Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/16p7e9ULevHwb7ZoZoRgaStuJdU.roa
File:                     16p7e9ULevHwb7ZoZoRgaStuJdU.roa (raw, json)
Hash identifier:          QIIOpI2LVTLbRWKKzY8FJoNT2ja4t1UUU/+bJr1qxT0=
Subject key identifier:   D7:AA:7B:7B:D5:0B:7A:F1:F0:6F:B6:68:66:84:60:69:2B:6E:25:D5
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0196FE9DC7744DD25FB2898477D9EF0E0A55
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/16p7e9ULevHwb7ZoZoRgaStuJdU.roa
Signing time:             Fri 23 May 2025 19:27:55 +0000
ROA not before:           Fri 23 May 2025 19:27:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208111
IP address blocks:        89.106.64.0/24 maxlen: 24
                          89.106.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fe:9d:c7:74:4d:d2:5f:b2:89:84:77:d9:ef:0e:0a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 23 19:27:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7aa7b7bd50b7af1f06fb668668460692b6e25d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:29:55:ca:1d:71:7b:b5:e5:1d:a0:75:57:91:
                    e5:44:2f:0a:0b:19:19:6d:14:7e:05:27:41:c9:7b:
                    23:92:4e:8e:27:16:26:83:40:c8:57:a5:ac:8f:b3:
                    d6:04:d1:95:87:94:be:d3:fa:c1:ad:8b:a8:92:10:
                    9a:05:85:77:dd:75:e2:00:ab:0e:f1:10:80:f2:b8:
                    5f:de:65:27:39:0a:2d:6a:b1:39:3e:8c:75:a8:c6:
                    a2:4d:59:bd:9d:50:2e:3d:d9:5a:e4:a4:b6:77:83:
                    33:99:7e:97:12:84:9d:b8:b9:72:e1:db:3f:b0:0d:
                    50:ea:4b:ae:42:10:6c:ed:e9:b5:bb:cc:05:38:23:
                    b3:da:b1:34:72:02:45:5c:c5:ee:ef:09:7d:6b:4f:
                    a1:63:48:66:93:c6:94:8b:13:5a:ee:71:b1:66:c8:
                    14:72:31:ec:49:ef:ee:77:7e:18:e9:4d:3e:23:14:
                    03:51:aa:0a:94:7a:fb:66:5e:81:ed:ec:16:1c:76:
                    96:d8:8b:be:59:69:d8:05:c0:8d:5f:cf:03:f0:3e:
                    6d:a4:ec:dc:70:1f:a5:e2:1a:1e:73:bd:71:52:e5:
                    86:a4:16:40:eb:b6:75:16:0d:22:6c:2f:61:8d:14:
                    7e:ca:c9:c1:11:52:dd:96:a7:0d:10:14:2c:17:bc:
                    16:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:AA:7B:7B:D5:0B:7A:F1:F0:6F:B6:68:66:84:60:69:2B:6E:25:D5
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/16p7e9ULevHwb7ZoZoRgaStuJdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:6f:eb:59:c0:a6:67:59:be:4a:80:53:53:89:30:9d:a8:80:
         64:4e:e7:98:c8:ea:52:b8:c2:00:d7:1e:b9:d0:97:81:0d:c6:
         b5:8a:ff:8b:f4:e0:0b:f5:78:e5:46:0d:12:1a:09:85:9d:ae:
         26:97:dc:2b:aa:4b:db:c1:54:18:19:0a:8c:b5:b0:fb:4f:44:
         c5:ae:03:0f:fb:ae:b2:06:3b:1a:f9:d5:b2:a6:c2:6e:99:19:
         3a:34:c2:29:b8:2b:e7:3d:66:f5:fc:30:5b:53:52:f8:18:70:
         d8:52:76:ce:dd:06:cb:ad:57:ad:7a:a3:af:78:b0:56:80:24:
         80:69:fa:d1:0d:19:63:97:7c:74:5c:92:d6:97:58:50:bc:71:
         ee:fb:75:37:6d:a6:d6:05:e3:00:3c:98:d6:7a:b7:3a:aa:f9:
         27:72:c5:5f:f3:9b:5e:6e:92:00:ed:b0:06:c5:75:99:4e:9d:
         5c:0f:e1:5d:12:51:8a:e3:98:47:3d:ca:f4:22:6c:3e:2b:74:
         30:e0:c4:4a:06:22:19:35:28:ae:6d:06:ab:67:e1:8d:eb:3c:
         8e:bb:ae:9d:56:b0:77:cb:36:d1:5f:04:39:81:d7:d4:a3:86:
         b1:ca:8d:60:3e:5e:df:a6:c0:2b:25:f4:99:2f:b1:dd:6f:0f:
         b0:0d:1e:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb+ncd0TdJfsomEd9nvDgpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNTIzMTkyNzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2FhN2I3YmQ1MGI3YWYxZjA2ZmI2Njg2Njg0NjA2OTJiNmUyNWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsylVyh1xe7XlHaB1V5HlRC8KCxkZ
bRR+BSdByXsjkk6OJxYmg0DIV6Wsj7PWBNGVh5S+0/rBrYuokhCaBYV33XXiAKsO
8RCA8rhf3mUnOQotarE5Pox1qMaiTVm9nVAuPdla5KS2d4MzmX6XEoSduLly4ds/
sA1Q6kuuQhBs7em1u8wFOCOz2rE0cgJFXMXu7wl9a0+hY0hmk8aUixNa7nGxZsgU
cjHsSe/ud34Y6U0+IxQDUaoKlHr7Zl6B7ewWHHaW2Iu+WWnYBcCNX88D8D5tpOzc
cB+l4hoec71xUuWGpBZA67Z1Fg0ibC9hjRR+ysnBEVLdlqcNEBQsF7wWJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNeqe3vVC3rx8G+2aGaEYGkrbiXVMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMTZwN2U5VUxldkh3Yjdab1pvUmdhU3R1SmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWWpAMA0G
CSqGSIb3DQEBCwUAA4IBAQCWb+tZwKZnWb5KgFNTiTCdqIBkTueYyOpSuMIA1x65
0JeBDca1iv+L9OAL9XjlRg0SGgmFna4ml9wrqkvbwVQYGQqMtbD7T0TFrgMP+66y
Bjsa+dWypsJumRk6NMIpuCvnPWb1/DBbU1L4GHDYUnbO3QbLrVeteqOveLBWgCSA
afrRDRljl3x0XJLWl1hQvHHu+3U3babWBeMAPJjWerc6qvkncsVf85tebpIA7bAG
xXWZTp1cD+FdElGK45hHPcr0Imw+K3Qw4MRKBiIZNSiubQarZ+GN6zyOu66dVrB3
yzbRXwQ5gdfUo4axyo1gPl7fpsArJfSZL7Hdbw+wDR7x
-----END CERTIFICATE-----