Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/g4rTsZZ6qTMpSVPR-7TASI0eYf8.roa
File:                     g4rTsZZ6qTMpSVPR-7TASI0eYf8.roa (raw, json)
Hash identifier:          H0dCl0trInj59i3ls7vMuF/05FWvOMm7A3kIRBvL3Rw=
Subject key identifier:   83:8A:D3:B1:96:7A:A9:33:29:49:53:D1:FB:B4:C0:48:8D:1E:61:FF
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       019680AA0E3275E84104B1A67031499C35DB
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/g4rTsZZ6qTMpSVPR-7TASI0eYf8.roa
Signing time:             Tue 29 Apr 2025 08:29:10 +0000
ROA not before:           Tue 29 Apr 2025 08:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213252
IP address blocks:        89.252.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:aa:0e:32:75:e8:41:04:b1:a6:70:31:49:9c:35:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Apr 29 08:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=838ad3b1967aa933294953d1fbb4c0488d1e61ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:17:93:b4:e1:d8:6b:72:0f:77:aa:b9:02:fd:
                    8a:5d:5b:6a:c5:bd:e6:82:ff:d5:27:d5:6f:b7:fb:
                    7e:f7:18:37:e1:fa:00:08:d5:47:3a:99:8d:fe:2a:
                    95:b3:34:df:22:99:4b:1f:a2:af:b3:80:07:cc:cd:
                    d4:ee:46:de:f8:45:75:99:dd:e0:97:ea:3f:20:29:
                    b0:f6:5a:a7:bc:91:26:32:ff:38:41:63:86:0d:cd:
                    74:60:60:be:a8:9b:45:29:5b:7e:1d:57:f6:b9:11:
                    bc:41:dc:df:fd:21:3e:46:8a:92:59:5c:9b:bc:c3:
                    43:53:09:13:33:11:c6:7e:81:02:b5:f5:a2:23:43:
                    52:6e:1f:17:8e:08:04:bc:85:47:c4:e2:b9:75:41:
                    76:c5:ff:d6:32:91:62:ec:7d:3d:7c:4d:89:bd:bb:
                    de:1b:ff:b8:89:bd:8c:8d:f6:d2:7d:97:d5:e1:26:
                    0f:6e:f3:05:17:88:44:7b:0e:2f:7c:10:fb:7c:43:
                    5c:fc:54:3d:4c:36:1f:24:5c:54:d7:18:7e:ce:da:
                    a8:82:f0:7a:0b:c9:b0:45:09:23:64:91:01:3d:f3:
                    31:f5:b8:61:99:b6:0a:89:fe:a9:6e:e4:6d:c1:5e:
                    c5:c4:fc:65:1d:f2:d1:65:3b:94:06:ea:11:60:46:
                    83:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:8A:D3:B1:96:7A:A9:33:29:49:53:D1:FB:B4:C0:48:8D:1E:61:FF
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/g4rTsZZ6qTMpSVPR-7TASI0eYf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:97:89:f2:18:ea:80:07:4c:3d:d5:17:54:7a:63:e0:0c:86:
         80:07:1c:fa:79:97:2e:2e:dd:96:dc:88:d5:4d:ed:79:db:8d:
         b5:06:1d:10:8d:02:95:5f:32:27:56:64:8f:10:e9:28:71:17:
         aa:7f:41:90:46:9b:7e:55:70:fd:a9:ac:ee:fb:d5:11:ed:1a:
         6a:8a:3e:d1:12:a4:5d:c6:6b:57:6f:72:18:91:5a:0b:9f:40:
         f1:94:04:40:59:a3:f8:38:c5:22:90:be:f7:58:f3:6b:a2:45:
         f1:3b:75:84:05:00:6d:97:34:96:65:9f:78:90:4c:e3:bf:95:
         76:bd:5a:b0:ab:c2:59:ba:32:60:c6:ec:b6:5a:13:3b:b9:80:
         7b:93:49:11:ac:78:cf:07:65:3d:f5:02:a5:52:63:dd:df:95:
         9a:9a:f0:c5:9a:49:5c:8f:f2:a5:03:8e:e9:51:99:50:cc:d2:
         86:0a:b0:5f:6e:d0:58:13:7c:28:c5:9b:a0:76:3f:2c:51:bd:
         32:b1:c3:f8:99:f1:4b:b0:2e:d7:e9:1e:fa:c2:17:38:cf:50:
         60:57:50:55:0f:5b:55:fa:a0:bd:8d:fb:16:96:04:e3:1c:cf:
         fb:e5:cd:b4:c1:96:6c:2e:4d:65:dc:38:6a:85:16:b5:fd:ca:
         7a:95:d7:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaAqg4ydehBBLGmcDFJnDXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjUwNDI5MDgyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzhhZDNiMTk2N2FhOTMzMjk0OTUzZDFmYmI0YzA0ODhkMWU2MWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxeTtOHYa3IPd6q5Av2KXVtqxb3m
gv/VJ9Vvt/t+9xg34foACNVHOpmN/iqVszTfIplLH6Kvs4AHzM3U7kbe+EV1md3g
l+o/ICmw9lqnvJEmMv84QWOGDc10YGC+qJtFKVt+HVf2uRG8Qdzf/SE+RoqSWVyb
vMNDUwkTMxHGfoECtfWiI0NSbh8XjggEvIVHxOK5dUF2xf/WMpFi7H09fE2Jvbve
G/+4ib2MjfbSfZfV4SYPbvMFF4hEew4vfBD7fENc/FQ9TDYfJFxU1xh+ztqogvB6
C8mwRQkjZJEBPfMx9bhhmbYKif6pbuRtwV7FxPxlHfLRZTuUBuoRYEaDywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOK07GWeqkzKUlT0fu0wEiNHmH/MB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvZzRyVHNaWjZxVE1wU1ZQUi03VEFTSTBlWWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfyZMA0G
CSqGSIb3DQEBCwUAA4IBAQB2l4nyGOqAB0w91RdUemPgDIaABxz6eZcuLt2W3IjV
Te152421Bh0QjQKVXzInVmSPEOkocReqf0GQRpt+VXD9qazu+9UR7Rpqij7REqRd
xmtXb3IYkVoLn0DxlARAWaP4OMUikL73WPNrokXxO3WEBQBtlzSWZZ94kEzjv5V2
vVqwq8JZujJgxuy2WhM7uYB7k0kRrHjPB2U99QKlUmPd35WamvDFmklcj/KlA47p
UZlQzNKGCrBfbtBYE3woxZugdj8sUb0yscP4mfFLsC7X6R76whc4z1BgV1BVD1tV
+qC9jfsWlgTjHM/75c20wZZsLk1l3DhqhRa1/cp6ldfK
-----END CERTIFICATE-----