Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/1c15a2-d0ec-4c3a-86cd-83638475d8ab/1/pbRKHGGim2T9oFOk1F5-N0nr6q0.roa
File:                     pbRKHGGim2T9oFOk1F5-N0nr6q0.roa (raw, json)
Hash identifier:          NXd7NTfke96TSgBNfqU9yCpfwoUZvsEXnR8SlY9wRbQ=
Subject key identifier:   A5:B4:4A:1C:61:A2:9B:64:FD:A0:53:A4:D4:5E:7E:37:49:EB:EA:AD
Certificate issuer:       /CN=3e75d49ded20566ca745c28f80cfd9a92f4b7d47
Certificate serial:       019A53D20171878DE3263312A7936C2C3880
Authority key identifier: 3E:75:D4:9D:ED:20:56:6C:A7:45:C2:8F:80:CF:D9:A9:2F:4B:7D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PnXUne0gVmynRcKPgM_ZqS9LfUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/1c15a2-d0ec-4c3a-86cd-83638475d8ab/1/pbRKHGGim2T9oFOk1F5-N0nr6q0.roa
Signing time:             Wed 05 Nov 2025 11:41:03 +0000
ROA not before:           Wed 05 Nov 2025 11:41:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216472
IP address blocks:        89.43.132.0/24 maxlen: 24
                          89.43.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/1c15a2-d0ec-4c3a-86cd-83638475d8ab/1/PnXUne0gVmynRcKPgM_ZqS9LfUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/1c15a2-d0ec-4c3a-86cd-83638475d8ab/1/PnXUne0gVmynRcKPgM_ZqS9LfUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PnXUne0gVmynRcKPgM_ZqS9LfUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 11:41:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:d2:01:71:87:8d:e3:26:33:12:a7:93:6c:2c:38:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e75d49ded20566ca745c28f80cfd9a92f4b7d47
        Validity
            Not Before: Nov  5 11:41:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5b44a1c61a29b64fda053a4d45e7e3749ebeaad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c3:62:78:f4:00:fe:17:7a:f6:36:50:27:91:
                    2a:52:d2:f8:d2:39:18:ac:c1:d9:a0:93:01:df:a8:
                    31:4a:61:e4:b4:6a:d7:10:27:a3:5f:32:5d:d7:c8:
                    1e:3b:be:c3:db:96:8c:6a:88:57:07:85:76:e6:21:
                    3f:9c:96:3d:d0:0a:c8:37:aa:ce:a6:5e:7c:ec:d0:
                    f9:4b:55:71:00:ef:09:0b:79:55:f4:79:0c:db:3e:
                    88:fe:25:6b:c8:f7:97:44:2e:d9:4a:8c:97:25:9b:
                    05:70:d9:bd:23:a1:0a:c2:1e:af:e3:f0:b0:ff:53:
                    5f:0c:09:80:df:d6:87:a9:71:fa:3b:64:f4:38:3c:
                    b9:d5:a8:d5:7c:b6:3c:c3:a1:88:9a:1f:d5:03:22:
                    92:45:bf:d8:fc:73:42:75:ad:94:09:38:73:80:1c:
                    90:78:81:36:ba:fa:a9:a6:99:25:bc:f9:fd:5b:74:
                    56:ce:b0:f5:4c:11:8a:c4:c9:7d:4a:07:ef:85:88:
                    6a:d7:57:8d:ba:e6:c7:9f:ef:25:dc:c6:70:f2:48:
                    f5:f3:1f:80:19:a7:86:b6:dd:97:a2:44:d4:ce:b6:
                    91:32:c5:c9:ed:e1:b5:10:d3:97:5d:cf:b2:d8:7d:
                    3d:6c:60:17:ca:01:fd:68:2b:41:1b:3e:b0:e3:08:
                    52:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B4:4A:1C:61:A2:9B:64:FD:A0:53:A4:D4:5E:7E:37:49:EB:EA:AD
            X509v3 Authority Key Identifier:
                keyid:3E:75:D4:9D:ED:20:56:6C:A7:45:C2:8F:80:CF:D9:A9:2F:4B:7D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PnXUne0gVmynRcKPgM_ZqS9LfUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/1c15a2-d0ec-4c3a-86cd-83638475d8ab/1/pbRKHGGim2T9oFOk1F5-N0nr6q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/1c15a2-d0ec-4c3a-86cd-83638475d8ab/1/PnXUne0gVmynRcKPgM_ZqS9LfUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:e8:0e:77:ae:c6:00:02:ef:61:72:49:06:47:56:db:29:4a:
         ba:ac:d3:d1:ee:15:b3:0a:5c:76:b7:58:f0:c0:c2:cd:55:30:
         30:ed:de:8f:fd:d3:52:c6:98:b8:ba:15:00:b2:6a:7b:0e:70:
         b7:df:72:8b:d8:68:c0:ad:de:59:5c:d2:c9:13:35:cf:df:70:
         f5:07:af:a6:f1:72:48:e7:92:ae:75:09:f6:04:cf:75:3d:4c:
         db:12:09:23:7e:38:73:c6:b0:c6:9b:e8:c4:0b:e9:a0:ab:66:
         ab:2a:85:a2:9e:c6:e6:f2:e7:db:40:a2:ce:5e:9a:29:80:ec:
         4d:df:3c:7b:f7:20:be:a5:a5:69:9e:6c:a5:73:64:b7:b5:c2:
         b9:20:3d:a6:54:f8:c2:7c:bd:f3:9a:fc:44:77:78:22:3a:ec:
         39:4e:ec:f7:06:5e:8e:52:88:37:22:b7:4e:96:7e:e6:ff:31:
         08:54:f3:ca:bf:19:1f:12:30:3b:b9:2c:8f:7f:f3:6f:6a:49:
         63:c3:62:a1:e3:36:a4:21:c5:8e:97:37:ce:a4:cb:3e:3b:f9:
         96:6d:37:b4:9b:b9:d0:e8:70:ed:92:b3:ab:8a:6b:ff:23:e8:
         49:a5:7f:84:f3:91:7e:52:ad:06:3c:93:e5:2c:12:22:e5:08:
         6c:a6:34:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpT0gFxh43jJjMSp5NsLDiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzVkNDlkZWQyMDU2NmNhNzQ1YzI4ZjgwY2ZkOWE5MmY0
YjdkNDcwHhcNMjUxMTA1MTE0MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI0NGExYzYxYTI5YjY0ZmRhMDUzYTRkNDVlN2UzNzQ5ZWJlYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscNiePQA/hd69jZQJ5EqUtL40jkY
rMHZoJMB36gxSmHktGrXECejXzJd18geO77D25aMaohXB4V25iE/nJY90ArIN6rO
pl587ND5S1VxAO8JC3lV9HkM2z6I/iVryPeXRC7ZSoyXJZsFcNm9I6EKwh6v4/Cw
/1NfDAmA39aHqXH6O2T0ODy51ajVfLY8w6GImh/VAyKSRb/Y/HNCda2UCThzgByQ
eIE2uvqpppklvPn9W3RWzrD1TBGKxMl9SgfvhYhq11eNuubHn+8l3MZw8kj18x+A
GaeGtt2XokTUzraRMsXJ7eG1ENOXXc+y2H09bGAXygH9aCtBGz6w4whSpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKW0Shxhoptk/aBTpNRefjdJ6+qtMB8GA1UdIwQY
MBaAFD511J3tIFZsp0XCj4DP2akvS31HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5YVW5lMGdWbXluUmNLUGdNX1pxUzlMZlVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8xYzE1YTItZDBlYy00YzNhLTg2Y2Qt
ODM2Mzg0NzVkOGFiLzEvcGJSS0hHR2ltMlQ5b0ZPazFGNS1OMG5yNnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8xYzE1YTItZDBlYy00YzNhLTg2Y2QtODM2Mzg0NzVkOGFi
LzEvUG5YVW5lMGdWbXluUmNLUGdNX1pxUzlMZlVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSuEMA0G
CSqGSIb3DQEBCwUAA4IBAQAx6A53rsYAAu9hckkGR1bbKUq6rNPR7hWzClx2t1jw
wMLNVTAw7d6P/dNSxpi4uhUAsmp7DnC333KL2GjArd5ZXNLJEzXP33D1B6+m8XJI
55KudQn2BM91PUzbEgkjfjhzxrDGm+jEC+mgq2arKoWinsbm8ufbQKLOXpopgOxN
3zx79yC+paVpnmylc2S3tcK5ID2mVPjCfL3zmvxEd3giOuw5Tuz3Bl6OUog3IrdO
ln7m/zEIVPPKvxkfEjA7uSyPf/Nvakljw2Kh4zakIcWOlzfOpMs+O/mWbTe0m7nQ
6HDtkrOrimv/I+hJpX+E85F+Uq0GPJPlLBIi5QhspjTU
-----END CERTIFICATE-----