:7C:ED:93:FA:68:4F:C6
Certificate issuer:       /CN=17c203e3f365923a843d3220317a1c68cf74de0f
Certificate serial:       01997B6F6B49EBF669AE611A520361B9C314
Authority key identifier: 17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/cxzV2uhK2NjuqjPJkHztk_poT8Y.roa
Signing time:             Wed 24 Sep 2025 11:15:23 +0000
ROA not before:           Wed 24 Sep 2025 11:15:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215373
IP address blocks:        89.111.22.0/24 maxlen: 24
                          89.111.25.0/24 maxlen: 24
                          89.111.26.0/24 maxlen: 24
                          89.111.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:6f:6b:49:eb:f6:69:ae:61:1a:52:03:61:b9:c3:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17c203e3f365923a843d3220317a1c68cf74de0f
        Validity
            Not Before: Sep 24 11:15:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=731cd5dae84ad8d8eeaa33c9907ced93fa684fc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b8:64:9c:89:7e:a6:55:41:78:00:6a:3c:12:
                    ef:c0:10:3a:e9:ba:ac:4e:12:2d:88:8d:23:51:b2:
                    8e:80:af:88:7a:55:ad:c4:dd:45:5a:f6:ec:21:d2:
                    5c:bc:a4:65:c6:cb:d2:8a:66:f2:9e:cf:77:29:31:
                    e9:e4:5d:29:fd:8a:6f:99:74:e7:79:5b:81:41:26:
                    78:ca:38:1f:33:1e:06:e0:6f:34:7b:d7:a5:36:df:
                    73:f3:45:d4:35:db:d8:6d:83:c5:95:c1:4b:46:1a:
                    3b:d2:60:a0:b1:68:fa:b7:5d:ca:0c:31:b5:55:35:
                    63:55:9a:46:b2:b3:1f:66:3c:7f:76:ab:1f:44:aa:
                    2f:f9:4b:9c:f9:1a:31:11:86:93:0c:7e:27:59:ed:
                    fb:8a:6b:cf:e8:63:39:0e:2a:8d:92:cf:a5:1e:76:
                    9c:39:54:04:e2:ef:d4:9b:35:4e:4a:5a:ed:67:27:
                    2e:a9:7d:14:29:2e:98:7b:e3:ba:ba:fa:b7:9f:89:
                    fd:65:3a:5d:45:a7:14:4f:91:c6:31:8f:87:97:09:
                    1b:72:34:85:a1:92:9a:13:15:2a:53:16:a8:bf:94:
                    c8:09:8c:10:f7:1b:cb:c3:3b:36:df:3b:28:8f:da:
                    e1:24:30:85:c1:bc:fb:18:6d:d0:e9:15:9f:cd:4e:
                    af:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:1C:D5:DA:E8:4A:D8:D8:EE:AA:33:C9:90:7C:ED:93:FA:68:4F:C6
            X509v3 Authority Key Identifier:
                keyid:17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/cxzV2uhK2NjuqjPJkHztk_poT8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.111.22.0/24
                  89.111.25.0-89.111.27.255

    Signature Algorithm: sha256WithRSAEncryption
         9e:f9:ac:5f:5f:58:eb:50:fa:8b:7b:00:e2:cb:18:b5:79:f7:
         32:57:b6:55:e0:26:aa:9c:be:02:93:d7:29:d8:53:12:5c:80:
         b2:88:1f:93:54:6d:41:c1:c8:b4:a9:7c:5e:62:34:19:59:86:
         de:8e:47:c1:f1:67:f3:17:fa:c3:1d:7f:a5:04:5d:a9:c1:76:
         00:6b:12:a3:68:f6:ae:7b:6b:be:c3:ee:64:47:a5:bc:f9:0b:
         f4:2d:c5:20:91:56:70:38:9e:db:85:74:cc:74:89:ec:a1:23:
         06:4d:b9:07:71:46:9b:02:08:50:c6:b2:77:32:08:99:1f:56:
         df:98:69:72:7b:d0:15:7a:c1:33:1e:33:6e:ce:3d:c2:48:c3:
         e5:3c:62:73:cd:ce:ba:91:e3:6a:54:7f:81:7f:2f:64:f2:95:
         ac:bb:d3:40:29:b9:e5:bf:c9:c3:92:74:3c:8c:bf:3c:31:73:
         56:29:67:39:b9:a6:bf:de:02:80:b3:aa:11:d0:1c:52:19:6f:
         d9:9c:40:b8:fa:14:8c:ab:6e:49:a6:dd:d7:de:9c:93:11:2e:
         b5:7c:8e:26:73:7e:16:80:6e:ca:c5:b3:b4:0a:42:e6:a3:6a:
         26:08:65:f6:8c:81:ce:ec:8f:c3:98:16:c7:be:68:bf:c4:b7:
         71:3f:be:c4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZl7b2tJ6/ZprmEaUgNhucMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YzIwM2UzZjM2NTkyM2E4NDNkMzIyMDMxN2ExYzY4Y2Y3
NGRlMGYwHhcNMjUwOTI0MTExNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzFjZDVkYWU4NGFkOGQ4ZWVhYTMzYzk5MDdjZWQ5M2ZhNjg0ZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7hknIl+plVBeABqPBLvwBA66bqs
ThItiI0jUbKOgK+IelWtxN1FWvbsIdJcvKRlxsvSimbyns93KTHp5F0p/YpvmXTn
eVuBQSZ4yjgfMx4G4G80e9elNt9z80XUNdvYbYPFlcFLRho70mCgsWj6t13KDDG1
VTVjVZpGsrMfZjx/dqsfRKov+Uuc+RoxEYaTDH4nWe37imvP6GM5DiqNks+lHnac
OVQE4u/UmzVOSlrtZycuqX0UKS6Ye+O6uvq3n4n9ZTpdRacUT5HGMY+HlwkbcjSF
oZKaExUqUxaov5TICYwQ9xvLwzs23zsoj9rhJDCFwbz7GG3Q6RWfzU6vuQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHMc1droStjY7qozyZB87ZP6aE/GMB8GA1UdIwQY
MBaAFBfCA+PzZZI6hD0yIDF6HGjPdN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMt
YWM2N2EzNmU0YWFiLzEvY3h6VjJ1aEsyTmp1cWpQSmtIenRrX3BvVDhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMtYWM2N2EzNmU0YWFi
LzEvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAWW8WMAwD
BABZbxkDBAJZbxgwDQYJKoZIhvcNAQELBQADggEBAJ75rF9fWOtQ+ot7AOLLGLV5
9zJXtlXgJqqcvgKT1ynYUxJcgLKIH5NUbUHByLSpfF5iNBlZht6OR8HxZ/MX+sMd
f6UEXanBdgBrEqNo9q57a77D7mRHpbz5C/QtxSCRVnA4ntuFdMx0ieyhIwZNuQdx
RpsCCFDGsncyCJkfVt+YaXJ70BV6wTMeM27OPcJIw+U8YnPNzrqR42pUf4F/L2Ty
lay700ApueW/ycOSdDyMvzwxc1YpZzm5pr/eAoCzqhHQHFIZb9mcQLj6FIyrbkmm
3dfenJMRLrV8jiZzfhaAbsrFs7QKQuajaiYIZfaMgc7sj8OYFse+aL/Et3E/vsQ=
-----END CERTIFICATE-----