Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/DRxPV7g-J1aJlfjrCz40pEPhzQ8.roa
File:                     DRxPV7g-J1aJlfjrCz40pEPhzQ8.roa (raw, json)
Hash identifier:          4fR+vAgAShrw7d32oea15u7iZSKphaePuUR6Y5wxMPQ=
Subject key identifier:   0D:1C:4F:57:B8:3E:27:56:89:95:F8:EB:0B:3E:34:A4:43:E1:CD:0F
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       01979E0874A59A90CC3F39A9B71616C49B0C
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/DRxPV7g-J1aJlfjrCz40pEPhzQ8.roa
Signing time:             Mon 23 Jun 2025 18:24:03 +0000
ROA not before:           Mon 23 Jun 2025 18:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20001
IP address blocks:        89.34.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9e:08:74:a5:9a:90:cc:3f:39:a9:b7:16:16:c4:9b:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jun 23 18:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d1c4f57b83e27568995f8eb0b3e34a443e1cd0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5b:47:9f:77:99:b8:37:e7:ad:6b:be:5e:39:
                    8e:be:f2:83:1e:cf:1f:6a:94:9f:b9:02:bb:28:99:
                    70:38:b1:ed:d2:83:dc:a4:aa:f0:cb:bd:dc:f7:3c:
                    a2:d8:47:97:a3:88:97:d8:8a:df:5f:2e:b4:20:f4:
                    30:eb:e4:04:73:16:62:1e:ca:6d:8f:c5:05:41:ec:
                    30:19:96:fd:4a:6e:c7:89:5a:a8:aa:7c:85:4c:76:
                    e5:e8:a2:09:79:64:68:84:73:22:53:c9:00:93:94:
                    80:59:2d:25:3b:b5:0e:33:fd:34:43:29:b4:dc:4e:
                    ea:91:e7:a7:e3:08:28:55:8b:52:9e:0c:be:a2:58:
                    b4:91:ea:12:7a:23:2c:b2:83:67:00:2b:77:94:e7:
                    b7:a2:92:b1:77:c9:3d:e8:9a:fc:bb:d3:0c:75:8e:
                    db:dc:12:27:5e:00:e7:d2:9f:14:3d:4a:b7:58:35:
                    c6:62:f9:ca:2e:b2:bf:c8:e2:f2:ee:16:4a:be:64:
                    e4:8f:a1:89:5e:64:5a:d7:b1:c9:91:3b:49:50:21:
                    eb:b0:55:cf:43:04:35:65:ba:e8:53:ad:ba:52:1b:
                    c1:7f:20:0d:42:49:b4:b4:b0:d5:96:37:ac:3f:e4:
                    36:ad:3d:d4:48:55:52:7e:1a:f5:b4:5e:ee:33:3f:
                    3f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1C:4F:57:B8:3E:27:56:89:95:F8:EB:0B:3E:34:A4:43:E1:CD:0F
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/DRxPV7g-J1aJlfjrCz40pEPhzQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:c2:b1:14:f4:b7:56:ac:76:7c:3d:c0:23:c6:a1:b6:21:05:
         e3:97:e1:c5:af:2e:52:f3:da:09:a2:c1:4c:26:e7:da:1a:58:
         c9:bb:18:ed:cd:c0:2a:c1:19:52:1e:9b:da:d0:68:8c:f3:bd:
         da:de:c7:20:1e:d9:33:06:5a:8e:c3:7d:4c:3a:98:b9:2d:75:
         a2:12:1b:c9:be:d8:ae:1a:05:69:1b:5c:5e:f2:3d:bb:dd:12:
         0c:86:d5:1d:02:e4:9f:1f:36:99:e1:f8:30:b3:a6:b4:e4:bd:
         96:00:4a:68:4a:fe:09:c2:9a:4a:63:bc:ab:de:22:10:01:ab:
         6e:d3:9e:d5:93:90:3d:33:62:d1:0c:f4:15:a7:09:1d:2d:c3:
         46:b5:59:f7:7c:4c:47:16:1b:27:d1:98:22:21:b4:55:b7:a4:
         d2:c1:d2:84:22:a7:82:b9:b9:b2:4b:92:10:dc:96:45:ee:05:
         4a:3e:63:1f:0d:e5:11:65:9a:0e:88:48:6f:7c:cf:a7:ac:44:
         2d:e5:72:73:f8:e1:23:de:bf:bb:00:8b:0a:54:e4:22:3e:88:
         f0:d5:49:cf:7a:65:da:8c:bb:e4:15:47:b7:ea:72:16:fa:72:
         2b:4e:ff:14:16:fc:7f:2e:49:dc:b6:16:3c:33:f1:65:78:e4:
         9c:e5:bc:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeeCHSlmpDMPzmptxYWxJsMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwNjIzMTgyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFjNGY1N2I4M2UyNzU2ODk5NWY4ZWIwYjNlMzRhNDQzZTFjZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFtHn3eZuDfnrWu+XjmOvvKDHs8f
apSfuQK7KJlwOLHt0oPcpKrwy73c9zyi2EeXo4iX2IrfXy60IPQw6+QEcxZiHspt
j8UFQewwGZb9Sm7HiVqoqnyFTHbl6KIJeWRohHMiU8kAk5SAWS0lO7UOM/00Qym0
3E7qkeen4wgoVYtSngy+oli0keoSeiMssoNnACt3lOe3opKxd8k96Jr8u9MMdY7b
3BInXgDn0p8UPUq3WDXGYvnKLrK/yOLy7hZKvmTkj6GJXmRa17HJkTtJUCHrsFXP
QwQ1ZbroU626UhvBfyANQkm0tLDVljesP+Q2rT3USFVSfhr1tF7uMz8/4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0cT1e4PidWiZX46ws+NKRD4c0PMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvRFJ4UFY3Zy1KMWFKbGZqckN6NDBwRVBoelE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSKrMA0G
CSqGSIb3DQEBCwUAA4IBAQBEwrEU9LdWrHZ8PcAjxqG2IQXjl+HFry5S89oJosFM
JufaGljJuxjtzcAqwRlSHpva0GiM873a3scgHtkzBlqOw31MOpi5LXWiEhvJvtiu
GgVpG1xe8j273RIMhtUdAuSfHzaZ4fgws6a05L2WAEpoSv4JwppKY7yr3iIQAatu
057Vk5A9M2LRDPQVpwkdLcNGtVn3fExHFhsn0ZgiIbRVt6TSwdKEIqeCubmyS5IQ
3JZF7gVKPmMfDeURZZoOiEhvfM+nrEQt5XJz+OEj3r+7AIsKVOQiPojw1UnPemXa
jLvkFUe36nIW+nIrTv8UFvx/LkncthY8M/FleOSc5bzX
-----END CERTIFICATE-----