Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sClmMBT_F-zHChOlRIEgdQPxP6k.roa
File:                     sClmMBT_F-zHChOlRIEgdQPxP6k.roa (raw, json)
Hash identifier:          ZhHXlBlX50DWtj7LBEqnVF6o2/ifQbmJsY9h3vjBI4Q=
Subject key identifier:   B0:29:66:30:14:FF:17:EC:C7:0A:13:A5:44:81:20:75:03:F1:3F:A9
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019888B11A0913E8732CD19FAA352A967745
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sClmMBT_F-zHChOlRIEgdQPxP6k.roa
Signing time:             Fri 08 Aug 2025 07:59:24 +0000
ROA not before:           Fri 08 Aug 2025 07:59:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        89.185.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:88:b1:1a:09:13:e8:73:2c:d1:9f:aa:35:2a:96:77:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Aug  8 07:59:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b029663014ff17ecc70a13a54481207503f13fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7f:96:f6:54:22:fd:df:23:27:87:42:f4:b6:
                    81:42:b4:64:88:2c:6a:73:de:81:e6:22:cc:be:a9:
                    66:f3:3e:7c:68:08:c7:56:94:e9:82:a4:b1:ec:62:
                    4a:5b:9a:e6:f2:8e:88:5e:17:c5:45:4f:f1:10:f9:
                    f8:93:1b:fe:d5:b1:2f:ee:b1:02:e9:92:d8:40:bf:
                    8a:b1:b0:5a:6c:21:a4:4d:71:6d:2a:d7:eb:0a:03:
                    14:2f:a7:ae:e9:8e:36:29:39:67:1f:39:02:c6:60:
                    6f:70:d3:3c:34:46:ac:42:db:ea:a1:84:34:5c:5f:
                    5b:d9:69:ec:71:3f:25:66:e2:e0:5f:77:71:15:44:
                    21:7f:3d:18:86:a6:cc:b8:b4:81:f9:69:c1:d2:82:
                    04:f9:96:80:c8:6a:e9:5f:26:dd:84:72:a4:a7:35:
                    9f:49:2f:49:0f:3d:17:72:d4:83:ea:e0:7d:68:98:
                    77:a6:61:9d:18:8e:20:1e:91:9c:ee:60:f6:7f:92:
                    79:46:3c:31:4a:29:42:d4:4a:fb:0b:fa:71:4c:ad:
                    76:d7:e2:57:bd:9e:7f:29:a6:f0:b3:18:71:7f:de:
                    91:7a:2b:d2:f1:a9:c9:c0:d3:33:38:90:83:b4:d5:
                    25:b4:66:d6:61:99:6f:b4:0b:d2:3a:83:66:65:89:
                    1a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:29:66:30:14:FF:17:EC:C7:0A:13:A5:44:81:20:75:03:F1:3F:A9
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sClmMBT_F-zHChOlRIEgdQPxP6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:35:3b:c6:4d:78:3d:db:c4:b4:f9:8c:e8:c9:c0:c3:a9:be:
         b3:02:13:e9:9f:11:c9:49:df:7e:8b:47:e8:a4:94:f8:a7:40:
         bd:84:2d:03:d1:c9:52:08:d1:64:77:08:8d:67:87:44:02:d9:
         90:23:a3:85:06:30:08:a3:72:33:38:39:3c:6a:cf:3e:cf:c4:
         57:95:23:2f:39:97:3e:8b:85:6c:15:e2:a3:df:25:b5:69:68:
         24:1f:32:1b:3f:8d:7d:77:58:04:cb:07:ce:45:3f:d0:05:0b:
         3a:c1:f8:94:75:b8:70:9f:ee:49:01:94:3e:81:18:53:ea:d5:
         51:f5:d7:e9:e8:1d:c2:17:06:f4:04:bf:ae:fb:cd:3d:30:ba:
         34:4e:f3:e0:0c:c7:02:01:97:15:a1:78:f1:a6:3b:62:6b:10:
         09:cf:c5:c7:be:08:69:1e:ab:5b:de:90:a5:ec:f2:43:44:ca:
         18:56:c2:4b:82:8d:1e:1b:ff:d9:fa:d0:53:3b:bd:f1:0d:d0:
         02:0e:92:1a:62:98:75:f6:35:f2:dc:ef:1f:7b:8b:77:01:a8:
         29:64:59:73:77:8d:10:1b:48:a5:10:de:11:24:10:87:89:8a:
         3d:9b:70:71:4c:a3:c4:74:b6:fe:22:9d:31:6e:11:19:79:cb:
         0a:b1:d1:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiIsRoJE+hzLNGfqjUqlndFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwODA4MDc1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDI5NjYzMDE0ZmYxN2VjYzcwYTEzYTU0NDgxMjA3NTAzZjEzZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhH+W9lQi/d8jJ4dC9LaBQrRkiCxq
c96B5iLMvqlm8z58aAjHVpTpgqSx7GJKW5rm8o6IXhfFRU/xEPn4kxv+1bEv7rEC
6ZLYQL+KsbBabCGkTXFtKtfrCgMUL6eu6Y42KTlnHzkCxmBvcNM8NEasQtvqoYQ0
XF9b2WnscT8lZuLgX3dxFUQhfz0YhqbMuLSB+WnB0oIE+ZaAyGrpXybdhHKkpzWf
SS9JDz0XctSD6uB9aJh3pmGdGI4gHpGc7mD2f5J5RjwxSilC1Er7C/pxTK121+JX
vZ5/Kabwsxhxf96ReivS8anJwNMzOJCDtNUltGbWYZlvtAvSOoNmZYkazwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLApZjAU/xfsxwoTpUSBIHUD8T+pMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvc0NsbU1CVF9GLXpIQ2hPbFJJRWdkUVB4UDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbkDMA0G
CSqGSIb3DQEBCwUAA4IBAQAaNTvGTXg928S0+YzoycDDqb6zAhPpnxHJSd9+i0fo
pJT4p0C9hC0D0clSCNFkdwiNZ4dEAtmQI6OFBjAIo3IzODk8as8+z8RXlSMvOZc+
i4VsFeKj3yW1aWgkHzIbP419d1gEywfORT/QBQs6wfiUdbhwn+5JAZQ+gRhT6tVR
9dfp6B3CFwb0BL+u+809MLo0TvPgDMcCAZcVoXjxpjtiaxAJz8XHvghpHqtb3pCl
7PJDRMoYVsJLgo0eG//Z+tBTO73xDdACDpIaYph19jXy3O8fe4t3AagpZFlzd40Q
G0ilEN4RJBCHiYo9m3BxTKPEdLb+Ip0xbhEZecsKsdHa
-----END CERTIFICATE-----