Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a34b68-5dcf-4a81-bc08-d1c3f288799c/1/0eASUYw5buzWADKhJAPCD_thD4s.roa
File:                     0eASUYw5buzWADKhJAPCD_thD4s.roa (raw, json)
Hash identifier:          Uq52mQ0d5aOs+tiyr9sazFI/NXMlXJdBfmeH08G5ncI=
Subject key identifier:   D1:E0:12:51:8C:39:6E:EC:D6:00:32:A1:24:03:C2:0F:FB:61:0F:8B
Certificate issuer:       /CN=e91bc4c42c503da0b7f8af16f7ee4b5471ff0e01
Certificate serial:       019856978BA1A746F3F43493E1D9C7AE4446
Authority key identifier: E9:1B:C4:C4:2C:50:3D:A0:B7:F8:AF:16:F7:EE:4B:54:71:FF:0E:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6RvExCxQPaC3-K8W9-5LVHH_DgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a34b68-5dcf-4a81-bc08-d1c3f288799c/1/0eASUYw5buzWADKhJAPCD_thD4s.roa
Signing time:             Tue 29 Jul 2025 14:30:28 +0000
ROA not before:           Tue 29 Jul 2025 14:30:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42667
IP address blocks:        89.186.23.0/24 maxlen: 24
                          89.186.28.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a34b68-5dcf-4a81-bc08-d1c3f288799c/1/6RvExCxQPaC3-K8W9-5LVHH_DgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a34b68-5dcf-4a81-bc08-d1c3f288799c/1/6RvExCxQPaC3-K8W9-5LVHH_DgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6RvExCxQPaC3-K8W9-5LVHH_DgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:97:8b:a1:a7:46:f3:f4:34:93:e1:d9:c7:ae:44:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e91bc4c42c503da0b7f8af16f7ee4b5471ff0e01
        Validity
            Not Before: Jul 29 14:30:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1e012518c396eecd60032a12403c20ffb610f8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bd:d5:af:44:0a:e4:e7:46:46:85:49:ee:9e:
                    b2:8b:23:be:0e:bf:c1:12:4b:15:52:47:ac:58:62:
                    82:12:d7:50:c8:6f:a3:6a:d3:ef:93:0e:78:18:2d:
                    a9:9e:64:98:1d:97:94:7c:5e:3f:13:2f:92:ad:b1:
                    07:5a:84:6f:4c:85:8e:d2:0b:70:96:83:4e:47:9b:
                    a9:b1:4e:e0:38:a5:fd:ff:44:bd:08:a7:ee:5a:45:
                    07:aa:ff:3b:06:64:d0:0c:66:fd:b1:54:d1:c2:3b:
                    9c:58:b4:03:b5:c1:a4:bf:98:76:e5:65:cf:dd:35:
                    fc:fa:9b:a9:ad:13:7b:db:f3:c8:b0:26:3c:d3:6f:
                    1f:91:bb:a2:e2:8a:a6:60:78:04:78:55:a1:24:af:
                    6a:49:db:ba:b5:29:6b:5e:0e:4e:51:14:a5:c0:d9:
                    50:31:7f:ef:c3:aa:9a:f6:f4:c3:d3:25:18:34:e6:
                    03:56:cd:60:b1:a4:f1:18:fa:de:16:d4:13:0d:02:
                    f2:ac:c0:bd:6d:76:17:d1:93:1a:79:92:6a:06:59:
                    0f:01:02:2f:a6:ac:a6:b3:c2:57:1e:81:a8:57:0a:
                    a5:46:bd:d9:da:bd:db:c7:27:a2:2b:e9:a7:07:66:
                    00:1a:4c:57:3f:69:03:0f:fb:69:3f:26:61:18:c4:
                    07:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E0:12:51:8C:39:6E:EC:D6:00:32:A1:24:03:C2:0F:FB:61:0F:8B
            X509v3 Authority Key Identifier:
                keyid:E9:1B:C4:C4:2C:50:3D:A0:B7:F8:AF:16:F7:EE:4B:54:71:FF:0E:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6RvExCxQPaC3-K8W9-5LVHH_DgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a34b68-5dcf-4a81-bc08-d1c3f288799c/1/0eASUYw5buzWADKhJAPCD_thD4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a34b68-5dcf-4a81-bc08-d1c3f288799c/1/6RvExCxQPaC3-K8W9-5LVHH_DgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.186.23.0/24
                  89.186.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:3a:f5:6b:71:5d:4d:36:94:0e:2a:6a:82:48:b3:15:d7:f7:
         10:0b:7d:cc:9c:d8:74:2a:c3:3e:26:d1:af:41:9c:16:e5:fd:
         d9:8c:7b:04:44:18:79:9f:4c:5b:76:8c:ed:48:6b:d5:f5:10:
         c6:b2:37:81:c1:9f:18:66:8a:0e:b5:8b:35:04:8d:b8:f1:0c:
         47:da:8e:76:0b:76:95:99:48:d0:5b:6d:dd:90:36:12:af:76:
         ef:aa:bc:e4:42:db:92:ec:79:aa:08:ab:96:c7:89:78:8b:9a:
         52:b2:1b:73:32:7a:d6:bd:da:b7:4b:23:e9:cf:60:c0:3e:ff:
         d2:5a:b9:f4:af:42:9a:82:5a:12:2a:3e:68:e3:04:98:ee:87:
         0f:6c:58:fe:eb:52:2e:e8:5c:11:83:62:45:a7:a5:6f:44:14:
         e7:d9:df:47:bf:22:4f:1a:5f:2b:fb:75:01:2b:eb:33:89:8a:
         cb:1b:fd:d3:5b:9b:10:8f:2d:51:04:d4:b9:a5:a4:f7:9f:7d:
         06:68:29:7c:3c:8b:ad:55:9a:2a:5c:6b:42:ab:07:28:1f:4d:
         85:a3:1b:ca:24:de:97:2f:49:e5:09:7e:df:77:85:13:12:ff:
         37:07:1c:29:2d:02:2b:7f:11:d2:a8:ed:7d:a8:77:ae:e8:7f:
         b0:95:02:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhWl4uhp0bz9DST4dnHrkRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MWJjNGM0MmM1MDNkYTBiN2Y4YWYxNmY3ZWU0YjU0NzFm
ZjBlMDEwHhcNMjUwNzI5MTQzMDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWUwMTI1MThjMzk2ZWVjZDYwMDMyYTEyNDAzYzIwZmZiNjEwZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvL3Vr0QK5OdGRoVJ7p6yiyO+Dr/B
EksVUkesWGKCEtdQyG+jatPvkw54GC2pnmSYHZeUfF4/Ey+SrbEHWoRvTIWO0gtw
loNOR5upsU7gOKX9/0S9CKfuWkUHqv87BmTQDGb9sVTRwjucWLQDtcGkv5h25WXP
3TX8+puprRN72/PIsCY8028fkbui4oqmYHgEeFWhJK9qSdu6tSlrXg5OURSlwNlQ
MX/vw6qa9vTD0yUYNOYDVs1gsaTxGPreFtQTDQLyrMC9bXYX0ZMaeZJqBlkPAQIv
pqyms8JXHoGoVwqlRr3Z2r3bxyeiK+mnB2YAGkxXP2kDD/tpPyZhGMQH3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNHgElGMOW7s1gAyoSQDwg/7YQ+LMB8GA1UdIwQY
MBaAFOkbxMQsUD2gt/ivFvfuS1Rx/w4BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlJ2RXhDeFFQYUMzLUs4VzktNUxWSEhfRGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hMzRiNjgtNWRjZi00YTgxLWJjMDgt
ZDFjM2YyODg3OTljLzEvMGVBU1VZdzVidXpXQURLaEpBUENEX3RoRDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hMzRiNjgtNWRjZi00YTgxLWJjMDgtZDFjM2YyODg3OTlj
LzEvNlJ2RXhDeFFQYUMzLUs4VzktNUxWSEhfRGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWboXAwQB
WbocMA0GCSqGSIb3DQEBCwUAA4IBAQA/OvVrcV1NNpQOKmqCSLMV1/cQC33MnNh0
KsM+JtGvQZwW5f3ZjHsERBh5n0xbdoztSGvV9RDGsjeBwZ8YZooOtYs1BI248QxH
2o52C3aVmUjQW23dkDYSr3bvqrzkQtuS7HmqCKuWx4l4i5pSshtzMnrWvdq3SyPp
z2DAPv/SWrn0r0KagloSKj5o4wSY7ocPbFj+61Iu6FwRg2JFp6VvRBTn2d9HvyJP
Gl8r+3UBK+sziYrLG/3TW5sQjy1RBNS5paT3n30GaCl8PIutVZoqXGtCqwcoH02F
oxvKJN6XL0nlCX7fd4UTEv83BxwpLQIrfxHSqO19qHeu6H+wlQLZ
-----END CERTIFICATE-----