Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/65LOTWbYKO8WgYG9BzJDe2-WQYw.roa
File:                     65LOTWbYKO8WgYG9BzJDe2-WQYw.roa (raw, json)
Hash identifier:          r/wzovoY8RroYrCDVvJnayhwU+roMgwKwl/4ua4F6NI=
Subject key identifier:   EB:92:CE:4D:66:D8:28:EF:16:81:81:BD:07:32:43:7B:6F:96:41:8C
Certificate issuer:       /CN=2ca37da970c466457583bbe02b2a0e72fbdc6328
Certificate serial:       01966D0F22656362E9D0B85AAA5EC88109EB
Authority key identifier: 2C:A3:7D:A9:70:C4:66:45:75:83:BB:E0:2B:2A:0E:72:FB:DC:63:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/65LOTWbYKO8WgYG9BzJDe2-WQYw.roa
Signing time:             Fri 25 Apr 2025 13:07:10 +0000
ROA not before:           Fri 25 Apr 2025 13:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        80.89.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6d:0f:22:65:63:62:e9:d0:b8:5a:aa:5e:c8:81:09:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ca37da970c466457583bbe02b2a0e72fbdc6328
        Validity
            Not Before: Apr 25 13:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb92ce4d66d828ef168181bd0732437b6f96418c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a7:9c:05:2f:19:9d:73:08:dd:65:44:b3:64:
                    ce:2e:a1:5d:d0:2e:10:30:7a:5f:29:75:63:d6:37:
                    03:68:54:30:c2:5f:06:71:af:64:10:e7:44:93:15:
                    ee:55:50:2e:a6:fd:f8:bf:9a:52:62:4d:ed:0b:d8:
                    b0:96:ac:39:ea:05:64:74:89:19:de:e2:af:c9:b2:
                    52:c3:d6:ce:8f:bc:d3:3b:f4:6f:65:89:ea:0f:55:
                    9e:16:53:5e:2b:e2:b4:88:70:6f:0e:1b:9d:a3:0f:
                    16:1b:55:b6:81:2f:f3:45:7d:76:25:bd:11:e4:5a:
                    9d:3e:8b:19:30:dd:88:f4:59:4e:8d:67:7e:91:83:
                    c6:6a:18:0d:a3:5f:9b:a5:f4:60:7c:2f:e9:39:5a:
                    7a:f9:17:46:ee:32:85:c9:b5:a3:31:66:3a:b8:6f:
                    3c:c9:51:f1:89:bc:70:38:c6:e7:52:8e:2d:48:5a:
                    5a:0b:f4:7b:30:69:b1:fe:b4:cd:f4:ca:63:a1:93:
                    00:a4:3a:5e:20:ea:00:9c:28:03:69:b1:20:d5:59:
                    d6:9b:6a:a5:21:5d:f4:f2:cd:33:cc:95:f8:e0:7e:
                    9e:63:f9:9c:1c:be:38:44:d9:e0:d0:b3:85:71:0b:
                    98:78:b2:b7:da:9a:b3:cd:8c:0d:ce:e9:73:7c:4d:
                    7c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:92:CE:4D:66:D8:28:EF:16:81:81:BD:07:32:43:7B:6F:96:41:8C
            X509v3 Authority Key Identifier:
                keyid:2C:A3:7D:A9:70:C4:66:45:75:83:BB:E0:2B:2A:0E:72:FB:DC:63:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/65LOTWbYKO8WgYG9BzJDe2-WQYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:9e:1b:90:00:f9:ce:73:c3:28:94:58:4c:07:27:bb:56:63:
         d6:0d:63:9b:0a:26:a4:d2:29:d2:b7:e6:c2:73:7c:2f:f2:21:
         3f:4d:56:08:b5:12:1d:b7:a3:44:9b:27:c8:77:f3:ac:a2:7d:
         7d:5b:bb:81:44:6d:f8:25:62:d7:65:d0:14:92:25:8e:ee:5e:
         d1:53:44:60:89:95:fd:bd:7c:f2:57:40:06:47:67:e9:5a:ac:
         e5:ea:54:a3:69:d5:fe:b8:35:42:fa:8b:e0:93:5c:68:1c:2d:
         69:a8:94:04:80:b7:8f:3f:6a:c0:b4:ed:bf:1f:77:d8:5e:b5:
         bf:ee:f8:96:a3:4e:0d:dd:49:3e:15:af:53:96:07:82:fb:60:
         24:d3:bb:31:fb:22:85:a8:9f:8f:50:e4:93:f6:cc:f6:ea:30:
         73:7c:17:ca:11:65:10:e3:f3:ab:ee:45:22:3e:98:76:29:4e:
         c8:55:ce:50:5e:22:08:9e:61:35:d0:61:1e:67:7d:89:6b:9e:
         7d:93:b9:69:ab:42:88:33:69:da:0f:f1:b2:25:7c:f5:b5:88:
         05:93:fb:0b:31:f1:f5:55:5b:45:3b:fe:1b:72:1c:5a:dc:32:
         6d:51:29:b8:8c:33:e6:e2:84:ce:d3:bc:f3:fc:23:52:b5:5b:
         8f:b8:16:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZtDyJlY2Lp0Lhaql7IgQnrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYTM3ZGE5NzBjNDY2NDU3NTgzYmJlMDJiMmEwZTcyZmJk
YzYzMjgwHhcNMjUwNDI1MTMwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjkyY2U0ZDY2ZDgyOGVmMTY4MTgxYmQwNzMyNDM3YjZmOTY0MThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qecBS8ZnXMI3WVEs2TOLqFd0C4Q
MHpfKXVj1jcDaFQwwl8Gca9kEOdEkxXuVVAupv34v5pSYk3tC9iwlqw56gVkdIkZ
3uKvybJSw9bOj7zTO/RvZYnqD1WeFlNeK+K0iHBvDhudow8WG1W2gS/zRX12Jb0R
5FqdPosZMN2I9FlOjWd+kYPGahgNo1+bpfRgfC/pOVp6+RdG7jKFybWjMWY6uG88
yVHxibxwOMbnUo4tSFpaC/R7MGmx/rTN9MpjoZMApDpeIOoAnCgDabEg1VnWm2ql
IV308s0zzJX44H6eY/mcHL44RNng0LOFcQuYeLK32pqzzYwNzulzfE18GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuSzk1m2CjvFoGBvQcyQ3tvlkGMMB8GA1UdIwQY
MBaAFCyjfalwxGZFdYO74CsqDnL73GMoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEtOOXFYREVaa1YxZzd2Z0t5b09jdnZjWXlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yNDkyZmQtNmUzNy00NTgyLTg0ZTgt
OGNhMjVmNDg4ZWJmLzEvNjVMT1RXYllLTzhXZ1lHOUJ6SkRlMi1XUVl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yNDkyZmQtNmUzNy00NTgyLTg0ZTgtOGNhMjVmNDg4ZWJm
LzEvTEtOOXFYREVaa1YxZzd2Z0t5b09jdnZjWXlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFkDMA0G
CSqGSIb3DQEBCwUAA4IBAQA4nhuQAPnOc8MolFhMBye7VmPWDWObCiak0inSt+bC
c3wv8iE/TVYItRIdt6NEmyfId/Oson19W7uBRG34JWLXZdAUkiWO7l7RU0RgiZX9
vXzyV0AGR2fpWqzl6lSjadX+uDVC+ovgk1xoHC1pqJQEgLePP2rAtO2/H3fYXrW/
7viWo04N3Uk+Fa9TlgeC+2Ak07sx+yKFqJ+PUOST9sz26jBzfBfKEWUQ4/Or7kUi
Pph2KU7IVc5QXiIInmE10GEeZ32Ja559k7lpq0KIM2naD/GyJXz1tYgFk/sLMfH1
VVtFO/4bchxa3DJtUSm4jDPm4oTO07zz/CNStVuPuBbw
-----END CERTIFICATE-----