Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PPyqMTMQorObKFIG8IU42NujXXc.roa
File:                     PPyqMTMQorObKFIG8IU42NujXXc.roa (raw, json)
Hash identifier:          c68w2hWb+EWebd6IKBc1GmFGUMpqYOnKuZ050c66yHA=
Subject key identifier:   3C:FC:AA:31:33:10:A2:B3:9B:28:52:06:F0:85:38:D8:DB:A3:5D:77
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019768764E580F552AAE3C85430F1DAA825E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PPyqMTMQorObKFIG8IU42NujXXc.roa
Signing time:             Fri 13 Jun 2025 08:44:33 +0000
ROA not before:           Fri 13 Jun 2025 08:44:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213574
IP address blocks:        89.144.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:68:76:4e:58:0f:55:2a:ae:3c:85:43:0f:1d:aa:82:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun 13 08:44:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cfcaa313310a2b39b285206f08538d8dba35d77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f4:31:9d:35:d5:35:e1:d6:0c:6a:87:46:eb:
                    ec:5a:5b:49:e4:1f:2f:c1:69:dd:5f:65:6a:22:40:
                    26:b6:ac:54:bf:db:14:4f:47:93:e7:f0:32:2b:63:
                    ad:3b:fb:60:8f:ca:03:a1:83:9b:c7:71:c0:c1:f4:
                    8a:f7:03:8d:54:90:67:08:22:3e:89:c4:dc:3e:09:
                    3f:b9:95:4f:2a:fa:80:d4:de:66:df:87:77:51:32:
                    99:8f:7e:b3:a6:c1:12:ca:15:86:87:c5:52:a6:1a:
                    28:4c:76:eb:e4:42:37:63:e2:2a:10:3b:bc:d8:dc:
                    14:7f:13:bf:3b:97:46:b3:87:5f:27:3b:21:90:f8:
                    82:26:d1:a2:9f:06:7a:ef:d3:78:af:31:8f:07:fd:
                    76:d1:5a:37:07:a7:f6:b3:4c:9e:3a:27:61:2a:e6:
                    43:79:5f:c0:fd:8a:c3:49:1b:85:08:c2:ec:4c:c3:
                    fe:9d:dc:b7:c7:fe:ee:ec:66:87:c0:a4:48:49:11:
                    f2:86:10:f5:2d:98:f9:5d:48:e5:7d:cd:f3:c6:a1:
                    ec:80:ac:cb:74:df:37:4d:7f:a9:b8:52:98:56:07:
                    ec:72:a8:1c:36:bc:f6:34:ba:26:7f:20:4c:41:74:
                    57:03:88:74:01:5b:8a:e4:14:cd:20:1f:8c:29:14:
                    70:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:FC:AA:31:33:10:A2:B3:9B:28:52:06:F0:85:38:D8:DB:A3:5D:77
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PPyqMTMQorObKFIG8IU42NujXXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:8b:9a:e0:ea:fd:b0:3a:05:6d:a8:df:8b:7d:c3:e7:fa:52:
         3d:db:ef:9a:84:d3:25:87:db:be:90:e2:2b:43:3c:83:e2:33:
         37:82:30:b8:f8:83:50:7e:30:eb:e6:27:3d:cc:64:ea:bb:be:
         d9:62:8a:2c:6d:52:42:cd:a0:5e:3f:26:77:b7:af:a3:da:4c:
         7b:12:05:b9:45:00:6a:48:a7:2e:75:23:58:85:66:90:3c:e6:
         ed:ea:5c:fb:b9:08:ee:7c:89:1e:4a:af:26:e9:0d:38:fa:84:
         52:1f:a5:70:c0:2f:c2:91:40:ff:8f:d1:81:18:38:6f:a6:a3:
         54:c5:53:9c:5b:54:34:7c:6d:72:24:5e:14:93:2d:87:43:b8:
         4d:3f:df:ba:f1:f1:a8:ba:91:b8:88:57:35:23:a5:62:6e:7f:
         99:eb:77:22:f1:e8:98:fc:09:3d:95:54:62:a9:37:04:37:c5:
         5c:5b:5a:9f:63:0b:f9:01:e8:7c:8d:a8:c2:a9:b1:a3:b3:60:
         58:2f:c5:cb:d7:97:36:24:17:b2:e9:b9:e0:35:e6:22:09:7b:
         d6:61:01:ae:d8:5b:58:1e:88:0a:d6:03:06:06:dd:a0:6e:9b:
         bc:ae:a2:01:7f:d2:76:b2:e7:f9:5e:e4:fc:42:20:44:f6:2f:
         f4:ed:90:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdodk5YD1UqrjyFQw8dqoJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNjEzMDg0NDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ZjYWEzMTMzMTBhMmIzOWIyODUyMDZmMDg1MzhkOGRiYTM1ZDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvQxnTXVNeHWDGqHRuvsWltJ5B8v
wWndX2VqIkAmtqxUv9sUT0eT5/AyK2OtO/tgj8oDoYObx3HAwfSK9wONVJBnCCI+
icTcPgk/uZVPKvqA1N5m34d3UTKZj36zpsESyhWGh8VSphooTHbr5EI3Y+IqEDu8
2NwUfxO/O5dGs4dfJzshkPiCJtGinwZ679N4rzGPB/120Vo3B6f2s0yeOidhKuZD
eV/A/YrDSRuFCMLsTMP+ndy3x/7u7GaHwKRISRHyhhD1LZj5XUjlfc3zxqHsgKzL
dN83TX+puFKYVgfscqgcNrz2NLomfyBMQXRXA4h0AVuK5BTNIB+MKRRw+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDz8qjEzEKKzmyhSBvCFONjbo113MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUFB5cU1UTVFvck9iS0ZJRzhJVTQyTnVqWFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZAKMA0G
CSqGSIb3DQEBCwUAA4IBAQC+i5rg6v2wOgVtqN+LfcPn+lI92++ahNMlh9u+kOIr
QzyD4jM3gjC4+INQfjDr5ic9zGTqu77ZYoosbVJCzaBePyZ3t6+j2kx7EgW5RQBq
SKcudSNYhWaQPObt6lz7uQjufIkeSq8m6Q04+oRSH6VwwC/CkUD/j9GBGDhvpqNU
xVOcW1Q0fG1yJF4Uky2HQ7hNP9+68fGoupG4iFc1I6Vibn+Z63ci8eiY/Ak9lVRi
qTcEN8VcW1qfYwv5Aeh8jajCqbGjs2BYL8XL15c2JBey6bngNeYiCXvWYQGu2FtY
HogK1gMGBt2gbpu8rqIBf9J2suf5XuT8QiBE9i/07ZAV
-----END CERTIFICATE-----