Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2CKXTIUeWVFrc5MuQlSPnsMjMcQ.roa
File:                     2CKXTIUeWVFrc5MuQlSPnsMjMcQ.roa (raw, json)
Hash identifier:          Fp9/aaUOQpB6m8jl4qHblV0o3HnCo13JoOPCkLrdGQ0=
Subject key identifier:   D8:22:97:4C:85:1E:59:51:6B:73:93:2E:42:54:8F:9E:C3:23:31:C4
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0199A8D5B96079EA73CC3394FB6F3AB0017F
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2CKXTIUeWVFrc5MuQlSPnsMjMcQ.roa
Signing time:             Fri 03 Oct 2025 06:50:02 +0000
ROA not before:           Fri 03 Oct 2025 06:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        89.42.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a8:d5:b9:60:79:ea:73:cc:33:94:fb:6f:3a:b0:01:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct  3 06:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d822974c851e59516b73932e42548f9ec32331c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:da:46:3b:36:bf:57:6b:ce:ef:2e:94:44:b4:
                    07:ae:ed:35:3a:f2:ba:5e:23:b8:6f:bc:db:3c:9c:
                    00:bf:42:13:1d:ce:57:2e:e9:b6:d1:16:8a:b9:4e:
                    7b:80:63:c4:41:d9:a3:71:f7:6d:c5:27:53:ce:06:
                    f0:1f:27:fc:fa:8b:57:71:47:2b:93:77:84:ac:50:
                    d5:f5:46:3a:e7:ab:0a:96:1d:ab:8d:2f:5a:45:fe:
                    f2:08:56:6f:af:cb:d2:9a:48:89:ca:90:f1:1a:dd:
                    f4:c3:86:73:6d:4a:ad:b6:fe:bf:66:69:0b:a0:0f:
                    ea:67:6e:e5:23:0f:25:bb:cc:16:6c:56:28:64:a3:
                    63:5a:f3:21:40:90:b3:db:a6:b7:ec:ec:f4:41:46:
                    1c:3b:0a:99:26:e6:ab:54:49:ca:2d:55:f9:c5:f1:
                    27:30:64:e5:33:75:59:77:be:85:0d:cf:e1:e9:e6:
                    33:05:73:c8:65:9b:ff:c9:ed:8d:84:92:cb:fd:61:
                    26:b9:94:25:f8:39:a8:3f:c1:ef:99:31:69:dc:5c:
                    18:bb:1e:8a:13:8a:cb:fe:60:0a:a6:1f:69:37:93:
                    d7:9c:2b:c9:30:c8:95:1d:ec:2f:5f:cd:7d:16:47:
                    28:a6:ab:cf:32:61:fd:0c:00:ea:aa:87:9c:09:7e:
                    20:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:22:97:4C:85:1E:59:51:6B:73:93:2E:42:54:8F:9E:C3:23:31:C4
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2CKXTIUeWVFrc5MuQlSPnsMjMcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:74:ec:88:65:e9:bf:1f:8d:cf:23:0e:9a:47:b4:8b:29:5a:
         85:60:ce:bf:31:21:f1:25:80:4d:3c:38:15:fd:dc:30:97:86:
         e7:33:e8:74:0d:3e:3a:81:a1:5a:fd:1b:d9:fd:16:a1:d3:d3:
         71:f4:43:cf:ef:8e:88:75:d2:17:a2:1c:d6:52:e5:32:f7:02:
         01:d5:05:21:a7:79:65:fb:27:5d:53:e3:96:a1:9c:5c:38:e1:
         29:30:55:5c:7c:19:ab:5e:fc:e9:92:19:56:9b:09:2b:76:c0:
         f2:c6:a2:bc:7d:f3:b6:82:be:d2:08:81:03:ab:3b:a1:30:de:
         22:41:7a:64:01:4d:99:46:25:79:52:3a:11:4d:4b:58:49:52:
         ad:e2:37:a0:ea:af:5a:3f:e4:66:0d:d7:8d:19:5c:b2:9b:af:
         bf:5a:ff:ab:a1:b1:f8:60:88:d5:8a:87:42:bf:31:71:f9:cf:
         a8:9a:de:0c:4a:8b:78:bc:b2:93:a4:9e:4a:65:9e:4e:11:71:
         dd:55:bb:63:04:18:68:52:12:3c:cf:7a:78:4c:15:52:ed:94:
         2b:12:5f:50:cc:00:3a:f0:9d:a2:09:dc:f1:e8:83:38:7c:d8:
         0d:9c:61:81:1d:60:c6:cd:0f:10:02:16:46:cb:23:87:13:82:
         16:0f:f7:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmo1blgeepzzDOU+286sAF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUxMDAzMDY1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODIyOTc0Yzg1MWU1OTUxNmI3MzkzMmU0MjU0OGY5ZWMzMjMzMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdpGOza/V2vO7y6URLQHru01OvK6
XiO4b7zbPJwAv0ITHc5XLum20RaKuU57gGPEQdmjcfdtxSdTzgbwHyf8+otXcUcr
k3eErFDV9UY656sKlh2rjS9aRf7yCFZvr8vSmkiJypDxGt30w4ZzbUqttv6/ZmkL
oA/qZ27lIw8lu8wWbFYoZKNjWvMhQJCz26a37Oz0QUYcOwqZJuarVEnKLVX5xfEn
MGTlM3VZd76FDc/h6eYzBXPIZZv/ye2NhJLL/WEmuZQl+DmoP8HvmTFp3FwYux6K
E4rL/mAKph9pN5PXnCvJMMiVHewvX819FkcopqvPMmH9DADqqoecCX4g4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgil0yFHllRa3OTLkJUj57DIzHEMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvMkNLWFRJVWVXVkZyYzVNdVFsU1Buc01qTWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSpbMA0G
CSqGSIb3DQEBCwUAA4IBAQBSdOyIZem/H43PIw6aR7SLKVqFYM6/MSHxJYBNPDgV
/dwwl4bnM+h0DT46gaFa/RvZ/Rah09Nx9EPP746IddIXohzWUuUy9wIB1QUhp3ll
+yddU+OWoZxcOOEpMFVcfBmrXvzpkhlWmwkrdsDyxqK8ffO2gr7SCIEDqzuhMN4i
QXpkAU2ZRiV5UjoRTUtYSVKt4jeg6q9aP+RmDdeNGVyym6+/Wv+robH4YIjViodC
vzFx+c+omt4MSot4vLKTpJ5KZZ5OEXHdVbtjBBhoUhI8z3p4TBVS7ZQrEl9QzAA6
8J2iCdzx6IM4fNgNnGGBHWDGzQ8QAhZGyyOHE4IWD/fK
-----END CERTIFICATE-----