Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/woV9oWvrEJRyOxoXse9vUn_mgHI.roa
File:                     woV9oWvrEJRyOxoXse9vUn_mgHI.roa (raw, json)
Hash identifier:          ZIXhqfX+KEofmATOkl8AwpHz9QcN0okCG1XU458ix8I=
Subject key identifier:   C2:85:7D:A1:6B:EB:10:94:72:3B:1A:17:B1:EF:6F:52:7F:E6:80:72
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       01977EE52D3457DD4140DB748AA570898EAA
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/woV9oWvrEJRyOxoXse9vUn_mgHI.roa
Signing time:             Tue 17 Jun 2025 17:17:17 +0000
ROA not before:           Tue 17 Jun 2025 17:17:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22516
IP address blocks:        89.34.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:e5:2d:34:57:dd:41:40:db:74:8a:a5:70:89:8e:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jun 17 17:17:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2857da16beb1094723b1a17b1ef6f527fe68072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c6:73:5c:09:98:f9:b6:b2:e2:06:63:f2:f2:
                    d7:4e:72:4a:50:5f:9f:04:2c:7e:8d:34:31:61:f8:
                    29:22:32:51:78:e6:a0:77:15:ef:dc:67:cf:5a:d6:
                    62:7e:70:d1:6b:46:14:db:f8:a0:fd:9c:3c:d9:1b:
                    87:34:a5:2f:74:a8:70:dc:dc:21:3d:25:82:aa:aa:
                    1e:2d:02:6a:7c:4f:98:56:f2:3d:0c:ce:72:b4:93:
                    3a:1d:53:a4:07:0c:66:3a:94:6c:99:8f:88:55:29:
                    63:d7:6c:e6:1b:46:4b:d7:76:8c:f8:03:19:d5:ff:
                    19:7b:d5:58:dd:55:6b:43:dd:b6:54:4a:74:2a:02:
                    e2:49:35:90:70:62:7c:0e:0e:11:30:39:40:11:56:
                    15:fa:78:17:7f:f3:d0:29:9b:94:a8:60:82:00:bc:
                    fe:96:5e:b5:7e:de:f4:3f:81:eb:74:de:2b:61:43:
                    0e:44:bb:f0:0c:b2:68:29:ca:94:75:ec:eb:ce:32:
                    1c:4a:7a:17:fa:97:bf:39:8b:dc:53:9e:a3:d5:ed:
                    91:8c:3f:b4:e4:61:7a:3d:ee:77:ff:81:8d:20:56:
                    3d:f2:64:55:e3:8a:85:84:25:65:14:85:8c:c1:c4:
                    38:54:34:41:84:88:24:b2:83:5b:37:ce:e8:30:7f:
                    16:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:85:7D:A1:6B:EB:10:94:72:3B:1A:17:B1:EF:6F:52:7F:E6:80:72
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/woV9oWvrEJRyOxoXse9vUn_mgHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f8:f0:a3:1d:e4:41:61:b8:3f:6a:3f:04:23:e4:9e:22:2a:
         69:d3:6b:69:45:e2:72:b6:51:07:74:90:5b:90:e9:32:fb:5a:
         1a:8f:85:d6:fa:2b:07:11:a0:83:52:72:4b:0e:69:07:ef:56:
         57:87:0e:4a:1d:f8:cf:b7:d7:86:06:bf:51:d2:85:b8:24:02:
         13:05:c9:23:c9:fc:2c:95:ed:75:5f:39:e3:ed:2e:33:a0:64:
         83:b9:a1:3d:e2:c2:cd:75:52:d8:0a:a4:11:8e:cf:8a:8e:42:
         c6:02:f3:61:0d:a4:a8:5a:76:29:8e:19:a6:65:5b:3e:cb:79:
         80:cd:21:3c:b1:d6:c2:e6:0b:fb:1d:2a:66:86:ab:53:24:2c:
         0e:28:5b:dd:c8:df:e7:1a:c3:ea:fc:ea:5c:1f:25:ff:b8:29:
         ff:c2:62:9a:94:dc:22:38:27:9f:22:d9:a8:33:10:fc:dd:bd:
         78:5b:eb:cf:8d:3c:ce:7a:ca:21:b0:54:c2:20:0f:0e:17:e6:
         7f:8e:16:8b:34:ce:91:6a:97:69:23:10:b1:93:ab:04:fa:4d:
         24:df:2e:1c:95:b9:33:51:ba:b6:fa:a1:5b:36:56:33:6f:c9:
         8a:e0:bc:8c:aa:d1:a8:19:a4:b1:6c:64:77:70:af:26:3c:d7:
         48:8c:01:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd+5S00V91BQNt0iqVwiY6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwNjE3MTcxNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjg1N2RhMTZiZWIxMDk0NzIzYjFhMTdiMWVmNmY1MjdmZTY4MDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8ZzXAmY+bay4gZj8vLXTnJKUF+f
BCx+jTQxYfgpIjJReOagdxXv3GfPWtZifnDRa0YU2/ig/Zw82RuHNKUvdKhw3Nwh
PSWCqqoeLQJqfE+YVvI9DM5ytJM6HVOkBwxmOpRsmY+IVSlj12zmG0ZL13aM+AMZ
1f8Ze9VY3VVrQ922VEp0KgLiSTWQcGJ8Dg4RMDlAEVYV+ngXf/PQKZuUqGCCALz+
ll61ft70P4HrdN4rYUMORLvwDLJoKcqUdezrzjIcSnoX+pe/OYvcU56j1e2RjD+0
5GF6Pe53/4GNIFY98mRV44qFhCVlFIWMwcQ4VDRBhIgksoNbN87oMH8WBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKFfaFr6xCUcjsaF7Hvb1J/5oByMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvd29WOW9XdnJFSlJ5T3hvWHNlOXZVbl9tZ0hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSKrMA0G
CSqGSIb3DQEBCwUAA4IBAQBi+PCjHeRBYbg/aj8EI+SeIipp02tpReJytlEHdJBb
kOky+1oaj4XW+isHEaCDUnJLDmkH71ZXhw5KHfjPt9eGBr9R0oW4JAITBckjyfws
le11Xznj7S4zoGSDuaE94sLNdVLYCqQRjs+KjkLGAvNhDaSoWnYpjhmmZVs+y3mA
zSE8sdbC5gv7HSpmhqtTJCwOKFvdyN/nGsPq/OpcHyX/uCn/wmKalNwiOCefItmo
MxD83b14W+vPjTzOesohsFTCIA8OF+Z/jhaLNM6RapdpIxCxk6sE+k0k3y4clbkz
Ubq2+qFbNlYzb8mK4LyMqtGoGaSxbGR3cK8mPNdIjAEL
-----END CERTIFICATE-----