Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/MOeM4pvJ19VMTsgR_3r5c0Guzfo.roa
File:                     MOeM4pvJ19VMTsgR_3r5c0Guzfo.roa (raw, json)
Hash identifier:          O4JMykojMIHNUFBT5ERdOkwmTNiX1uT13DSMptHNwG0=
Subject key identifier:   30:E7:8C:E2:9B:C9:D7:D5:4C:4E:C8:11:FF:7A:F9:73:41:AE:CD:FA
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       019840ECEA900E10C0A7C7E67BD5679B6245
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/MOeM4pvJ19VMTsgR_3r5c0Guzfo.roa
Signing time:             Fri 25 Jul 2025 09:32:05 +0000
ROA not before:           Fri 25 Jul 2025 09:32:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        89.34.64.0/22 maxlen: 24
                          89.34.112.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 19:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:ec:ea:90:0e:10:c0:a7:c7:e6:7b:d5:67:9b:62:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Jul 25 09:32:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30e78ce29bc9d7d54c4ec811ff7af97341aecdfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:62:09:95:76:5f:5f:ca:eb:df:9f:93:aa:3a:
                    6d:e0:bc:b6:43:55:f2:79:3a:34:68:ee:82:5a:99:
                    c3:ea:95:c7:49:6d:42:8d:e9:bf:43:15:7b:e5:69:
                    2b:2e:3f:17:26:a8:35:ab:5f:c0:10:00:d4:bb:16:
                    20:53:1d:1f:3a:95:7d:29:19:f4:8d:38:7a:b5:46:
                    8c:24:a9:d8:97:be:c4:65:46:d8:0e:e9:2e:23:4e:
                    fb:ca:15:be:43:b0:7b:7c:80:c9:dd:23:de:59:36:
                    05:89:5d:dc:c1:b1:15:2e:72:74:11:52:19:7d:ef:
                    e3:fc:2d:dc:92:e4:34:36:8b:d0:2e:0b:60:f5:c4:
                    59:c4:d4:7d:68:28:f0:63:71:07:d7:e6:00:30:ab:
                    7a:5f:44:2e:50:87:ab:21:23:9f:96:ca:6f:b6:48:
                    33:51:ab:54:1e:c5:ac:ff:d2:ff:34:c2:87:7e:31:
                    bc:c7:b6:5c:8d:1b:f9:5e:b3:b3:c4:13:15:b8:f5:
                    80:69:c8:07:b6:c0:0e:c3:21:48:e9:c9:83:b3:ad:
                    59:3f:81:2f:52:7d:40:fd:8c:5e:06:2f:32:c2:ad:
                    46:79:ef:08:71:a5:6c:4c:86:aa:56:27:e5:ad:68:
                    19:ff:40:15:92:f4:01:d8:0d:f8:c9:c1:08:ad:c0:
                    ac:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E7:8C:E2:9B:C9:D7:D5:4C:4E:C8:11:FF:7A:F9:73:41:AE:CD:FA
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/MOeM4pvJ19VMTsgR_3r5c0Guzfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.64.0/22
                  89.34.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         88:09:b2:85:03:6e:06:31:4f:3c:04:2d:8f:80:e7:29:c3:d2:
         4f:20:55:89:a9:6a:31:a8:4b:1e:fa:e5:10:07:92:19:88:7d:
         28:2d:32:89:c2:0a:6b:59:46:81:ac:eb:27:a2:57:b0:67:9d:
         50:43:e9:79:1a:36:44:b1:dd:0b:3d:de:e8:29:87:31:4f:52:
         d1:66:25:9b:70:51:75:be:bf:68:ec:e4:6d:6d:f8:4d:f1:89:
         8c:64:74:59:a4:9a:0a:84:47:a6:92:1e:7a:2b:22:1d:d5:32:
         c2:8a:f2:3b:6d:c6:36:d2:97:af:a7:0a:7d:51:b3:bc:1a:4e:
         17:f2:fd:fa:67:73:bf:15:bc:39:f3:67:5c:6a:83:b2:a0:ea:
         62:70:65:6d:a2:44:cc:01:2b:43:0e:80:12:9b:2c:a6:a8:5a:
         c9:00:fe:ee:47:1e:f6:d9:39:ca:eb:19:0f:34:a2:31:f6:20:
         9d:7c:fd:2c:9c:94:d2:b4:10:22:f4:50:1c:c1:a6:91:e2:8c:
         b4:22:4c:43:a7:bb:8c:c4:e8:80:77:72:46:6d:af:24:df:b9:
         70:cc:49:d7:c6:02:c3:f7:d7:f5:82:6b:d0:54:7f:3d:5f:94:
         b4:49:48:b2:1f:58:04:c1:a4:7f:20:12:d6:1f:0d:bd:00:aa:
         1c:6d:15:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhA7OqQDhDAp8fme9Vnm2JFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjUwNzI1MDkzMjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGU3OGNlMjliYzlkN2Q1NGM0ZWM4MTFmZjdhZjk3MzQxYWVjZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42IJlXZfX8rr35+Tqjpt4Ly2Q1Xy
eTo0aO6CWpnD6pXHSW1Cjem/QxV75WkrLj8XJqg1q1/AEADUuxYgUx0fOpV9KRn0
jTh6tUaMJKnYl77EZUbYDukuI077yhW+Q7B7fIDJ3SPeWTYFiV3cwbEVLnJ0EVIZ
fe/j/C3ckuQ0NovQLgtg9cRZxNR9aCjwY3EH1+YAMKt6X0QuUIerISOflspvtkgz
UatUHsWs/9L/NMKHfjG8x7ZcjRv5XrOzxBMVuPWAacgHtsAOwyFI6cmDs61ZP4Ev
Un1A/YxeBi8ywq1Gee8IcaVsTIaqViflrWgZ/0AVkvQB2A34ycEIrcCskQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDDnjOKbydfVTE7IEf96+XNBrs36MB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvTU9lTTRwdkoxOVZNVHNnUl8zcjVjMEd1emZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWSJAAwQD
WSJwMA0GCSqGSIb3DQEBCwUAA4IBAQCICbKFA24GMU88BC2PgOcpw9JPIFWJqWox
qEse+uUQB5IZiH0oLTKJwgprWUaBrOsnolewZ51QQ+l5GjZEsd0LPd7oKYcxT1LR
ZiWbcFF1vr9o7ORtbfhN8YmMZHRZpJoKhEemkh56KyId1TLCivI7bcY20pevpwp9
UbO8Gk4X8v36Z3O/Fbw582dcaoOyoOpicGVtokTMAStDDoASmyymqFrJAP7uRx72
2TnK6xkPNKIx9iCdfP0snJTStBAi9FAcwaaR4oy0IkxDp7uMxOiAd3JGba8k37lw
zEnXxgLD99f1gmvQVH89X5S0SUiyH1gEwaR/IBLWHw29AKocbRWe
-----END CERTIFICATE-----