Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TFi0UWSbvINYMMB8-LjWjYIA8Lk.roa
File:                     TFi0UWSbvINYMMB8-LjWjYIA8Lk.roa (raw, json)
Hash identifier:          b29zqa873AC8X1l9t2v+KAtgOosxHJonuozV+LUOF94=
Subject key identifier:   4C:58:B4:51:64:9B:BC:83:58:30:C0:7C:F8:B8:D6:8D:82:00:F0:B9
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0198C89CEDAA7EA827B909838B1A8418552A
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TFi0UWSbvINYMMB8-LjWjYIA8Lk.roa
Signing time:             Wed 20 Aug 2025 17:53:04 +0000
ROA not before:           Wed 20 Aug 2025 17:53:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c8:9c:ed:aa:7e:a8:27:b9:09:83:8b:1a:84:18:55:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Aug 20 17:53:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c58b451649bbc835830c07cf8b8d68d8200f0b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:44:29:e5:f1:3a:bf:d2:2a:32:f4:e9:61:83:
                    6e:2a:42:df:46:8c:39:d2:8d:d0:a6:09:08:90:26:
                    43:a8:12:67:35:02:6a:67:ef:df:31:5e:08:10:1f:
                    37:79:d9:23:b5:eb:63:b3:ec:a5:d9:fd:a7:e2:e8:
                    05:06:0b:f8:5a:fb:9b:62:d8:57:31:d9:35:4f:99:
                    55:98:98:8c:5e:74:5f:8b:f6:36:94:27:48:15:ed:
                    70:09:8d:72:6b:72:a1:b0:5d:66:23:06:18:81:72:
                    ca:b9:cb:de:60:24:46:f2:ff:81:30:f7:5f:d0:d7:
                    c0:4f:19:60:2e:a1:76:a9:5b:93:95:9a:2d:0a:b5:
                    23:e9:5a:78:fc:89:2f:54:2d:6e:81:23:32:f0:fc:
                    af:17:a0:3e:f5:c8:bc:8e:ca:a0:8b:93:00:37:be:
                    66:8e:2d:49:bb:d2:d7:dd:74:69:a0:39:64:66:38:
                    7d:0f:86:7b:27:21:77:83:8f:d0:da:fc:6a:45:22:
                    14:e9:03:9e:ff:63:fd:52:94:66:90:5f:d5:ca:cb:
                    24:61:fb:93:e3:a8:3f:d8:5a:22:16:c0:30:cf:a6:
                    3e:d4:1e:49:3c:8f:ce:f9:91:c4:96:bc:bd:57:ed:
                    72:65:f6:f7:7a:87:7a:9c:2e:b8:36:0e:95:14:c3:
                    45:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:58:B4:51:64:9B:BC:83:58:30:C0:7C:F8:B8:D6:8D:82:00:F0:B9
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TFi0UWSbvINYMMB8-LjWjYIA8Lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:99:83:3d:c7:15:ee:dc:63:7f:d7:b6:b6:96:2d:49:ef:b8:
         24:b5:3a:60:b9:43:ce:ed:45:9f:90:47:9a:15:98:cc:e0:af:
         27:64:26:93:25:fb:f9:58:7d:87:c0:77:e9:6e:c3:03:ae:1b:
         8f:96:38:79:88:c2:33:82:68:3b:75:08:7a:4f:5f:41:1c:be:
         e7:56:a3:19:2c:74:a8:a3:11:86:58:d8:1f:df:3a:b1:7e:a2:
         e3:80:b3:3c:e7:91:a8:30:74:f9:64:f5:75:68:1d:ce:29:32:
         de:9c:5b:4c:20:52:b8:fa:1a:3f:15:8c:83:70:51:92:d3:b0:
         4f:a4:1f:54:3f:f9:3a:3b:a0:18:4c:13:02:f5:d6:4e:20:3a:
         5e:23:dd:22:b4:58:cd:e7:76:3c:2d:b9:8c:1f:0c:48:33:47:
         34:89:17:d2:37:1c:9d:6f:79:a8:44:77:3c:7e:61:e6:f2:a1:
         81:02:3b:b0:30:de:be:57:d9:0f:cd:43:48:8e:bc:a9:68:ad:
         3a:f3:26:41:ed:e2:94:5c:7b:e8:94:22:09:6a:f8:9d:f6:44:
         75:ef:d6:21:b5:e7:4d:7e:34:0c:76:6d:72:fe:f7:fd:84:b9:
         16:60:2a:40:5c:5d:54:af:36:33:1f:23:a0:50:d9:82:12:b0:
         75:54:c4:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjInO2qfqgnuQmDixqEGFUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwODIwMTc1MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzU4YjQ1MTY0OWJiYzgzNTgzMGMwN2NmOGI4ZDY4ZDgyMDBmMGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkQp5fE6v9IqMvTpYYNuKkLfRow5
0o3QpgkIkCZDqBJnNQJqZ+/fMV4IEB83edkjtetjs+yl2f2n4ugFBgv4WvubYthX
Mdk1T5lVmJiMXnRfi/Y2lCdIFe1wCY1ya3KhsF1mIwYYgXLKucveYCRG8v+BMPdf
0NfATxlgLqF2qVuTlZotCrUj6Vp4/IkvVC1ugSMy8PyvF6A+9ci8jsqgi5MAN75m
ji1Ju9LX3XRpoDlkZjh9D4Z7JyF3g4/Q2vxqRSIU6QOe/2P9UpRmkF/VysskYfuT
46g/2FoiFsAwz6Y+1B5JPI/O+ZHElry9V+1yZfb3eod6nC64Ng6VFMNF+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExYtFFkm7yDWDDAfPi41o2CAPC5MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvVEZpMFVXU2J2SU5ZTU1COC1MaldqWUlBOExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSpSMA0G
CSqGSIb3DQEBCwUAA4IBAQB3mYM9xxXu3GN/17a2li1J77gktTpguUPO7UWfkEea
FZjM4K8nZCaTJfv5WH2HwHfpbsMDrhuPljh5iMIzgmg7dQh6T19BHL7nVqMZLHSo
oxGGWNgf3zqxfqLjgLM855GoMHT5ZPV1aB3OKTLenFtMIFK4+ho/FYyDcFGS07BP
pB9UP/k6O6AYTBMC9dZOIDpeI90itFjN53Y8LbmMHwxIM0c0iRfSNxydb3moRHc8
fmHm8qGBAjuwMN6+V9kPzUNIjrypaK068yZB7eKUXHvolCIJavid9kR179YhtedN
fjQMdm1y/vf9hLkWYCpAXF1UrzYzHyOgUNmCErB1VMTc
-----END CERTIFICATE-----