Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/RzWktUnWleyuAASpHpH94KSShkY.roa
File:                     RzWktUnWleyuAASpHpH94KSShkY.roa (raw, json)
Hash identifier:          BoPLXDFgsIgaZzKNJy1XCZ2/akxih7lLoVGkf52tsHE=
Subject key identifier:   47:35:A4:B5:49:D6:95:EC:AE:00:04:A9:1E:91:FD:E0:A4:92:86:46
Certificate issuer:       /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial:       019878E28A12D550B3930C2921515FA8529F
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/RzWktUnWleyuAASpHpH94KSShkY.roa
Signing time:             Tue 05 Aug 2025 06:19:28 +0000
ROA not before:           Tue 05 Aug 2025 06:19:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12357
IP address blocks:        89.140.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:78:e2:8a:12:d5:50:b3:93:0c:29:21:51:5f:a8:52:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
        Validity
            Not Before: Aug  5 06:19:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4735a4b549d695ecae0004a91e91fde0a4928646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:70:42:da:06:2a:56:17:2a:7b:4f:7c:d5:2d:
                    5c:53:76:bc:13:71:dc:bd:3f:98:2a:d0:03:23:8c:
                    e3:42:94:6e:29:23:53:01:08:3e:7f:ba:7a:eb:c4:
                    c8:22:da:b6:ed:08:c4:ec:71:da:53:14:b0:63:5a:
                    3d:22:6e:b9:bc:28:20:a8:a2:53:0e:6d:91:ec:7b:
                    83:77:b0:c2:e3:b3:d3:4a:e4:a2:1f:c2:a2:c7:20:
                    e4:df:35:2c:f5:29:d2:8d:48:62:bc:fa:6e:bc:e9:
                    ba:0b:e2:6d:f9:ac:6b:04:4f:79:8b:c4:0a:3f:46:
                    dd:b7:da:0e:65:82:8e:5e:89:4e:58:ec:cc:e9:0f:
                    4b:ce:41:9e:0f:e8:66:e5:b7:f0:03:da:a6:8a:d5:
                    76:02:8f:c7:38:27:e8:6e:89:60:2e:29:11:9c:b1:
                    3a:40:19:4e:b3:dd:e0:b1:cf:70:eb:fe:b5:e6:9c:
                    70:c4:23:55:f4:28:85:83:0f:29:08:01:5e:38:06:
                    83:49:e1:53:b0:ba:cf:4e:57:88:2e:13:c8:4d:4a:
                    91:bd:c0:5e:21:cf:d4:f3:68:dc:6e:e9:4a:e1:35:
                    f9:73:d8:7f:ee:98:70:5c:e0:0d:ca:21:6d:92:10:
                    93:ea:63:99:37:0a:62:f5:44:02:c8:69:25:33:d9:
                    f8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:35:A4:B5:49:D6:95:EC:AE:00:04:A9:1E:91:FD:E0:A4:92:86:46
            X509v3 Authority Key Identifier:
                keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/RzWktUnWleyuAASpHpH94KSShkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.140.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:4c:5e:31:0e:76:b1:3d:88:20:d7:a9:63:52:e4:64:da:7b:
         5e:34:c3:1d:f6:50:c1:6c:16:cb:78:e8:10:1c:40:52:90:af:
         4f:eb:b6:e9:d4:87:37:9c:7d:3c:be:f4:c8:18:e2:59:21:d1:
         cb:57:12:09:75:f0:49:32:35:69:6f:0b:af:20:c8:b1:38:c2:
         95:16:6e:f4:ff:a0:d8:ff:c7:7d:62:91:86:d9:0b:2d:07:e3:
         e5:03:36:b3:8f:0b:6d:a4:e4:3f:ae:cd:d1:49:9e:f9:e4:71:
         8f:90:f5:30:f6:5f:14:f3:ee:a9:09:75:cb:32:d6:22:df:25:
         f4:0e:fd:66:e2:f9:dd:8d:92:8c:27:bb:95:5e:28:9b:8b:23:
         7c:55:19:c0:c8:c0:cd:e5:78:61:9d:12:4b:54:3f:3b:6a:d5:
         8a:15:9d:66:16:09:51:d0:a3:46:1e:38:f0:99:93:2f:96:21:
         ef:fd:80:cb:62:c9:b8:c6:55:4e:61:b5:d3:96:6d:01:db:2c:
         c8:d2:8c:ce:a2:d0:8b:09:90:a9:51:5d:c5:5a:9c:e4:0e:5c:
         d2:fc:08:38:97:62:b3:e4:99:65:83:56:06:ae:29:0b:70:e5:
         73:0e:81:01:b3:79:01:93:9d:0d:5d:9b:eb:7f:f3:97:d3:25:
         46:23:10:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh44ooS1VCzkwwpIVFfqFKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjUwODA1MDYxOTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM1YTRiNTQ5ZDY5NWVjYWUwMDA0YTkxZTkxZmRlMGE0OTI4NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHBC2gYqVhcqe0981S1cU3a8E3Hc
vT+YKtADI4zjQpRuKSNTAQg+f7p668TIItq27QjE7HHaUxSwY1o9Im65vCggqKJT
Dm2R7HuDd7DC47PTSuSiH8KixyDk3zUs9SnSjUhivPpuvOm6C+Jt+axrBE95i8QK
P0bdt9oOZYKOXolOWOzM6Q9LzkGeD+hm5bfwA9qmitV2Ao/HOCfobolgLikRnLE6
QBlOs93gsc9w6/615pxwxCNV9CiFgw8pCAFeOAaDSeFTsLrPTleILhPITUqRvcBe
Ic/U82jcbulK4TX5c9h/7phwXOANyiFtkhCT6mOZNwpi9UQCyGklM9n4GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEc1pLVJ1pXsrgAEqR6R/eCkkoZGMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvUnpXa3RVbldsZXl1QUFTcEhwSDk0S1NTaGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWYwXMA0G
CSqGSIb3DQEBCwUAA4IBAQAlTF4xDnaxPYgg16ljUuRk2nteNMMd9lDBbBbLeOgQ
HEBSkK9P67bp1Ic3nH08vvTIGOJZIdHLVxIJdfBJMjVpbwuvIMixOMKVFm70/6DY
/8d9YpGG2QstB+PlAzazjwttpOQ/rs3RSZ755HGPkPUw9l8U8+6pCXXLMtYi3yX0
Dv1m4vndjZKMJ7uVXiibiyN8VRnAyMDN5XhhnRJLVD87atWKFZ1mFglR0KNGHjjw
mZMvliHv/YDLYsm4xlVOYbXTlm0B2yzI0ozOotCLCZCpUV3FWpzkDlzS/Ag4l2Kz
5Jllg1YGrikLcOVzDoEBs3kBk50NXZvrf/OX0yVGIxBw
-----END CERTIFICATE-----