Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VsbWEnbYv3Bh5mWdNpz4fZpwVBs.roa
File:                     VsbWEnbYv3Bh5mWdNpz4fZpwVBs.roa (raw, json)
Hash identifier:          +1Tgh5y1AGuspMr34Ou5SP3q1bOKlVDt633l0dcfv0c=
Subject key identifier:   56:C6:D6:12:76:D8:BF:70:61:E6:65:9D:36:9C:F8:7D:9A:70:54:1B
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019A41DEFA506F3A47301A199B5F657E5843
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VsbWEnbYv3Bh5mWdNpz4fZpwVBs.roa
Signing time:             Sun 02 Nov 2025 00:02:03 +0000
ROA not before:           Sun 02 Nov 2025 00:02:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213948
IP address blocks:        89.144.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:41:de:fa:50:6f:3a:47:30:1a:19:9b:5f:65:7e:58:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov  2 00:02:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56c6d61276d8bf7061e6659d369cf87d9a70541b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ae:26:a0:84:63:42:91:20:71:0b:3e:75:a8:
                    a6:44:18:60:a2:d8:a8:71:20:7c:3a:19:f7:5a:27:
                    9e:c6:c3:38:d8:94:da:5d:da:30:55:03:84:30:e2:
                    2c:00:9c:be:56:d9:e6:fd:b3:39:c3:72:34:66:cd:
                    47:59:91:04:f0:6c:0d:c1:53:6e:d1:1f:85:93:e8:
                    90:fe:ff:cf:77:cc:f8:c5:68:82:fc:a1:ae:b1:df:
                    63:c5:51:84:9c:6e:66:f3:35:2b:31:2e:3f:17:a1:
                    7b:28:f1:b5:dc:28:46:65:d6:2b:73:e9:b6:7b:d8:
                    f6:16:3a:58:f8:62:f3:73:df:a9:3b:a8:17:00:86:
                    37:b3:ae:14:e4:ca:18:5c:d9:ad:18:95:ce:44:19:
                    26:f6:72:9d:6c:30:43:df:63:c1:6a:43:f6:24:68:
                    6e:c9:38:d0:ef:17:db:ac:a8:65:d8:21:5e:e7:01:
                    30:65:e7:f4:38:2d:43:22:38:b9:4f:40:f9:a0:9e:
                    66:b0:d7:21:28:07:29:3e:9a:07:04:73:1c:64:3d:
                    be:88:7c:58:c8:96:a0:91:e7:bb:2d:9e:d0:99:8c:
                    c8:6b:46:e4:60:f0:6e:2b:26:b7:2a:87:0b:b6:3f:
                    34:e5:31:eb:90:d7:b3:13:be:1e:4f:46:ee:8e:3b:
                    70:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:C6:D6:12:76:D8:BF:70:61:E6:65:9D:36:9C:F8:7D:9A:70:54:1B
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/VsbWEnbYv3Bh5mWdNpz4fZpwVBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:9c:80:5e:6e:31:f5:c5:7b:4c:1c:80:87:67:31:ea:02:7c:
         2f:ec:31:d1:6f:9c:ae:f8:74:00:b5:07:74:00:0a:50:0d:fb:
         3f:ed:a7:ae:24:cd:45:a9:b0:7a:6f:6a:40:5d:7a:79:2a:e9:
         13:ee:8e:49:3d:18:72:33:be:06:1a:cf:45:b5:8a:43:a4:67:
         38:43:c2:c4:b0:b6:7b:2d:60:e1:0a:5a:bc:b4:0f:31:0f:91:
         40:c8:72:0c:8d:90:4b:f9:ae:f8:2b:ba:14:46:ef:fd:ab:5e:
         79:26:ed:fb:cc:14:01:58:d3:f4:7f:56:96:2c:09:81:1c:47:
         e8:94:72:a1:a4:f1:ec:d6:fc:83:11:13:11:56:7a:3c:21:f8:
         55:b8:1d:a6:7f:eb:3c:d1:80:95:ae:61:21:9c:52:de:01:fc:
         7a:09:16:99:cd:83:b2:5f:56:37:42:e9:68:60:55:2f:45:31:
         c9:43:e3:a9:97:bb:b7:a4:d3:99:2f:d7:82:80:10:e3:62:c2:
         a4:98:31:4a:ac:47:21:27:74:19:07:12:17:12:61:69:80:b4:
         2e:db:20:3e:9a:dd:3b:b4:07:08:bb:55:ae:00:8f:74:0c:4f:
         6e:17:8a:c9:ce:55:4b:92:2a:4c:9c:01:fe:d2:db:69:1e:89:
         b4:cd:0b:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpB3vpQbzpHMBoZm19lflhDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMTAyMDAwMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmM2ZDYxMjc2ZDhiZjcwNjFlNjY1OWQzNjljZjg3ZDlhNzA1NDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi64moIRjQpEgcQs+daimRBhgotio
cSB8Ohn3WieexsM42JTaXdowVQOEMOIsAJy+Vtnm/bM5w3I0Zs1HWZEE8GwNwVNu
0R+Fk+iQ/v/Pd8z4xWiC/KGusd9jxVGEnG5m8zUrMS4/F6F7KPG13ChGZdYrc+m2
e9j2FjpY+GLzc9+pO6gXAIY3s64U5MoYXNmtGJXORBkm9nKdbDBD32PBakP2JGhu
yTjQ7xfbrKhl2CFe5wEwZef0OC1DIji5T0D5oJ5msNchKAcpPpoHBHMcZD2+iHxY
yJagkee7LZ7QmYzIa0bkYPBuKya3KocLtj805THrkNezE74eT0bujjtw3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbG1hJ22L9wYeZlnTac+H2acFQbMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVnNiV0VuYll2M0JoNW1XZE5wejRmWnB3VkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZAyMA0G
CSqGSIb3DQEBCwUAA4IBAQBfnIBebjH1xXtMHICHZzHqAnwv7DHRb5yu+HQAtQd0
AApQDfs/7aeuJM1FqbB6b2pAXXp5KukT7o5JPRhyM74GGs9FtYpDpGc4Q8LEsLZ7
LWDhClq8tA8xD5FAyHIMjZBL+a74K7oURu/9q155Ju37zBQBWNP0f1aWLAmBHEfo
lHKhpPHs1vyDERMRVno8IfhVuB2mf+s80YCVrmEhnFLeAfx6CRaZzYOyX1Y3Qulo
YFUvRTHJQ+Opl7u3pNOZL9eCgBDjYsKkmDFKrEchJ3QZBxIXEmFpgLQu2yA+mt07
tAcIu1WuAI90DE9uF4rJzlVLkipMnAH+0ttpHom0zQt1
-----END CERTIFICATE-----