Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/BLfbVVmaq2ag9bIaorjqkPMmKiw.roa
File:                     BLfbVVmaq2ag9bIaorjqkPMmKiw.roa (raw, json)
Hash identifier:          k0p49TspD7645ouxQaObx+MgLGOSCm2kZB1xuFSz9Tg=
Subject key identifier:   04:B7:DB:55:59:9A:AB:66:A0:F5:B2:1A:A2:B8:EA:90:F3:26:2A:2C
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0199FB265C76FFFCDF7FD4E12A4D2B5B6539
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/BLfbVVmaq2ag9bIaorjqkPMmKiw.roa
Signing time:             Sun 19 Oct 2025 06:26:59 +0000
ROA not before:           Sun 19 Oct 2025 06:26:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137897
IP address blocks:        89.42.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:04:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fb:26:5c:76:ff:fc:df:7f:d4:e1:2a:4d:2b:5b:65:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 19 06:26:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04b7db55599aab66a0f5b21aa2b8ea90f3262a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:72:d5:36:97:53:49:cd:16:e9:18:c8:a6:21:
                    ee:71:7f:9d:3e:5a:a5:f8:72:3e:a7:89:cc:dc:8d:
                    2e:3e:ba:c9:cf:bb:b4:c7:1d:32:f9:66:bd:dd:64:
                    15:11:b7:15:4c:76:1b:5e:d0:21:6b:1c:03:c4:45:
                    22:c1:0f:db:f7:a1:46:4e:ac:6e:40:34:ee:cb:20:
                    2a:b3:6b:ca:1e:58:01:0a:bd:ca:32:63:91:51:66:
                    e6:0a:c8:a1:3f:d4:fb:29:c2:9b:02:5c:4b:94:49:
                    5b:44:f5:76:fd:aa:b4:b4:f1:00:89:0f:bf:d7:59:
                    64:49:5f:70:c5:4d:9a:c7:9d:7a:bf:be:ac:dd:16:
                    e4:19:fe:64:bd:c9:4d:e5:18:68:ed:c8:df:07:f4:
                    71:9f:2f:eb:a2:99:fc:67:0d:16:15:5c:a2:5a:5e:
                    b5:c2:51:5b:54:27:91:87:04:41:2b:e5:8c:0b:d4:
                    a0:91:b9:b7:13:1c:40:c7:87:c6:58:3c:78:89:76:
                    72:24:21:52:f4:85:6b:d9:a2:4d:ff:22:be:3e:94:
                    be:4e:02:d7:fb:83:b5:bd:a0:5d:42:50:26:fe:d9:
                    77:ae:6d:ff:24:5f:51:28:79:f4:51:84:29:5e:e6:
                    74:11:37:ab:ec:de:67:9d:d1:09:b8:21:da:c3:1c:
                    59:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B7:DB:55:59:9A:AB:66:A0:F5:B2:1A:A2:B8:EA:90:F3:26:2A:2C
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/BLfbVVmaq2ag9bIaorjqkPMmKiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:d5:69:71:84:94:3e:7a:29:be:90:ee:85:a0:20:d7:03:00:
         b8:9f:ad:0a:56:8e:f7:9a:d0:10:7a:66:df:fd:f8:c4:ae:57:
         ce:01:86:ca:e7:9b:50:a6:94:43:03:27:43:b2:2e:26:ea:95:
         c6:d7:76:34:56:ce:ba:8d:10:5b:87:91:e7:87:10:3b:2f:3d:
         9b:6c:8d:5f:54:73:78:42:fd:df:28:eb:dd:b7:9f:44:01:02:
         4e:58:56:46:5c:7a:5b:a8:e2:70:aa:a2:64:d5:be:64:4b:59:
         08:18:3a:ec:be:7e:a2:15:12:05:49:6b:f3:14:af:6b:7f:20:
         ed:78:15:7a:b8:09:30:bc:32:3a:ce:a5:6c:42:c3:49:1c:03:
         71:1e:b9:52:99:0b:30:6b:13:7d:df:55:a0:08:72:37:b1:6a:
         3c:17:7b:89:73:30:8f:06:27:72:8e:5a:a1:2f:65:b7:4d:21:
         6f:91:d3:c6:bc:94:cd:dc:d8:ad:1e:62:56:f4:6c:41:ed:81:
         b8:ef:06:12:89:bb:a6:7c:1e:d1:87:6b:96:44:a3:5e:f8:19:
         12:26:a5:79:a9:c1:10:5d:fa:4b:36:a0:e7:fb:6b:b7:d1:43:
         85:06:3e:e0:89:cc:e4:73:c3:e6:af:c7:4b:02:37:60:39:55:
         c5:a0:4a:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn7Jlx2//zff9ThKk0rW2U5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUxMDE5MDYyNjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGI3ZGI1NTU5OWFhYjY2YTBmNWIyMWFhMmI4ZWE5MGYzMjYyYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3LVNpdTSc0W6RjIpiHucX+dPlql
+HI+p4nM3I0uPrrJz7u0xx0y+Wa93WQVEbcVTHYbXtAhaxwDxEUiwQ/b96FGTqxu
QDTuyyAqs2vKHlgBCr3KMmORUWbmCsihP9T7KcKbAlxLlElbRPV2/aq0tPEAiQ+/
11lkSV9wxU2ax516v76s3RbkGf5kvclN5Rho7cjfB/Rxny/ropn8Zw0WFVyiWl61
wlFbVCeRhwRBK+WMC9Sgkbm3ExxAx4fGWDx4iXZyJCFS9IVr2aJN/yK+PpS+TgLX
+4O1vaBdQlAm/tl3rm3/JF9RKHn0UYQpXuZ0ETer7N5nndEJuCHawxxZmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAS321VZmqtmoPWyGqK46pDzJiosMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvQkxmYlZWbWFxMmFnOWJJYW9yanFrUE1tS2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSpXMA0G
CSqGSIb3DQEBCwUAA4IBAQBT1WlxhJQ+eim+kO6FoCDXAwC4n60KVo73mtAQembf
/fjErlfOAYbK55tQppRDAydDsi4m6pXG13Y0Vs66jRBbh5HnhxA7Lz2bbI1fVHN4
Qv3fKOvdt59EAQJOWFZGXHpbqOJwqqJk1b5kS1kIGDrsvn6iFRIFSWvzFK9rfyDt
eBV6uAkwvDI6zqVsQsNJHANxHrlSmQswaxN931WgCHI3sWo8F3uJczCPBidyjlqh
L2W3TSFvkdPGvJTN3NitHmJW9GxB7YG47wYSibumfB7Rh2uWRKNe+BkSJqV5qcEQ
XfpLNqDn+2u30UOFBj7giczkc8Pmr8dLAjdgOVXFoErJ
-----END CERTIFICATE-----