Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/dLVFM6LOXJ7fgmVbzXYVW8I5oYY.roa
File:                     dLVFM6LOXJ7fgmVbzXYVW8I5oYY.roa (raw, json)
Hash identifier:          p6zpbFHToZdevuasfH2dIun4+77hBuovd01laS+bKxs=
Subject key identifier:   74:B5:45:33:A2:CE:5C:9E:DF:82:65:5B:CD:76:15:5B:C2:39:A1:86
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       01984CFC13934339DDB26D54119DDC05BA3A
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/dLVFM6LOXJ7fgmVbzXYVW8I5oYY.roa
Signing time:             Sun 27 Jul 2025 17:44:05 +0000
ROA not before:           Sun 27 Jul 2025 17:44:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209372
IP address blocks:        89.185.79.0/24 maxlen: 24
                          92.240.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 23:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4c:fc:13:93:43:39:dd:b2:6d:54:11:9d:dc:05:ba:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jul 27 17:44:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74b54533a2ce5c9edf82655bcd76155bc239a186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:96:73:7c:bb:34:2b:54:0a:9a:50:06:dd:2a:
                    87:97:7d:a2:a2:e1:8c:12:a8:19:39:3c:7f:82:13:
                    51:3b:89:c1:a5:5c:78:fe:05:c7:fa:84:a7:35:bc:
                    b8:ad:47:68:63:08:e5:49:1d:d8:6b:b8:e5:80:f2:
                    73:74:bd:35:0e:f7:88:af:93:e7:bf:33:3e:7c:7f:
                    d4:5d:68:1a:0a:69:6c:20:dd:e5:8e:45:68:1c:e3:
                    c6:77:ac:92:b0:8b:a1:7d:99:ed:e5:28:93:d8:6b:
                    c3:05:f2:ab:d6:6d:d2:f6:7b:4a:3b:cc:e4:02:61:
                    bb:27:fc:8f:a6:23:9a:b4:b6:df:37:f3:73:28:4e:
                    5f:2c:bc:e6:f7:8c:e5:66:90:39:29:9d:a5:c5:83:
                    07:8a:4b:72:cb:45:85:37:5d:d6:0f:7a:0b:c4:98:
                    a8:07:e9:3c:f2:a6:48:80:5c:45:d7:3b:13:b0:6f:
                    e7:3d:68:a6:5b:09:1a:6a:38:53:ed:84:9e:11:c9:
                    d4:01:e8:f1:bf:d2:fd:31:07:ce:7e:17:57:9a:2a:
                    71:10:d1:b0:92:90:91:67:09:bd:cc:92:7b:7d:72:
                    d7:0b:95:4a:66:90:99:3c:a0:e0:df:77:a0:f3:a7:
                    6d:4d:50:e2:c3:85:7a:e3:d3:ba:a9:d5:67:f9:1f:
                    21:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:B5:45:33:A2:CE:5C:9E:DF:82:65:5B:CD:76:15:5B:C2:39:A1:86
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/dLVFM6LOXJ7fgmVbzXYVW8I5oYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.79.0/24
                  92.240.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:36:26:60:14:b7:37:51:7f:36:3e:5a:b8:cf:39:ab:b5:5c:
         f2:a2:6d:88:ef:6b:09:f4:1a:f0:e0:7f:28:48:30:d4:7a:fc:
         dd:70:f3:7f:cf:db:50:e5:00:c5:b3:0b:ae:69:e6:cd:9f:e5:
         5b:d7:4f:cf:ee:27:b7:0b:cb:b0:ef:b9:cb:57:25:ce:70:fc:
         6f:b9:f9:f1:52:6d:92:ad:be:e4:85:5e:f9:e7:b3:0e:38:6b:
         f3:ef:16:d1:81:10:6f:2b:91:6b:0d:73:7e:0a:4a:a6:e1:0a:
         ff:2c:6f:be:1d:47:95:d6:84:bb:5e:6b:a1:76:b4:88:7d:0a:
         1e:75:07:d7:bd:bb:82:de:10:d9:75:96:fa:c8:68:7e:73:67:
         23:39:75:f3:e8:0f:04:15:5c:6c:84:65:e9:31:51:84:a3:a8:
         26:66:16:85:da:49:23:03:3e:9a:d5:60:3a:51:ed:10:21:6d:
         27:8c:46:d3:51:2f:a2:f0:24:84:61:21:2d:05:f6:31:85:84:
         9a:ec:12:cd:a7:73:51:1b:fa:c6:3c:66:97:47:9d:08:20:cb:
         59:7e:01:87:89:09:e4:a2:9c:05:b8:a7:8b:9f:99:fd:86:e2:
         c9:51:3f:6a:0b:30:96:e6:9b:dc:8d:d2:68:e8:9b:70:47:a2:
         d1:0a:52:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhM/BOTQzndsm1UEZ3cBbo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjUwNzI3MTc0NDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGI1NDUzM2EyY2U1YzllZGY4MjY1NWJjZDc2MTU1YmMyMzlhMTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JZzfLs0K1QKmlAG3SqHl32iouGM
EqgZOTx/ghNRO4nBpVx4/gXH+oSnNby4rUdoYwjlSR3Ya7jlgPJzdL01DveIr5Pn
vzM+fH/UXWgaCmlsIN3ljkVoHOPGd6ySsIuhfZnt5SiT2GvDBfKr1m3S9ntKO8zk
AmG7J/yPpiOatLbfN/NzKE5fLLzm94zlZpA5KZ2lxYMHiktyy0WFN13WD3oLxJio
B+k88qZIgFxF1zsTsG/nPWimWwkaajhT7YSeEcnUAejxv9L9MQfOfhdXmipxENGw
kpCRZwm9zJJ7fXLXC5VKZpCZPKDg33eg86dtTVDiw4V649O6qdVn+R8hcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHS1RTOizlye34JlW812FVvCOaGGMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvZExWRk02TE9YSjdmZ21WYnpYWVZXOEk1b1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWblPAwQA
XPDZMA0GCSqGSIb3DQEBCwUAA4IBAQBmNiZgFLc3UX82Plq4zzmrtVzyom2I72sJ
9Brw4H8oSDDUevzdcPN/z9tQ5QDFswuuaebNn+Vb10/P7ie3C8uw77nLVyXOcPxv
ufnxUm2Srb7khV7557MOOGvz7xbRgRBvK5FrDXN+Ckqm4Qr/LG++HUeV1oS7Xmuh
drSIfQoedQfXvbuC3hDZdZb6yGh+c2cjOXXz6A8EFVxshGXpMVGEo6gmZhaF2kkj
Az6a1WA6Ue0QIW0njEbTUS+i8CSEYSEtBfYxhYSa7BLNp3NRG/rGPGaXR50IIMtZ
fgGHiQnkopwFuKeLn5n9huLJUT9qCzCW5pvcjdJo6JtwR6LRClJa
-----END CERTIFICATE-----