Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_XoZvt9-6m0dUVhlRqZRdOT6EDw.roa
File:                     _XoZvt9-6m0dUVhlRqZRdOT6EDw.roa (raw, json)
Hash identifier:          JbWXC8VXOYxaul8xyW38j5fJIxyTHo2PZE/vFBs4/R0=
Subject key identifier:   FD:7A:19:BE:DF:7E:EA:6D:1D:51:58:65:46:A6:51:74:E4:FA:10:3C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019851D00B54D4837AD3417D304C1EC9E9A0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_XoZvt9-6m0dUVhlRqZRdOT6EDw.roa
Signing time:             Mon 28 Jul 2025 16:14:05 +0000
ROA not before:           Mon 28 Jul 2025 16:14:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58643
IP address blocks:        89.28.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 05:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:51:d0:0b:54:d4:83:7a:d3:41:7d:30:4c:1e:c9:e9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 28 16:14:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd7a19bedf7eea6d1d51586546a65174e4fa103c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ee:58:aa:f7:79:63:30:a4:e1:0e:ed:ac:ce:
                    78:26:07:d9:98:7f:07:f2:15:88:0c:77:8c:7d:10:
                    94:94:ac:aa:69:7c:c9:60:55:f1:36:66:9b:f9:6d:
                    5b:2c:1f:d3:1d:e9:8e:0e:d6:7a:a5:97:08:f0:33:
                    75:4d:77:48:b4:e5:10:03:98:0f:c7:87:b4:fc:e8:
                    64:ab:31:c5:c5:1f:e5:ab:16:94:4a:9d:68:06:42:
                    28:c6:a5:86:91:e8:e8:b7:7b:3c:f0:69:0f:b8:89:
                    4b:78:d5:9a:75:53:4c:1b:e9:a3:a9:71:18:4a:a1:
                    c3:86:d6:99:3a:fa:fe:53:2c:c1:53:65:c4:f6:b2:
                    e8:b0:50:0a:82:fe:4d:8c:4e:42:94:82:39:bf:f2:
                    f2:1e:ac:59:01:07:92:42:5f:bf:e8:a4:a6:60:5a:
                    3f:4e:91:b4:ba:d2:54:10:fd:36:b8:c0:e8:1e:48:
                    5a:b1:20:9b:ac:a3:39:2b:ba:46:5a:2e:01:9a:85:
                    f7:91:0e:b5:80:7e:99:8a:4b:00:8b:33:eb:5a:0f:
                    81:c0:ab:66:6b:8f:a5:1a:ce:31:76:2e:57:86:3e:
                    53:6b:a6:5e:40:f8:a1:65:08:e2:79:7d:e4:41:90:
                    75:fd:ea:d4:ab:fb:31:20:5f:45:bf:bc:62:14:d3:
                    e0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:7A:19:BE:DF:7E:EA:6D:1D:51:58:65:46:A6:51:74:E4:FA:10:3C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_XoZvt9-6m0dUVhlRqZRdOT6EDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:85:eb:89:a6:2e:9c:ca:71:56:8c:63:52:34:d4:a0:24:14:
         f0:ec:54:a5:4b:21:4a:02:a8:bf:c6:10:b8:90:a2:73:00:e4:
         8d:4c:8d:fa:3c:78:5b:75:fa:1a:7d:71:b9:79:df:3c:4d:ae:
         60:49:e3:6d:68:d9:8d:e3:7a:cb:8d:1e:80:51:04:16:7a:04:
         cd:19:a3:52:a0:81:82:03:53:5a:6c:21:8c:dd:86:8c:8e:4e:
         dd:c5:17:05:c8:37:07:3e:44:77:ba:af:f2:ef:d1:ad:f0:2b:
         dd:ac:a4:af:e9:a4:ce:d9:8a:88:a9:76:c5:e5:74:57:3b:55:
         04:3a:71:64:d7:0d:f3:de:1b:29:1a:4b:8a:ea:36:d2:93:f4:
         5c:f7:53:11:02:3e:32:05:c9:5f:fe:7b:57:51:07:27:4f:21:
         68:17:af:b7:db:d5:9f:6d:0b:15:b7:b7:2b:d7:60:1b:c7:b7:
         a9:fa:1c:58:57:4a:76:19:4a:01:4c:bd:95:e5:25:f7:e5:5b:
         64:83:e2:de:24:54:c4:14:ba:c4:fa:87:cb:0a:a8:f2:af:87:
         c2:71:74:26:7a:83:2f:b1:96:2d:a4:5f:3a:a1:e9:3c:a0:a0:
         08:1d:00:3c:d3:69:61:14:c5:84:1c:1b:2e:4c:73:e1:ca:96:
         79:86:a2:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhR0AtU1IN600F9MEweyemgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzI4MTYxNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDdhMTliZWRmN2VlYTZkMWQ1MTU4NjU0NmE2NTE3NGU0ZmExMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxu5Yqvd5YzCk4Q7trM54JgfZmH8H
8hWIDHeMfRCUlKyqaXzJYFXxNmab+W1bLB/THemODtZ6pZcI8DN1TXdItOUQA5gP
x4e0/OhkqzHFxR/lqxaUSp1oBkIoxqWGkejot3s88GkPuIlLeNWadVNMG+mjqXEY
SqHDhtaZOvr+UyzBU2XE9rLosFAKgv5NjE5ClII5v/LyHqxZAQeSQl+/6KSmYFo/
TpG0utJUEP02uMDoHkhasSCbrKM5K7pGWi4BmoX3kQ61gH6ZiksAizPrWg+BwKtm
a4+lGs4xdi5Xhj5Ta6ZeQPihZQjieX3kQZB1/erUq/sxIF9Fv7xiFNPgVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP16Gb7ffuptHVFYZUamUXTk+hA8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX1hvWnZ0OS02bTBkVVZobFJxWlJkT1Q2RUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzrMA0G
CSqGSIb3DQEBCwUAA4IBAQCBheuJpi6cynFWjGNSNNSgJBTw7FSlSyFKAqi/xhC4
kKJzAOSNTI36PHhbdfoafXG5ed88Ta5gSeNtaNmN43rLjR6AUQQWegTNGaNSoIGC
A1NabCGM3YaMjk7dxRcFyDcHPkR3uq/y79Gt8CvdrKSv6aTO2YqIqXbF5XRXO1UE
OnFk1w3z3hspGkuK6jbSk/Rc91MRAj4yBclf/ntXUQcnTyFoF6+329WfbQsVt7cr
12Abx7ep+hxYV0p2GUoBTL2V5SX35Vtkg+LeJFTEFLrE+ofLCqjyr4fCcXQmeoMv
sZYtpF86oek8oKAIHQA802lhFMWEHBsuTHPhypZ5hqIV
-----END CERTIFICATE-----