Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/kh3br9io16kmw-7oicNKEQZ-s1U.roa
File:                     kh3br9io16kmw-7oicNKEQZ-s1U.roa (raw, json)
Hash identifier:          KMo3OoyX+kQWR2ToLgUVj9Uww/2q4pq0J+EYnmu4w/I=
Subject key identifier:   92:1D:DB:AF:D8:A8:D7:A9:26:C3:EE:E8:89:C3:4A:11:06:7E:B3:55
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       019A50171BBD986A429DED05C7F0CEF2A48C
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/kh3br9io16kmw-7oicNKEQZ-s1U.roa
Signing time:             Tue 04 Nov 2025 18:18:02 +0000
ROA not before:           Tue 04 Nov 2025 18:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        89.18.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:17:1b:bd:98:6a:42:9d:ed:05:c7:f0:ce:f2:a4:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: Nov  4 18:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=921ddbafd8a8d7a926c3eee889c34a11067eb355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:93:e4:33:bb:da:56:88:02:14:36:09:e0:f1:
                    fd:1b:12:6b:97:64:a9:4e:e0:3b:04:cd:87:9b:57:
                    83:bc:1f:a7:cc:d2:9d:ce:f7:f0:1d:8c:3a:e4:ae:
                    e3:84:cc:1a:88:4f:18:4f:ee:54:d4:a3:8a:25:5a:
                    e0:95:ca:48:e2:a7:01:a4:4b:d8:26:e7:74:7e:59:
                    9b:7a:20:1e:b1:a4:2c:d9:e4:50:94:9c:f3:3a:51:
                    64:67:d8:da:48:80:08:bc:a9:d5:fa:d0:7b:9a:74:
                    26:15:bf:53:3e:f7:b8:dc:0b:2a:58:f5:3d:d9:05:
                    1b:43:0b:d9:4f:de:22:5c:4d:17:42:a3:73:5e:9b:
                    b5:b5:b2:da:ea:b7:93:86:7f:92:a3:57:69:b4:85:
                    ed:27:2d:b5:f6:4c:87:71:48:cd:bb:64:90:50:c1:
                    bd:6e:65:b6:44:97:31:1c:c4:90:76:d8:cd:88:5f:
                    07:6d:40:9f:b5:19:75:f6:3a:5f:6d:f4:dc:46:8c:
                    81:43:4f:b8:ac:21:02:b8:39:3e:4f:ba:bb:7b:40:
                    3c:06:d1:91:ac:d5:a5:54:63:7d:2c:76:82:77:cf:
                    b0:9b:87:8a:bd:f9:03:88:4a:85:94:92:db:cd:40:
                    a7:c1:4b:5e:b2:03:5f:bc:78:f4:70:be:b6:ba:e5:
                    34:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:1D:DB:AF:D8:A8:D7:A9:26:C3:EE:E8:89:C3:4A:11:06:7E:B3:55
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/kh3br9io16kmw-7oicNKEQZ-s1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:e9:c6:e9:21:73:1b:b2:af:c4:a5:9b:3e:58:1d:a5:02:2a:
         d3:5b:3e:fe:64:93:3e:37:19:8f:e3:80:8d:78:f4:38:7e:4e:
         38:9b:4f:3b:41:93:23:7d:0e:53:6d:e8:1c:49:8c:c4:39:91:
         ec:2c:53:c0:8f:49:15:74:ab:9e:a7:37:d0:f0:8f:6f:9a:95:
         6a:05:16:0e:02:72:a6:04:cf:97:a4:cf:31:f3:ab:54:a7:61:
         4d:fe:38:6e:2c:23:0e:31:b6:fe:23:6e:4a:0d:31:4a:3f:4a:
         0e:57:f4:8c:0b:94:ab:86:54:52:78:72:dd:b1:89:67:fc:3a:
         c6:2f:37:c5:ff:ae:a8:a1:8b:3a:c2:eb:93:d4:b0:95:31:2c:
         d9:75:cd:cb:cd:ac:61:d5:54:20:00:da:18:df:ba:22:4c:a8:
         12:6d:2c:25:74:4f:b6:26:18:c0:80:23:dc:74:8f:b3:f2:2e:
         11:c4:1b:d8:83:b3:4a:cb:9c:f4:62:89:17:40:d6:cd:8b:93:
         fb:c4:d1:71:9d:6e:de:8a:72:29:31:f7:ae:e8:f0:68:27:0e:
         20:43:49:b0:1c:37:00:5d:7d:cc:52:82:fa:e9:14:d8:ee:52:
         a4:af:aa:e7:32:69:52:6d:f2:65:ce:b1:e7:66:05:51:23:2f:
         e4:b5:78:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpQFxu9mGpCne0Fx/DO8qSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUxMTA0MTgxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjFkZGJhZmQ4YThkN2E5MjZjM2VlZTg4OWMzNGExMTA2N2ViMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpPkM7vaVogCFDYJ4PH9GxJrl2Sp
TuA7BM2Hm1eDvB+nzNKdzvfwHYw65K7jhMwaiE8YT+5U1KOKJVrglcpI4qcBpEvY
Jud0flmbeiAesaQs2eRQlJzzOlFkZ9jaSIAIvKnV+tB7mnQmFb9TPve43AsqWPU9
2QUbQwvZT94iXE0XQqNzXpu1tbLa6reThn+So1dptIXtJy219kyHcUjNu2SQUMG9
bmW2RJcxHMSQdtjNiF8HbUCftRl19jpfbfTcRoyBQ0+4rCECuDk+T7q7e0A8BtGR
rNWlVGN9LHaCd8+wm4eKvfkDiEqFlJLbzUCnwUtesgNfvHj0cL62uuU0swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJId26/YqNepJsPu6InDShEGfrNVMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEva2gzYnI5aW8xNmttdy03b2ljTktFUVotczFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI0MA0G
CSqGSIb3DQEBCwUAA4IBAQBp6cbpIXMbsq/EpZs+WB2lAirTWz7+ZJM+NxmP44CN
ePQ4fk44m087QZMjfQ5TbegcSYzEOZHsLFPAj0kVdKuepzfQ8I9vmpVqBRYOAnKm
BM+XpM8x86tUp2FN/jhuLCMOMbb+I25KDTFKP0oOV/SMC5SrhlRSeHLdsYln/DrG
LzfF/66ooYs6wuuT1LCVMSzZdc3Lzaxh1VQgANoY37oiTKgSbSwldE+2JhjAgCPc
dI+z8i4RxBvYg7NKy5z0YokXQNbNi5P7xNFxnW7einIpMfeu6PBoJw4gQ0mwHDcA
XX3MUoL66RTY7lKkr6rnMmlSbfJlzrHnZgVRIy/ktXhI
-----END CERTIFICATE-----