Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3LIzDFWhqiXhkT2BUPzSp09JFnM.roa
File:                     3LIzDFWhqiXhkT2BUPzSp09JFnM.roa (raw, json)
Hash identifier:          k3it2iRR1Hn0UZ8tqupTRlrh19RdhNZuE8GTG/x/pAs=
Subject key identifier:   DC:B2:33:0C:55:A1:AA:25:E1:91:3D:81:50:FC:D2:A7:4F:49:16:73
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01979139F29036244FC4B7948967BE949174
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3LIzDFWhqiXhkT2BUPzSp09JFnM.roa
Signing time:             Sat 21 Jun 2025 06:43:03 +0000
ROA not before:           Sat 21 Jun 2025 06:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        89.47.114.0/24 maxlen: 24
                          93.114.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:91:39:f2:90:36:24:4f:c4:b7:94:89:67:be:94:91:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jun 21 06:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcb2330c55a1aa25e1913d8150fcd2a74f491673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c1:b4:4f:69:67:ba:f1:13:39:02:2f:fe:b5:
                    a6:43:81:1a:72:6e:58:f0:74:a9:e4:51:7d:4a:99:
                    59:5d:ac:15:75:9c:e6:9b:ba:fc:6d:b9:bf:c0:ab:
                    ad:f6:66:18:ec:b7:3f:01:fa:64:6e:15:32:2d:ae:
                    30:0c:12:c2:83:c7:03:f9:c9:5a:40:86:8b:a1:c3:
                    bd:3c:8e:62:cc:b0:d1:43:64:a9:dc:1d:11:d0:4f:
                    95:e6:ff:35:e6:ae:88:d6:9e:05:4a:cc:62:38:2f:
                    9e:37:4b:e2:07:00:8e:2e:40:f4:27:85:45:16:09:
                    89:8e:45:17:fd:7e:29:b7:6c:71:cd:22:72:8c:7e:
                    7f:4d:88:d5:3f:a3:c9:96:1e:9c:c1:fa:26:97:40:
                    3d:94:58:05:ff:af:7b:16:3b:cd:8d:ac:d0:dc:1d:
                    4e:34:a9:f3:1d:7c:df:52:08:c5:4a:b7:12:2b:59:
                    31:31:c1:c4:ea:ab:50:76:85:e0:dc:5f:49:cd:bb:
                    d9:1b:5b:d9:81:2e:f2:af:bf:37:af:3f:76:34:27:
                    48:18:29:8d:56:90:67:fa:f2:81:5f:98:fe:70:a8:
                    ab:75:bb:8b:92:f8:86:6f:45:5e:f9:a2:23:a7:e0:
                    61:12:10:6b:3b:d2:d0:5a:b0:d9:16:3a:70:ea:b0:
                    eb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B2:33:0C:55:A1:AA:25:E1:91:3D:81:50:FC:D2:A7:4F:49:16:73
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3LIzDFWhqiXhkT2BUPzSp09JFnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.114.0/24
                  93.114.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:66:53:0c:10:15:07:e3:ed:95:76:6d:aa:47:31:b7:4b:de:
         f5:8a:81:79:7a:24:fb:aa:58:bc:64:0e:0a:6c:ad:a3:f7:f5:
         9e:8c:a2:ae:5e:e2:b6:af:02:ae:c0:90:8b:e5:08:9c:38:11:
         03:e6:85:24:80:6c:b8:0d:24:a6:95:46:cc:00:57:1e:ed:db:
         9d:5e:68:f0:38:0c:17:77:98:e1:b7:5b:bc:37:58:96:cb:ac:
         cb:14:c9:8c:0d:83:06:ee:71:54:a9:86:58:99:b4:75:43:12:
         35:fc:be:be:fa:1d:29:d9:be:bb:85:ef:f8:54:9d:c2:b2:8f:
         34:11:d0:ad:36:c2:87:d7:38:04:bc:52:18:6d:e7:d1:19:57:
         21:71:7e:33:23:cf:7f:bf:4f:d5:49:be:38:9c:9a:36:7b:5a:
         f1:fc:0b:34:76:79:a0:11:c4:36:2b:22:c2:1a:43:79:78:5f:
         6a:d4:f5:fa:8f:41:a1:77:a3:32:c1:6e:20:ef:90:dd:fd:d8:
         3e:ca:0a:16:76:0d:a3:e6:81:3c:c5:20:33:0d:43:5f:54:9c:
         e8:fc:4a:ce:83:95:1e:72:1c:96:8a:25:c9:c6:3d:04:10:e5:
         a7:2a:34:46:01:bd:32:dc:4b:ad:b8:cd:0c:9a:e8:1d:9d:14:
         a8:32:0a:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeROfKQNiRPxLeUiWe+lJF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwNjIxMDY0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2IyMzMwYzU1YTFhYTI1ZTE5MTNkODE1MGZjZDJhNzRmNDkxNjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8G0T2lnuvETOQIv/rWmQ4Eacm5Y
8HSp5FF9SplZXawVdZzmm7r8bbm/wKut9mYY7Lc/AfpkbhUyLa4wDBLCg8cD+cla
QIaLocO9PI5izLDRQ2Sp3B0R0E+V5v815q6I1p4FSsxiOC+eN0viBwCOLkD0J4VF
FgmJjkUX/X4pt2xxzSJyjH5/TYjVP6PJlh6cwfoml0A9lFgF/697FjvNjazQ3B1O
NKnzHXzfUgjFSrcSK1kxMcHE6qtQdoXg3F9JzbvZG1vZgS7yr783rz92NCdIGCmN
VpBn+vKBX5j+cKirdbuLkviGb0Ve+aIjp+BhEhBrO9LQWrDZFjpw6rDrCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNyyMwxVoaol4ZE9gVD80qdPSRZzMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvM0xJekRGV2hxaVhoa1QyQlVQelNwMDlKRm5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS9yAwQA
XXJJMA0GCSqGSIb3DQEBCwUAA4IBAQBUZlMMEBUH4+2Vdm2qRzG3S971ioF5eiT7
qli8ZA4KbK2j9/WejKKuXuK2rwKuwJCL5QicOBED5oUkgGy4DSSmlUbMAFce7dud
XmjwOAwXd5jht1u8N1iWy6zLFMmMDYMG7nFUqYZYmbR1QxI1/L6++h0p2b67he/4
VJ3Cso80EdCtNsKH1zgEvFIYbefRGVchcX4zI89/v0/VSb44nJo2e1rx/As0dnmg
EcQ2KyLCGkN5eF9q1PX6j0Ghd6MywW4g75Dd/dg+ygoWdg2j5oE8xSAzDUNfVJzo
/ErOg5UechyWiiXJxj0EEOWnKjRGAb0y3EutuM0MmugdnRSoMgr8
-----END CERTIFICATE-----