Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/ihHtPAN8QSDA6Zld01BcrS3MT-M.roa
File:                     ihHtPAN8QSDA6Zld01BcrS3MT-M.roa (raw, json)
Hash identifier:          RzmSWNAhNrVDMebEkoT9y/i1rKzaQVygfWsAoClH5ZM=
Subject key identifier:   8A:11:ED:3C:03:7C:41:20:C0:E9:99:5D:D3:50:5C:AD:2D:CC:4F:E3
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       0198A85820828B5E1A55DFCE407DC6F1E7FA
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/ihHtPAN8QSDA6Zld01BcrS3MT-M.roa
Signing time:             Thu 14 Aug 2025 11:30:04 +0000
ROA not before:           Thu 14 Aug 2025 11:30:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207429
IP address blocks:        89.252.154.0/24 maxlen: 24
                          95.173.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:58:20:82:8b:5e:1a:55:df:ce:40:7d:c6:f1:e7:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Aug 14 11:30:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a11ed3c037c4120c0e9995dd3505cad2dcc4fe3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:72:84:1c:76:cf:41:c0:35:f6:cb:71:c6:4f:
                    44:c5:4c:ae:5a:9b:3f:aa:37:06:38:0b:51:8e:8a:
                    2f:55:59:9c:c2:65:dd:19:8d:17:13:fc:ee:2c:69:
                    ac:ef:f3:2a:07:5e:1c:97:5f:7b:b1:b2:dd:d1:fc:
                    c4:2d:ca:8c:1b:9c:9f:62:cc:f3:59:89:e2:b5:f6:
                    16:6e:09:10:e2:b5:f6:73:39:b0:40:18:1e:22:74:
                    5e:f4:6a:ef:c1:b8:c8:2d:22:7b:3e:44:92:db:90:
                    4e:57:b4:4d:f1:74:72:22:8c:cf:ae:74:da:d9:84:
                    22:e3:88:73:3f:52:09:91:f3:b1:a6:e6:fb:12:f2:
                    b6:d2:14:16:97:aa:d9:86:4b:66:48:47:7b:e0:65:
                    17:29:d8:56:8a:99:b4:8f:1b:85:2c:10:1b:cf:94:
                    92:cb:7b:f4:2d:5e:37:6b:49:91:0b:10:bc:3f:1e:
                    77:4c:b0:76:2e:be:4b:d3:fa:a5:3c:73:3f:d1:1e:
                    0f:b1:db:74:44:81:7d:06:d5:e7:cd:02:23:f0:73:
                    60:c3:1f:a5:af:5a:b7:5b:47:99:48:cf:01:da:28:
                    95:02:94:6d:c9:ec:3a:13:b1:5b:1d:66:8f:33:c2:
                    62:95:64:fc:9a:a1:cc:ec:71:19:d6:de:4a:eb:ce:
                    02:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:11:ED:3C:03:7C:41:20:C0:E9:99:5D:D3:50:5C:AD:2D:CC:4F:E3
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/ihHtPAN8QSDA6Zld01BcrS3MT-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.154.0/24
                  95.173.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:f0:df:8f:4d:27:1a:9f:7b:0f:a4:d2:ab:42:6a:78:99:59:
         17:cd:04:61:0f:d5:0c:d7:e8:1b:3c:c9:c5:10:b8:27:be:74:
         50:45:c1:f4:df:95:11:20:2a:f4:35:d8:91:85:28:04:e1:48:
         84:98:3e:11:8b:4c:f2:4b:52:1c:38:90:ec:92:d0:91:42:1c:
         4d:51:3b:10:00:57:93:02:89:09:aa:e4:18:83:f1:f9:c8:e5:
         39:c2:82:2c:e0:53:a8:b3:ba:9a:90:32:b5:31:55:b3:00:e4:
         69:8c:43:5b:c4:46:23:25:72:3a:47:15:3e:bd:96:49:a6:f7:
         e7:cf:d1:71:82:63:a9:bc:4f:47:db:3e:4f:2f:fc:d3:39:26:
         cd:a2:d8:de:69:e4:78:62:9f:a5:2c:f6:d9:41:a9:2b:04:dd:
         45:74:c5:18:b3:9b:c9:24:3c:d2:c0:bf:d0:17:15:cc:f9:84:
         bc:f3:96:a5:1d:94:a4:6a:7c:b1:14:74:ea:3b:ed:ad:44:19:
         41:47:f9:7d:b9:9d:ea:f3:d8:46:80:c2:0d:f9:9f:30:56:cb:
         74:24:59:e6:18:ec:05:3b:f9:ac:0b:a0:80:8c:ea:94:d6:b9:
         7f:ff:03:b8:98:5b:7a:e1:90:20:fc:53:5f:53:3d:7d:70:d6:
         b9:fa:7e:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZioWCCCi14aVd/OQH3G8ef6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjUwODE0MTEzMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTExZWQzYzAzN2M0MTIwYzBlOTk5NWRkMzUwNWNhZDJkY2M0ZmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznKEHHbPQcA19stxxk9ExUyuWps/
qjcGOAtRjoovVVmcwmXdGY0XE/zuLGms7/MqB14cl197sbLd0fzELcqMG5yfYszz
WYnitfYWbgkQ4rX2czmwQBgeInRe9GrvwbjILSJ7PkSS25BOV7RN8XRyIozPrnTa
2YQi44hzP1IJkfOxpub7EvK20hQWl6rZhktmSEd74GUXKdhWipm0jxuFLBAbz5SS
y3v0LV43a0mRCxC8Px53TLB2Lr5L0/qlPHM/0R4Psdt0RIF9BtXnzQIj8HNgwx+l
r1q3W0eZSM8B2iiVApRtyew6E7FbHWaPM8JilWT8mqHM7HEZ1t5K684CrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIoR7TwDfEEgwOmZXdNQXK0tzE/jMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvaWhIdFBBTjhRU0RBNlpsZDAxQmNyUzNNVC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfyaAwQA
X622MA0GCSqGSIb3DQEBCwUAA4IBAQA78N+PTScan3sPpNKrQmp4mVkXzQRhD9UM
1+gbPMnFELgnvnRQRcH035URICr0NdiRhSgE4UiEmD4Ri0zyS1IcOJDsktCRQhxN
UTsQAFeTAokJquQYg/H5yOU5woIs4FOos7qakDK1MVWzAORpjENbxEYjJXI6RxU+
vZZJpvfnz9FxgmOpvE9H2z5PL/zTOSbNotjeaeR4Yp+lLPbZQakrBN1FdMUYs5vJ
JDzSwL/QFxXM+YS885alHZSkanyxFHTqO+2tRBlBR/l9uZ3q89hGgMIN+Z8wVst0
JFnmGOwFO/msC6CAjOqU1rl//wO4mFt64ZAg/FNfUz19cNa5+n73
-----END CERTIFICATE-----