Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/yPXFtrn0h81R8W0oLipH61kFH1o.roa
File:                     yPXFtrn0h81R8W0oLipH61kFH1o.roa (raw, json)
Hash identifier:          eYBdrwaJmPevRU6sJYSzkBR7Cz+cr0PwgSUCpdpoee8=
Subject key identifier:   C8:F5:C5:B6:B9:F4:87:CD:51:F1:6D:28:2E:2A:47:EB:59:05:1F:5A
Certificate issuer:       /CN=47bcd770f8ea3d48ecbb4c3eab895f422ffac90d
Certificate serial:       01980DED8D09A9BD8DA72E5A833CD3A9F0C6
Authority key identifier: 47:BC:D7:70:F8:EA:3D:48:EC:BB:4C:3E:AB:89:5F:42:2F:FA:C9:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/yPXFtrn0h81R8W0oLipH61kFH1o.roa
Signing time:             Tue 15 Jul 2025 11:52:08 +0000
ROA not before:           Tue 15 Jul 2025 11:52:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        212.89.200.0/21 maxlen: 21
                          212.89.208.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:ed:8d:09:a9:bd:8d:a7:2e:5a:83:3c:d3:a9:f0:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47bcd770f8ea3d48ecbb4c3eab895f422ffac90d
        Validity
            Not Before: Jul 15 11:52:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8f5c5b6b9f487cd51f16d282e2a47eb59051f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b5:8d:5e:d1:c8:70:0b:4a:44:f1:d9:a9:3c:
                    ac:ea:50:50:e3:42:5f:57:99:16:62:5b:dd:d9:50:
                    20:9e:5f:1d:64:c2:af:a5:4a:6a:a7:b7:12:b9:cb:
                    51:32:8e:ff:bf:7f:1b:13:f6:7a:cc:0a:31:a3:af:
                    08:2d:39:d9:1f:bc:d4:18:95:26:57:45:0c:08:45:
                    ad:36:99:24:9e:03:f8:b6:15:15:30:07:91:8a:42:
                    83:1c:43:36:98:e9:e3:9d:af:82:27:2d:41:ca:0a:
                    62:c3:15:d6:96:45:55:1f:d9:84:ca:74:b0:8f:85:
                    7e:55:b3:4e:87:41:d0:bf:97:44:ac:5d:41:89:b7:
                    6c:31:b2:83:e2:da:fa:52:51:ec:d4:74:a8:9e:d5:
                    b6:81:33:d4:31:c0:54:ec:22:0b:19:a2:de:16:e0:
                    fe:90:7f:c7:05:88:e7:92:90:02:2b:b3:b2:68:e7:
                    dc:4d:f5:6a:32:bc:03:d6:c1:dd:85:7d:6f:96:e7:
                    dc:a0:e1:50:84:b1:67:a4:0b:33:44:31:14:22:d9:
                    18:ea:7e:7d:a7:e4:a8:45:52:36:3e:0c:a0:c0:a6:
                    72:e1:74:4e:76:72:22:49:14:40:77:88:08:94:cd:
                    37:b2:c4:ec:34:42:33:d4:0c:59:90:5b:b0:3e:e0:
                    56:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F5:C5:B6:B9:F4:87:CD:51:F1:6D:28:2E:2A:47:EB:59:05:1F:5A
            X509v3 Authority Key Identifier:
                keyid:47:BC:D7:70:F8:EA:3D:48:EC:BB:4C:3E:AB:89:5F:42:2F:FA:C9:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/yPXFtrn0h81R8W0oLipH61kFH1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/97a5c9-6b28-4c61-96e1-a6d000203fb5/1/R7zXcPjqPUjsu0w-q4lfQi_6yQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.89.200.0-212.89.223.255

    Signature Algorithm: sha256WithRSAEncryption
         6c:9e:de:72:71:1e:64:04:d2:24:85:6c:f4:7f:17:ce:e6:86:
         16:ac:0e:2c:2d:07:15:b7:53:7e:e2:53:09:8e:2a:77:48:e5:
         73:aa:18:25:58:f3:2c:84:29:f6:b7:19:4f:04:78:57:5b:9e:
         b4:03:8a:2e:ba:fe:75:65:cd:26:8a:08:f7:b2:6b:31:51:f0:
         cb:a9:83:1c:44:8f:bc:a9:86:ad:d7:bb:3f:d8:b9:4b:93:c5:
         00:48:02:f5:46:12:a4:3c:11:fa:4d:3b:09:20:53:62:87:48:
         97:e6:37:e6:4f:8c:14:56:fe:b4:a9:9d:94:b5:b9:10:09:2c:
         b3:47:db:d1:30:c9:c1:2e:c5:1f:4c:53:56:76:31:e4:5f:9e:
         10:d3:fe:d3:1a:98:aa:cf:f9:af:f0:2e:de:ed:69:a4:9d:a0:
         c1:62:f4:94:82:15:f3:3e:73:0e:cb:39:74:cb:ec:a9:bd:30:
         eb:ce:fd:c8:6e:76:3e:ef:5e:68:f0:b3:c6:69:93:77:72:aa:
         4f:86:d4:d7:4c:1f:71:01:08:8b:03:cc:7a:a1:07:6e:f6:13:
         e9:86:83:4f:db:ae:34:28:a3:86:f9:00:5a:4a:fc:8f:80:ec:
         b4:b6:9c:49:9d:b6:24:8e:78:89:87:6d:12:35:1e:b7:a0:67:
         2b:3a:3c:04
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZgN7Y0Jqb2Npy5agzzTqfDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YmNkNzcwZjhlYTNkNDhlY2JiNGMzZWFiODk1ZjQyMmZm
YWM5MGQwHhcNMjUwNzE1MTE1MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGY1YzViNmI5ZjQ4N2NkNTFmMTZkMjgyZTJhNDdlYjU5MDUxZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rWNXtHIcAtKRPHZqTys6lBQ40Jf
V5kWYlvd2VAgnl8dZMKvpUpqp7cSuctRMo7/v38bE/Z6zAoxo68ILTnZH7zUGJUm
V0UMCEWtNpkkngP4thUVMAeRikKDHEM2mOnjna+CJy1BygpiwxXWlkVVH9mEynSw
j4V+VbNOh0HQv5dErF1BibdsMbKD4tr6UlHs1HSontW2gTPUMcBU7CILGaLeFuD+
kH/HBYjnkpACK7OyaOfcTfVqMrwD1sHdhX1vlufcoOFQhLFnpAszRDEUItkY6n59
p+SoRVI2PgygwKZy4XROdnIiSRRAd4gIlM03ssTsNEIz1AxZkFuwPuBWUwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMj1xba59IfNUfFtKC4qR+tZBR9aMB8GA1UdIwQY
MBaAFEe813D46j1I7LtMPquJX0Iv+skNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjd6WGNQanFQVWpzdTB3LXE0bGZRaV82eVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85N2E1YzktNmIyOC00YzYxLTk2ZTEt
YTZkMDAwMjAzZmI1LzEveVBYRnRybjBoODFSOFcwb0xpcEg2MWtGSDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85N2E1YzktNmIyOC00YzYxLTk2ZTEtYTZkMDAwMjAzZmI1
LzEvUjd6WGNQanFQVWpzdTB3LXE0bGZRaV82eVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPUWcgD
BAXUWcAwDQYJKoZIhvcNAQELBQADggEBAGye3nJxHmQE0iSFbPR/F87mhhasDiwt
BxW3U37iUwmOKndI5XOqGCVY8yyEKfa3GU8EeFdbnrQDii66/nVlzSaKCPeyazFR
8MupgxxEj7yphq3Xuz/YuUuTxQBIAvVGEqQ8EfpNOwkgU2KHSJfmN+ZPjBRW/rSp
nZS1uRAJLLNH29EwycEuxR9MU1Z2MeRfnhDT/tMamKrP+a/wLt7taaSdoMFi9JSC
FfM+cw7LOXTL7Km9MOvO/chudj7vXmjws8Zpk3dyqk+G1NdMH3EBCIsDzHqhB272
E+mGg0/brjQoo4b5AFpK/I+A7LS2nEmdtiSOeImHbRI1HregZys6PAQ=
-----END CERTIFICATE-----