Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/ttPO6pngYqPTncPu2LyKCZ2Sbqg.roa
File:                     ttPO6pngYqPTncPu2LyKCZ2Sbqg.roa (raw, json)
Hash identifier:          xBWaSxh+oKftAiFCVq8fy5M0vq5kmp3YUxZh8YO1XGg=
Subject key identifier:   B6:D3:CE:EA:99:E0:62:A3:D3:9D:C3:EE:D8:BC:8A:09:9D:92:6E:A8
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       0198BC9A96970D19209FEBEE3A807FE063C5
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/ttPO6pngYqPTncPu2LyKCZ2Sbqg.roa
Signing time:             Mon 18 Aug 2025 09:55:04 +0000
ROA not before:           Mon 18 Aug 2025 09:55:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56694
IP address blocks:        89.23.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bc:9a:96:97:0d:19:20:9f:eb:ee:3a:80:7f:e0:63:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Aug 18 09:55:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6d3ceea99e062a3d39dc3eed8bc8a099d926ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:be:84:5d:0f:e1:0a:5f:3a:61:ae:dd:b8:93:
                    24:6d:ba:29:46:ab:4e:c8:e3:cf:23:66:f5:a6:3c:
                    84:da:24:be:8e:1c:f7:be:b9:a5:d9:57:d9:7b:ce:
                    a3:d4:e6:92:cc:78:10:38:c4:ef:d6:fe:85:be:e9:
                    68:26:11:95:d4:3f:e8:4c:f5:dc:b6:ad:9a:89:39:
                    54:3c:5a:82:a3:df:bb:9a:53:26:e5:e3:f9:48:7e:
                    fa:93:50:a9:33:ea:b4:24:11:96:96:7d:5d:79:86:
                    25:41:f7:6b:14:1b:25:6f:63:42:db:04:d6:73:4a:
                    0b:0e:19:7e:0b:26:ec:94:11:64:e3:b4:08:cd:c1:
                    50:c2:65:16:d3:dd:63:bb:1a:17:31:ac:7b:68:7b:
                    41:a0:29:2d:d8:ed:f3:ac:a0:87:1e:13:06:e0:91:
                    6d:29:78:db:65:d5:61:8b:21:1a:72:e0:75:3c:8a:
                    79:d2:37:ed:3a:d5:2a:ad:fc:fd:c3:0e:ab:c2:1d:
                    bf:7f:a1:ac:1e:75:47:ff:f6:34:fb:77:0c:e8:a6:
                    42:b5:70:ef:bf:9b:88:d6:e6:06:4c:40:60:da:4c:
                    45:58:06:c8:df:2d:96:51:57:20:40:15:10:85:f5:
                    9b:da:3c:91:a5:06:a1:7a:a9:e7:07:24:ad:1f:04:
                    04:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D3:CE:EA:99:E0:62:A3:D3:9D:C3:EE:D8:BC:8A:09:9D:92:6E:A8
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/ttPO6pngYqPTncPu2LyKCZ2Sbqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ac:bb:1b:cc:bd:0d:37:ae:66:7b:5d:c8:57:46:c4:48:a9:
         33:3e:80:07:8e:7b:97:90:94:c9:51:76:d3:32:b5:04:2e:4b:
         1d:fa:3b:16:3a:4e:a5:b5:49:cf:2d:67:f6:fe:fe:75:a7:0f:
         6a:3d:e1:c4:62:ab:55:3a:ee:9a:51:da:0d:17:41:14:7c:04:
         3d:26:a7:2f:7f:28:e9:3d:e6:40:b9:b5:79:a0:dd:79:ad:2c:
         78:cf:44:b2:11:4a:c4:b6:e4:99:5f:92:f2:8a:c2:30:c3:68:
         c2:8f:8a:d4:1e:fa:1d:4d:ee:f6:0f:9f:9c:04:55:ab:34:1f:
         d0:2b:9b:ec:5f:3c:5b:03:c1:f7:f9:05:e1:36:8d:a7:99:f9:
         ad:52:be:7f:b8:95:77:85:3c:da:f8:57:7c:74:f4:d9:d7:d0:
         a7:33:60:63:14:8e:3e:8b:65:eb:2a:3a:bc:65:06:5c:f0:2e:
         14:ae:ff:61:11:85:3e:2a:0e:42:b6:75:b3:11:a2:41:b0:51:
         21:53:a4:66:94:25:f4:92:26:43:10:54:7c:bc:86:e4:6a:89:
         e7:f3:2a:50:f3:c5:62:ed:8c:2a:7c:ff:06:ab:12:10:b7:ac:
         dd:48:1a:3e:e0:10:2f:26:f1:82:a4:3e:02:ff:2c:cf:13:9d:
         29:95:51:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi8mpaXDRkgn+vuOoB/4GPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwODE4MDk1NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQzY2VlYTk5ZTA2MmEzZDM5ZGMzZWVkOGJjOGEwOTlkOTI2ZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyL6EXQ/hCl86Ya7duJMkbbopRqtO
yOPPI2b1pjyE2iS+jhz3vrml2VfZe86j1OaSzHgQOMTv1v6FvuloJhGV1D/oTPXc
tq2aiTlUPFqCo9+7mlMm5eP5SH76k1CpM+q0JBGWln1deYYlQfdrFBslb2NC2wTW
c0oLDhl+CybslBFk47QIzcFQwmUW091juxoXMax7aHtBoCkt2O3zrKCHHhMG4JFt
KXjbZdVhiyEacuB1PIp50jftOtUqrfz9ww6rwh2/f6GsHnVH//Y0+3cM6KZCtXDv
v5uI1uYGTEBg2kxFWAbI3y2WUVcgQBUQhfWb2jyRpQaheqnnByStHwQE9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbTzuqZ4GKj053D7ti8igmdkm6oMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvdHRQTzZwbmdZcVBUbmNQdTJMeUtDWjJTYnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdmMA0G
CSqGSIb3DQEBCwUAA4IBAQCcrLsbzL0NN65me13IV0bESKkzPoAHjnuXkJTJUXbT
MrUELksd+jsWOk6ltUnPLWf2/v51pw9qPeHEYqtVOu6aUdoNF0EUfAQ9Jqcvfyjp
PeZAubV5oN15rSx4z0SyEUrEtuSZX5LyisIww2jCj4rUHvodTe72D5+cBFWrNB/Q
K5vsXzxbA8H3+QXhNo2nmfmtUr5/uJV3hTza+Fd8dPTZ19CnM2BjFI4+i2XrKjq8
ZQZc8C4Urv9hEYU+Kg5CtnWzEaJBsFEhU6RmlCX0kiZDEFR8vIbkaonn8ypQ88Vi
7YwqfP8GqxIQt6zdSBo+4BAvJvGCpD4C/yzPE50plVFZ
-----END CERTIFICATE-----