Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/RX9rUID4G6ewyKF20iJaSn4FrL0.roa
File:                     RX9rUID4G6ewyKF20iJaSn4FrL0.roa (raw, json)
Hash identifier:          D8yD5OPlbFtwjyFVxmqm6eRVeodaarSnFohlFWCDDoQ=
Subject key identifier:   45:7F:6B:50:80:F8:1B:A7:B0:C8:A1:76:D2:22:5A:4A:7E:05:AC:BD
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0197EA1E610D90F84EFD6CDDF503994D7357
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/RX9rUID4G6ewyKF20iJaSn4FrL0.roa
Signing time:             Tue 08 Jul 2025 12:59:08 +0000
ROA not before:           Tue 08 Jul 2025 12:59:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51396
IP address blocks:        89.251.10.0/24 maxlen: 24
                          185.215.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 20:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ea:1e:61:0d:90:f8:4e:fd:6c:dd:f5:03:99:4d:73:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jul  8 12:59:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=457f6b5080f81ba7b0c8a176d2225a4a7e05acbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:db:79:ae:76:c8:51:0e:9d:00:9e:f2:2c:8a:
                    ab:52:10:b8:a3:9c:67:f1:05:3c:da:c6:e8:8f:59:
                    c1:8e:8e:75:a7:24:1c:cd:17:93:e9:14:f9:f1:10:
                    88:5d:2b:cf:24:a6:4d:95:ab:4a:af:31:72:ab:4c:
                    55:29:5f:1c:ae:d3:8d:5c:77:0c:9b:9d:63:a5:52:
                    8d:f9:eb:c2:b3:36:69:08:87:52:a4:8a:14:fa:ba:
                    7a:c3:ff:ab:aa:d6:6b:f9:6b:d0:7c:d6:3c:03:df:
                    04:8c:aa:6b:10:d3:b5:f6:5b:7b:72:dc:64:02:eb:
                    92:11:8b:85:07:89:8a:77:71:b3:18:bc:b3:f7:2a:
                    44:1f:21:8a:99:e2:c3:ac:b6:f7:5e:2e:d7:32:d9:
                    cc:f1:79:1c:bc:09:75:c7:87:d4:95:9a:84:9c:85:
                    14:e2:fc:01:9e:31:f7:5a:28:53:12:3d:70:5f:e9:
                    06:5e:49:00:d4:e9:db:da:7e:50:49:4b:1f:56:75:
                    eb:e8:eb:7d:51:c4:47:e6:b4:17:f6:e9:96:09:0a:
                    6a:a0:47:89:7a:ae:1f:25:05:de:80:1d:b9:2e:fe:
                    6b:72:16:77:26:d4:30:be:11:c8:4d:b0:ed:64:e1:
                    bc:1d:5f:63:44:e8:c5:0a:91:1f:41:13:e3:8e:66:
                    85:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7F:6B:50:80:F8:1B:A7:B0:C8:A1:76:D2:22:5A:4A:7E:05:AC:BD
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/RX9rUID4G6ewyKF20iJaSn4FrL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.10.0/24
                  185.215.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:41:a0:a3:66:e4:ea:85:fa:33:c8:ab:75:36:f8:31:e0:22:
         d2:ed:90:98:0d:30:67:72:9e:01:af:50:ac:24:fa:2c:f4:32:
         d1:47:0d:bb:3d:9c:fa:4a:b9:95:6a:24:a4:70:cb:30:06:e1:
         04:23:24:de:50:d6:e9:ee:58:c9:42:40:bd:c3:20:4a:e3:d1:
         2e:40:74:44:b1:44:84:fe:56:50:34:bd:e2:f1:b9:00:5f:59:
         65:2b:fe:bb:3b:c5:6c:d8:18:70:0e:d5:99:a3:f2:74:90:5b:
         95:63:d5:80:08:f5:40:5f:56:60:1c:37:f8:ae:08:41:43:d7:
         cf:90:6f:87:cb:2d:fe:8f:64:4e:c8:91:7d:5a:b1:28:d8:17:
         29:ea:e2:76:bc:54:d7:66:13:c9:d2:58:6e:dd:5a:9c:fb:a4:
         d3:fd:f7:22:45:70:ab:5a:1d:a0:99:35:c2:bd:8a:77:fa:9d:
         fd:dd:95:6f:89:39:a0:aa:26:e8:1d:bf:fa:a6:16:d8:96:ac:
         78:2b:04:bd:a1:96:59:71:88:a5:de:65:e7:b8:48:54:dd:d4:
         4f:d3:ea:af:94:61:8a:cf:6d:eb:b3:19:2d:e9:1e:40:be:e1:
         e1:b0:c8:81:67:1d:61:5e:74:7d:5a:cd:bb:67:40:61:d9:c2:
         17:24:f1:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfqHmENkPhO/Wzd9QOZTXNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNzA4MTI1OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTdmNmI1MDgwZjgxYmE3YjBjOGExNzZkMjIyNWE0YTdlMDVhY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09t5rnbIUQ6dAJ7yLIqrUhC4o5xn
8QU82sboj1nBjo51pyQczReT6RT58RCIXSvPJKZNlatKrzFyq0xVKV8crtONXHcM
m51jpVKN+evCszZpCIdSpIoU+rp6w/+rqtZr+WvQfNY8A98EjKprENO19lt7ctxk
AuuSEYuFB4mKd3GzGLyz9ypEHyGKmeLDrLb3Xi7XMtnM8XkcvAl1x4fUlZqEnIUU
4vwBnjH3WihTEj1wX+kGXkkA1Onb2n5QSUsfVnXr6Ot9UcRH5rQX9umWCQpqoEeJ
eq4fJQXegB25Lv5rchZ3JtQwvhHITbDtZOG8HV9jROjFCpEfQRPjjmaFvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEV/a1CA+BunsMihdtIiWkp+Bay9MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUlg5clVJRDRHNmV3eUtGMjBpSmFTbjRGckwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfsKAwQA
udf3MA0GCSqGSIb3DQEBCwUAA4IBAQBwQaCjZuTqhfozyKt1Nvgx4CLS7ZCYDTBn
cp4Br1CsJPos9DLRRw27PZz6SrmVaiSkcMswBuEEIyTeUNbp7ljJQkC9wyBK49Eu
QHREsUSE/lZQNL3i8bkAX1llK/67O8Vs2BhwDtWZo/J0kFuVY9WACPVAX1ZgHDf4
rghBQ9fPkG+Hyy3+j2ROyJF9WrEo2Bcp6uJ2vFTXZhPJ0lhu3Vqc+6TT/fciRXCr
Wh2gmTXCvYp3+p393ZVviTmgqiboHb/6phbYlqx4KwS9oZZZcYil3mXnuEhU3dRP
0+qvlGGKz23rsxkt6R5AvuHhsMiBZx1hXnR9Ws27Z0Bh2cIXJPE7
-----END CERTIFICATE-----