Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/3716d9-473f-4af3-a1d3-24e6c0d4fad7/1/Jf9y1r-7U3oVE_0fSwlBWZfWEa0.roa
File:                     Jf9y1r-7U3oVE_0fSwlBWZfWEa0.roa (raw, json)
Hash identifier:          GPOv3V78s13UPdmn9zsSWoQbLb5tsSshuu6xid5/0Es=
Subject key identifier:   25:FF:72:D6:BF:BB:53:7A:15:13:FD:1F:4B:09:41:59:97:D6:11:AD
Certificate issuer:       /CN=09b4bf37f39eec62982c4b63709fab5d146c7373
Certificate serial:       0197700001913F327F737CE2B8E6203AFE96
Authority key identifier: 09:B4:BF:37:F3:9E:EC:62:98:2C:4B:63:70:9F:AB:5D:14:6C:73:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CbS_N_Oe7GKYLEtjcJ-rXRRsc3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/3716d9-473f-4af3-a1d3-24e6c0d4fad7/1/Jf9y1r-7U3oVE_0fSwlBWZfWEa0.roa
Signing time:             Sat 14 Jun 2025 19:52:17 +0000
ROA not before:           Sat 14 Jun 2025 19:52:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44756
IP address blocks:        89.44.110.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/3716d9-473f-4af3-a1d3-24e6c0d4fad7/1/CbS_N_Oe7GKYLEtjcJ-rXRRsc3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/3716d9-473f-4af3-a1d3-24e6c0d4fad7/1/CbS_N_Oe7GKYLEtjcJ-rXRRsc3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CbS_N_Oe7GKYLEtjcJ-rXRRsc3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:70:00:01:91:3f:32:7f:73:7c:e2:b8:e6:20:3a:fe:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09b4bf37f39eec62982c4b63709fab5d146c7373
        Validity
            Not Before: Jun 14 19:52:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25ff72d6bfbb537a1513fd1f4b09415997d611ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a5:08:fa:b0:40:3a:97:c7:8b:5f:f2:36:5f:
                    ee:e4:34:b9:a8:ae:9a:bd:88:b7:19:07:f4:ae:05:
                    e7:85:79:e2:8e:6e:fd:62:a1:48:5c:aa:da:af:e3:
                    ae:7b:8a:4d:6d:ff:be:15:5a:ba:7c:75:33:e8:50:
                    5b:aa:cf:ba:61:f1:0f:c9:9c:66:44:9b:9a:59:21:
                    e1:ac:26:e7:92:dd:9c:4e:e2:0c:c7:a4:36:94:78:
                    27:80:57:32:2a:2a:6f:f5:8c:b4:02:ad:08:b3:cd:
                    da:dd:63:65:22:63:dc:2d:f4:57:0e:34:0a:d4:4b:
                    9d:cf:1a:bf:fe:ab:a5:80:d4:2f:71:ed:dc:79:db:
                    2b:5e:bb:1e:ae:5a:0a:91:17:31:48:4c:87:00:8d:
                    bb:32:d7:87:d8:d0:40:67:57:ac:35:1c:15:d9:3e:
                    d5:c5:38:67:4b:ea:6a:58:8f:3c:c7:85:5b:98:94:
                    57:d4:19:3d:77:fe:3f:3d:c0:44:33:dc:b3:75:97:
                    96:6a:ba:73:0d:19:21:6a:9b:1b:f9:0f:dd:6f:e2:
                    89:c1:0a:60:df:0a:dd:db:aa:43:e3:44:4d:bf:a3:
                    8b:d4:5b:a4:97:1e:55:e9:bd:67:17:da:f7:0a:be:
                    95:82:3d:03:d6:0b:01:78:a9:41:87:ca:a2:81:39:
                    f4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:FF:72:D6:BF:BB:53:7A:15:13:FD:1F:4B:09:41:59:97:D6:11:AD
            X509v3 Authority Key Identifier:
                keyid:09:B4:BF:37:F3:9E:EC:62:98:2C:4B:63:70:9F:AB:5D:14:6C:73:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CbS_N_Oe7GKYLEtjcJ-rXRRsc3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/3716d9-473f-4af3-a1d3-24e6c0d4fad7/1/Jf9y1r-7U3oVE_0fSwlBWZfWEa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/3716d9-473f-4af3-a1d3-24e6c0d4fad7/1/CbS_N_Oe7GKYLEtjcJ-rXRRsc3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:df:3b:1d:54:f1:d7:65:69:3d:ff:0f:1f:b6:c1:da:58:1d:
         4d:bd:76:64:44:00:6a:4c:12:34:e0:2a:20:fe:e1:fa:4d:ce:
         2d:4f:e7:79:97:d2:96:4d:7f:6c:67:32:b8:84:85:b8:70:5c:
         5a:38:eb:7c:b4:8e:c7:8c:a4:3d:7f:bc:5f:4a:5a:27:14:88:
         b6:ff:fb:34:7f:65:03:2a:f1:35:f8:6c:1a:06:f2:53:9b:07:
         63:9f:f5:c5:a8:c1:a1:c1:2b:da:7e:f5:fd:1d:ae:44:d5:80:
         08:34:72:aa:60:a4:76:0a:2a:11:3a:8a:fa:3a:91:00:32:c2:
         52:28:f6:15:83:c3:49:87:07:3a:56:69:ae:5f:c6:96:18:dc:
         ee:9c:96:c7:7c:54:b0:d5:00:2e:07:c0:8b:b9:bb:f5:d4:e0:
         8d:ce:79:44:7d:47:ac:16:b3:6c:7b:21:0a:e8:5c:a4:bb:28:
         d6:76:03:94:7c:d7:27:1e:c7:5b:89:75:27:ac:ad:c9:56:d8:
         d9:62:60:37:cf:7e:79:f2:02:54:de:67:7f:6e:6e:ec:6b:e6:
         66:dc:8c:96:91:51:d4:c2:f5:0b:94:67:49:5a:ba:60:52:ab:
         62:f4:ee:45:e3:88:bf:48:b8:8c:51:73:13:e9:91:a0:49:a6:
         7a:05:c0:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdwAAGRPzJ/c3ziuOYgOv6WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YjRiZjM3ZjM5ZWVjNjI5ODJjNGI2MzcwOWZhYjVkMTQ2
YzczNzMwHhcNMjUwNjE0MTk1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWZmNzJkNmJmYmI1MzdhMTUxM2ZkMWY0YjA5NDE1OTk3ZDYxMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqUI+rBAOpfHi1/yNl/u5DS5qK6a
vYi3GQf0rgXnhXnijm79YqFIXKrar+Oue4pNbf++FVq6fHUz6FBbqs+6YfEPyZxm
RJuaWSHhrCbnkt2cTuIMx6Q2lHgngFcyKipv9Yy0Aq0Is83a3WNlImPcLfRXDjQK
1Eudzxq//qulgNQvce3cedsrXrserloKkRcxSEyHAI27MteH2NBAZ1esNRwV2T7V
xThnS+pqWI88x4VbmJRX1Bk9d/4/PcBEM9yzdZeWarpzDRkhapsb+Q/db+KJwQpg
3wrd26pD40RNv6OL1Fuklx5V6b1nF9r3Cr6Vgj0D1gsBeKlBh8qigTn05wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX/cta/u1N6FRP9H0sJQVmX1hGtMB8GA1UdIwQY
MBaAFAm0vzfznuximCxLY3Cfq10UbHNzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2JTX05fT2U3R0tZTEV0amNKLXJYUlJzYzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8zNzE2ZDktNDczZi00YWYzLWExZDMt
MjRlNmMwZDRmYWQ3LzEvSmY5eTFyLTdVM29WRV8wZlN3bEJXWmZXRWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8zNzE2ZDktNDczZi00YWYzLWExZDMtMjRlNmMwZDRmYWQ3
LzEvQ2JTX05fT2U3R0tZTEV0amNKLXJYUlJzYzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSxuMA0G
CSqGSIb3DQEBCwUAA4IBAQAY3zsdVPHXZWk9/w8ftsHaWB1NvXZkRABqTBI04Cog
/uH6Tc4tT+d5l9KWTX9sZzK4hIW4cFxaOOt8tI7HjKQ9f7xfSlonFIi2//s0f2UD
KvE1+GwaBvJTmwdjn/XFqMGhwSvafvX9Ha5E1YAINHKqYKR2CioROor6OpEAMsJS
KPYVg8NJhwc6VmmuX8aWGNzunJbHfFSw1QAuB8CLubv11OCNznlEfUesFrNseyEK
6FykuyjWdgOUfNcnHsdbiXUnrK3JVtjZYmA3z3558gJU3md/bm7sa+Zm3IyWkVHU
wvULlGdJWrpgUqti9O5F44i/SLiMUXMT6ZGgSaZ6BcCI
-----END CERTIFICATE-----