Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/bx89FLLhw7rAJUcSgyNM_2tR5NI.roa
File:                     bx89FLLhw7rAJUcSgyNM_2tR5NI.roa (raw, json)
Hash identifier:          9wF6NZeg8HWtL76RaAClvvi0zdCvUo8Of7MZ27hlf8k=
Subject key identifier:   6F:1F:3D:14:B2:E1:C3:BA:C0:25:47:12:83:23:4C:FF:6B:51:E4:D2
Certificate issuer:       /CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
Certificate serial:       019A0D5D330C2AE5279ADA06A7B4F9160B28
Authority key identifier: 62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/bx89FLLhw7rAJUcSgyNM_2tR5NI.roa
Signing time:             Wed 22 Oct 2025 19:20:03 +0000
ROA not before:           Wed 22 Oct 2025 19:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40513
IP address blocks:        84.45.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0d:5d:33:0c:2a:e5:27:9a:da:06:a7:b4:f9:16:0b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
        Validity
            Not Before: Oct 22 19:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f1f3d14b2e1c3bac025471283234cff6b51e4d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:81:17:1b:33:99:56:c5:34:d6:ef:c3:b3:19:
                    ec:8f:16:0b:75:d8:ab:8b:bd:fc:42:94:59:5c:61:
                    1c:03:fe:a0:3c:6e:35:ff:b9:8f:40:fe:b7:72:e1:
                    42:0b:76:e2:90:cd:d3:cb:07:1e:b2:e1:7e:07:f9:
                    1b:d7:59:2b:1b:76:13:53:f2:9f:ad:c5:6f:f9:18:
                    53:6b:4f:63:0b:c1:a5:8c:89:4b:81:ee:ca:28:00:
                    78:b3:c9:35:49:d1:3f:45:8a:cf:6e:fc:36:a3:e7:
                    19:a8:d0:53:4c:a9:fb:a8:bc:b9:b8:9b:e2:8a:41:
                    36:74:5d:19:dd:42:a4:4f:32:cd:85:d3:77:12:7d:
                    fc:16:37:9f:1c:fb:85:3c:4d:07:39:a8:bc:39:97:
                    a1:88:4c:e5:0e:c3:75:dd:11:af:6f:93:7f:e8:07:
                    54:7e:69:79:bd:3c:7d:8f:99:35:da:ef:87:b9:64:
                    37:7d:38:91:b8:e4:f9:e5:47:1b:4f:a4:5d:eb:04:
                    22:c1:61:46:cf:43:36:cd:09:e2:82:ca:90:c7:15:
                    12:a5:ea:9b:58:e4:dc:08:40:0c:b8:bf:25:f5:f0:
                    fa:e1:aa:b8:21:ca:ae:cc:ad:e1:fa:b8:25:e8:db:
                    07:9e:30:36:55:86:ae:f0:fb:76:17:15:95:d1:e6:
                    7c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1F:3D:14:B2:E1:C3:BA:C0:25:47:12:83:23:4C:FF:6B:51:E4:D2
            X509v3 Authority Key Identifier:
                keyid:62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/bx89FLLhw7rAJUcSgyNM_2tR5NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.45.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:c1:04:18:04:e1:d7:83:e4:81:85:d7:33:44:48:54:1b:18:
         2a:56:43:b7:18:40:52:39:a3:d1:fa:b0:34:f8:2f:b3:39:dd:
         ae:fa:77:ea:5c:d5:d8:22:4c:a3:6f:3d:5a:34:65:1a:08:ae:
         b7:61:e6:ec:14:d2:89:05:21:ee:c5:91:0c:f3:05:28:a7:06:
         ac:37:1f:a9:75:ab:47:d3:2d:0d:ba:d3:4e:fc:fc:ba:00:2c:
         00:e9:35:67:10:b9:c0:0f:5c:3e:df:82:6e:a9:a8:1d:4a:0f:
         4e:0e:20:88:a4:28:dd:b0:f9:11:4b:04:6b:21:a1:94:99:4b:
         e7:29:38:76:f6:e2:f5:5c:8d:4e:08:be:52:fb:3c:5d:ba:54:
         8f:18:6b:cd:e2:94:cd:22:a2:80:b8:c6:03:76:95:f0:14:60:
         cd:ad:5b:eb:0f:a5:7f:d2:93:3c:d3:b3:04:e3:b0:56:64:66:
         8c:e9:9d:96:34:0e:ed:a4:af:30:05:c4:15:26:79:ef:c7:11:
         b0:52:12:87:de:94:7e:ff:c7:2b:da:6b:14:30:9e:62:72:8f:
         ea:4e:09:67:b3:f0:b7:06:e8:2d:60:86:a7:1f:55:07:d0:8f:
         ab:26:cd:71:38:9c:79:39:26:b5:13:18:87:c8:a5:66:c7:d7:
         29:bd:3d:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoNXTMMKuUnmtoGp7T5FgsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDE5MGIyMzhkOTdhZjc5MDBiZGNiZDAyMzA0Yjc4MmZm
Y2FmMmEwHhcNMjUxMDIyMTkyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjFmM2QxNGIyZTFjM2JhYzAyNTQ3MTI4MzIzNGNmZjZiNTFlNGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YEXGzOZVsU01u/DsxnsjxYLddir
i738QpRZXGEcA/6gPG41/7mPQP63cuFCC3bikM3TywcesuF+B/kb11krG3YTU/Kf
rcVv+RhTa09jC8GljIlLge7KKAB4s8k1SdE/RYrPbvw2o+cZqNBTTKn7qLy5uJvi
ikE2dF0Z3UKkTzLNhdN3En38FjefHPuFPE0HOai8OZehiEzlDsN13RGvb5N/6AdU
fml5vTx9j5k12u+HuWQ3fTiRuOT55UcbT6Rd6wQiwWFGz0M2zQnigsqQxxUSpeqb
WOTcCEAMuL8l9fD64aq4IcquzK3h+rgl6NsHnjA2VYau8Pt2FxWV0eZ8eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8fPRSy4cO6wCVHEoMjTP9rUeTSMB8GA1UdIwQY
MBaAFGLRkLI42Xr3kAvcvQIwS3gv/K8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTkt
MTYzZmI3MDAzZTVkLzEvYng4OUZMTGh3N3JBSlVjU2d5Tk1fMnRSNU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTktMTYzZmI3MDAzZTVk
LzEvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVC0yMA0G
CSqGSIb3DQEBCwUAA4IBAQB7wQQYBOHXg+SBhdczREhUGxgqVkO3GEBSOaPR+rA0
+C+zOd2u+nfqXNXYIkyjbz1aNGUaCK63YebsFNKJBSHuxZEM8wUopwasNx+pdatH
0y0NutNO/Py6ACwA6TVnELnAD1w+34JuqagdSg9ODiCIpCjdsPkRSwRrIaGUmUvn
KTh29uL1XI1OCL5S+zxdulSPGGvN4pTNIqKAuMYDdpXwFGDNrVvrD6V/0pM807ME
47BWZGaM6Z2WNA7tpK8wBcQVJnnvxxGwUhKH3pR+/8cr2msUMJ5ico/qTglns/C3
BugtYIanH1UH0I+rJs1xOJx5OSa1ExiHyKVmx9cpvT2h
-----END CERTIFICATE-----