Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Eavf89J47CsYsa1ZGbw0DAf2Y0Y.roa
File:                     Eavf89J47CsYsa1ZGbw0DAf2Y0Y.roa (raw, json)
Hash identifier:          VeGxzEkHBW9kpvQrRNwuE4I16lZz+f7O18C6i2evnIc=
Subject key identifier:   11:AB:DF:F3:D2:78:EC:2B:18:B1:AD:59:19:BC:34:0C:07:F6:63:46
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01989812C9497960D7156EC49DC531688222
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Eavf89J47CsYsa1ZGbw0DAf2Y0Y.roa
Signing time:             Mon 11 Aug 2025 07:40:24 +0000
ROA not before:           Mon 11 Aug 2025 07:40:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64289
IP address blocks:        93.114.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:12:c9:49:79:60:d7:15:6e:c4:9d:c5:31:68:82:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Aug 11 07:40:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11abdff3d278ec2b18b1ad5919bc340c07f66346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e4:49:43:83:37:cf:37:71:fd:1a:95:dc:cd:
                    b2:5e:b0:c8:09:60:ab:3b:1d:83:f4:b3:e7:92:7b:
                    2f:9c:da:e4:f9:14:31:a0:7a:5c:7c:cc:ad:79:9a:
                    04:78:a8:7a:c2:11:b3:f3:ea:71:d4:90:91:de:0a:
                    74:b4:84:45:ad:8c:03:c8:a3:6b:24:06:15:db:83:
                    d6:af:ff:29:78:46:87:b6:95:40:b0:28:40:95:6d:
                    08:85:28:9f:ed:99:17:d3:be:e4:48:f4:97:4f:4f:
                    bd:d9:3a:c2:bf:81:84:73:b9:b6:74:45:59:21:a2:
                    e3:f1:30:e5:97:65:ef:44:28:91:08:44:c1:ac:7b:
                    81:e2:86:01:f0:8f:ce:01:0f:8a:dd:ca:c6:af:ea:
                    ef:69:e9:14:3a:20:18:b9:30:41:40:f8:5b:9f:3e:
                    4b:2c:a0:39:73:c6:43:f1:7f:10:f1:fc:61:19:5d:
                    37:fe:c7:b4:4a:7a:42:a5:f8:72:e4:e6:6e:52:a3:
                    94:21:b5:fd:53:83:34:10:ca:8f:e4:72:60:c6:1e:
                    69:87:39:a8:a8:a9:1f:2b:06:49:10:fa:f2:40:f3:
                    bf:91:59:51:68:71:6a:8a:60:e7:8a:c6:96:64:24:
                    90:36:a4:94:ff:de:90:d1:e8:8e:09:80:6e:1a:1b:
                    cd:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:AB:DF:F3:D2:78:EC:2B:18:B1:AD:59:19:BC:34:0C:07:F6:63:46
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Eavf89J47CsYsa1ZGbw0DAf2Y0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:f8:31:4c:54:3d:e7:96:40:3b:66:80:6a:eb:9c:a5:ea:f1:
         74:42:89:7f:b0:52:3a:5b:e2:d3:07:eb:2a:14:74:66:c4:2f:
         a8:64:dd:91:7d:e9:e5:6d:f8:63:e7:84:72:50:32:7c:d4:a2:
         39:85:56:aa:a8:6e:ce:a2:ba:74:ff:68:60:9d:5a:70:0d:24:
         7a:fc:a7:ca:7d:a0:bd:88:60:53:94:01:7f:c7:be:91:41:85:
         1f:1d:dd:48:46:39:c7:3f:e1:8a:ea:93:69:ac:55:1e:5e:17:
         7e:33:ad:32:5f:e2:a8:4c:05:79:df:7a:47:5c:cb:f2:2c:97:
         67:df:39:05:1a:98:41:2b:63:f6:6f:99:93:87:72:45:9c:ed:
         16:0a:3b:8a:dc:d1:55:24:d4:e2:25:1f:6d:5e:74:80:31:65:
         e4:1c:ca:fd:34:93:e9:76:de:3d:8f:1b:d1:23:4a:00:bd:c3:
         bb:e6:90:00:1d:45:c9:07:25:1c:81:36:40:98:50:7d:7c:41:
         c0:99:34:72:1e:39:eb:9a:54:c5:e1:b1:b7:2e:99:0a:ff:74:
         06:4e:b2:63:bf:3b:d9:4a:69:35:6d:43:93:c6:f3:8d:3d:43:
         6a:2e:ba:f7:01:d9:94:43:ec:a0:ba:6a:3c:26:d6:d5:f5:b4:
         b0:0a:bb:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYEslJeWDXFW7EncUxaIIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwODExMDc0MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWFiZGZmM2QyNzhlYzJiMThiMWFkNTkxOWJjMzQwYzA3ZjY2MzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uRJQ4M3zzdx/RqV3M2yXrDICWCr
Ox2D9LPnknsvnNrk+RQxoHpcfMyteZoEeKh6whGz8+px1JCR3gp0tIRFrYwDyKNr
JAYV24PWr/8peEaHtpVAsChAlW0IhSif7ZkX077kSPSXT0+92TrCv4GEc7m2dEVZ
IaLj8TDll2XvRCiRCETBrHuB4oYB8I/OAQ+K3crGr+rvaekUOiAYuTBBQPhbnz5L
LKA5c8ZD8X8Q8fxhGV03/se0SnpCpfhy5OZuUqOUIbX9U4M0EMqP5HJgxh5phzmo
qKkfKwZJEPryQPO/kVlRaHFqimDnisaWZCSQNqSU/96Q0eiOCYBuGhvNUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGr3/PSeOwrGLGtWRm8NAwH9mNGMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvRWF2Zjg5SjQ3Q3NZc2ExWkdidzBEQWYyWTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXJIMA0G
CSqGSIb3DQEBCwUAA4IBAQBY+DFMVD3nlkA7ZoBq65yl6vF0Qol/sFI6W+LTB+sq
FHRmxC+oZN2Rfenlbfhj54RyUDJ81KI5hVaqqG7Oorp0/2hgnVpwDSR6/KfKfaC9
iGBTlAF/x76RQYUfHd1IRjnHP+GK6pNprFUeXhd+M60yX+KoTAV533pHXMvyLJdn
3zkFGphBK2P2b5mTh3JFnO0WCjuK3NFVJNTiJR9tXnSAMWXkHMr9NJPpdt49jxvR
I0oAvcO75pAAHUXJByUcgTZAmFB9fEHAmTRyHjnrmlTF4bG3LpkK/3QGTrJjvzvZ
Smk1bUOTxvONPUNqLrr3AdmUQ+ygumo8JtbV9bSwCrtz
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:57:29 2025 by rpki-client