Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DOBZju3mrLm2CwaLPwp3nox2K4Q.roa
File:                     DOBZju3mrLm2CwaLPwp3nox2K4Q.roa (raw, json)
Hash identifier:          DwtJmd3dmKzRf48HlFrLlT141fJYAMJGA93KzYpImS4=
Subject key identifier:   0C:E0:59:8E:ED:E6:AC:B9:B6:0B:06:8B:3F:0A:77:9E:8C:76:2B:84
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019828D77EECEC7A4EC2B34E510186A2BB4A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DOBZju3mrLm2CwaLPwp3nox2K4Q.roa
Signing time:             Sun 20 Jul 2025 17:17:48 +0000
ROA not before:           Sun 20 Jul 2025 17:17:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215649
IP address blocks:        89.144.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 07:37:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:28:d7:7e:ec:ec:7a:4e:c2:b3:4e:51:01:86:a2:bb:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 20 17:17:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ce0598eede6acb9b60b068b3f0a779e8c762b84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:12:38:0c:19:18:36:ad:39:f1:54:8d:80:b5:
                    4c:95:37:1c:f5:fc:a9:37:d2:7e:bf:eb:07:d2:6c:
                    09:29:88:e0:2b:2c:83:b1:1d:99:de:4f:b6:26:cb:
                    8b:55:39:b9:95:ce:df:de:13:ea:8e:7c:d3:a7:4d:
                    b2:60:d6:38:67:d5:3b:e7:a3:11:82:4c:09:6d:a0:
                    d7:35:25:42:6b:ca:0d:77:77:b6:3c:5a:3e:38:5f:
                    96:91:04:ad:e4:a3:9a:88:87:51:e6:ed:45:78:60:
                    5e:db:e3:06:98:17:a6:41:6a:fc:62:26:7a:23:62:
                    9a:ae:77:0e:e8:45:db:57:77:8a:fc:f1:41:2f:d5:
                    93:fe:c4:b0:f2:9b:c3:ca:a3:70:a2:02:85:e9:75:
                    80:34:72:40:0b:ba:af:bc:f9:d6:57:34:3b:d9:50:
                    97:f3:34:84:80:f9:d2:ee:6f:1c:37:4c:63:b4:b0:
                    39:cd:c6:ca:8b:72:e8:c1:45:d1:4b:52:7b:8f:53:
                    80:1d:87:57:bd:eb:0e:1e:52:4a:1a:16:20:fb:83:
                    05:13:2e:0f:19:03:31:ab:e4:3a:78:57:cb:c3:e2:
                    c0:eb:ff:5b:92:40:68:8a:99:87:e5:77:af:96:96:
                    bf:5b:94:d3:e9:36:ff:d8:db:b2:0d:7c:1e:63:db:
                    20:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:E0:59:8E:ED:E6:AC:B9:B6:0B:06:8B:3F:0A:77:9E:8C:76:2B:84
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DOBZju3mrLm2CwaLPwp3nox2K4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:6f:e8:b5:72:cd:f9:28:7f:a6:9e:05:77:e8:60:f4:a4:af:
         02:cb:2b:13:5a:ea:90:ed:70:ac:6f:bd:5a:d1:bf:35:c6:22:
         24:6a:da:62:b9:97:3e:a6:c6:21:90:69:aa:5d:32:a0:a4:11:
         8e:46:84:eb:14:16:17:eb:97:af:0e:16:f0:b8:e9:17:d0:c7:
         aa:ec:76:47:28:3a:6e:55:e9:8b:f7:81:0e:93:eb:d5:00:b9:
         ff:cb:99:c7:4e:08:e9:a7:d5:d4:13:0d:00:2c:0c:3a:a5:bd:
         98:c6:77:76:82:23:f4:33:cb:db:25:13:54:87:70:78:f0:62:
         e4:45:ef:15:da:19:38:a1:d7:4f:54:41:d5:84:62:aa:15:29:
         5d:e8:22:79:bc:ab:b7:64:6a:a4:85:b5:19:14:71:25:70:55:
         f7:50:cc:2e:f2:72:db:2f:60:bd:de:be:c0:cb:86:f9:23:c9:
         57:7e:6b:28:37:d6:d7:4e:7a:2d:e2:7e:7c:22:88:e7:b4:87:
         e0:ee:5a:52:a6:1b:61:2e:b3:01:72:01:23:78:e8:12:f1:68:
         3d:0b:62:8f:e0:7c:26:ec:ad:e5:04:2b:41:31:e5:29:54:c2:
         01:b2:6b:b0:d9:2d:dc:9d:36:67:66:f3:b3:a2:3c:dd:b8:28:
         a7:a7:01:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgo137s7HpOwrNOUQGGortKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzIwMTcxNzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2UwNTk4ZWVkZTZhY2I5YjYwYjA2OGIzZjBhNzc5ZThjNzYyYjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshI4DBkYNq058VSNgLVMlTcc9fyp
N9J+v+sH0mwJKYjgKyyDsR2Z3k+2JsuLVTm5lc7f3hPqjnzTp02yYNY4Z9U756MR
gkwJbaDXNSVCa8oNd3e2PFo+OF+WkQSt5KOaiIdR5u1FeGBe2+MGmBemQWr8YiZ6
I2KarncO6EXbV3eK/PFBL9WT/sSw8pvDyqNwogKF6XWANHJAC7qvvPnWVzQ72VCX
8zSEgPnS7m8cN0xjtLA5zcbKi3LowUXRS1J7j1OAHYdXvesOHlJKGhYg+4MFEy4P
GQMxq+Q6eFfLw+LA6/9bkkBoipmH5Xevlpa/W5TT6Tb/2NuyDXweY9sgTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzgWY7t5qy5tgsGiz8Kd56MdiuEMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvRE9CWmp1M21yTG0yQ3dhTFB3cDNub3gySzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZAiMA0G
CSqGSIb3DQEBCwUAA4IBAQBGb+i1cs35KH+mngV36GD0pK8CyysTWuqQ7XCsb71a
0b81xiIkatpiuZc+psYhkGmqXTKgpBGORoTrFBYX65evDhbwuOkX0Meq7HZHKDpu
VemL94EOk+vVALn/y5nHTgjpp9XUEw0ALAw6pb2Yxnd2giP0M8vbJRNUh3B48GLk
Re8V2hk4oddPVEHVhGKqFSld6CJ5vKu3ZGqkhbUZFHElcFX3UMwu8nLbL2C93r7A
y4b5I8lXfmsoN9bXTnot4n58IojntIfg7lpSphthLrMBcgEjeOgS8Wg9C2KP4Hwm
7K3lBCtBMeUpVMIBsmuw2S3cnTZnZvOzojzduCinpwH5
-----END CERTIFICATE-----