Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZnJzV4X630TI6TEuEmJq4pEU3EI.roa
File:                     ZnJzV4X630TI6TEuEmJq4pEU3EI.roa (raw, json)
Hash identifier:          0huEcseAqrjJXibPeB9OJN0HVfTlaN7vsAa1MQ3noGI=
Subject key identifier:   66:72:73:57:85:FA:DF:44:C8:E9:31:2E:12:62:6A:E2:91:14:DC:42
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0199FC92BCB0A7EF1F248DBC7D228F502771
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZnJzV4X630TI6TEuEmJq4pEU3EI.roa
Signing time:             Sun 19 Oct 2025 13:04:59 +0000
ROA not before:           Sun 19 Oct 2025 13:04:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:92:bc:b0:a7:ef:1f:24:8d:bc:7d:22:8f:50:27:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 19 13:04:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6672735785fadf44c8e9312e12626ae29114dc42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2f:3d:c8:83:ac:c9:1e:84:20:fb:e2:e2:d5:
                    58:c5:53:d7:01:81:74:ca:a5:b5:71:1d:e7:6f:7b:
                    8b:cd:81:a8:25:4d:16:6e:c3:b2:30:0f:a9:2a:39:
                    41:8a:05:6a:7a:f4:39:a2:40:dc:b3:2e:a6:a0:8c:
                    fd:d1:53:80:98:23:ea:54:3e:19:3d:c0:6b:69:ab:
                    b3:70:59:0a:a0:50:99:08:80:be:71:45:74:eb:79:
                    56:64:09:4e:bd:2b:c9:92:75:05:00:56:d6:3a:2c:
                    ea:bf:31:f2:53:10:9b:6e:39:67:8f:83:22:41:ba:
                    5d:df:5b:33:d1:08:51:1c:b3:52:07:3c:58:63:9d:
                    39:0c:86:15:27:85:59:b2:5f:b3:7f:46:34:e4:bd:
                    32:23:c1:8f:e1:8f:c4:c1:f8:f1:ed:a0:fc:d5:0c:
                    3a:69:59:55:62:a2:12:a6:07:57:a1:71:dc:ba:7d:
                    88:d8:49:fe:50:99:45:ec:ae:a4:9b:71:33:d9:08:
                    8c:c5:cc:20:29:47:3a:c8:2e:4f:7f:af:69:23:22:
                    47:4f:be:c0:d4:19:05:56:92:cb:17:45:b3:a4:5b:
                    f5:6b:68:96:06:28:16:05:49:05:1b:93:c5:ec:61:
                    84:62:22:69:dd:42:fe:c9:63:af:7e:7d:46:cc:54:
                    c0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:72:73:57:85:FA:DF:44:C8:E9:31:2E:12:62:6A:E2:91:14:DC:42
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZnJzV4X630TI6TEuEmJq4pEU3EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:86:ef:df:07:da:95:1c:17:0a:4d:d9:5f:5c:c7:9a:7d:29:
         93:d0:02:aa:3c:0d:4c:d1:99:41:c6:0f:b3:34:ca:9b:8e:cd:
         f9:17:01:85:e9:1d:ee:d6:ad:d6:9d:ed:7f:a2:56:ed:52:ff:
         56:bb:fa:bf:f1:d9:1a:93:5e:bd:04:bf:91:d9:9b:f3:27:81:
         e9:00:bc:01:6b:a4:f0:5c:a7:e4:c4:dc:eb:86:26:79:c1:ed:
         30:69:06:18:6d:ba:5d:4a:04:25:94:b0:8a:df:ab:17:ca:95:
         6f:b2:7c:48:d0:60:b5:63:96:7e:68:f5:74:73:a5:f8:b8:66:
         b9:d1:cf:3d:6a:2f:4f:7c:2b:c2:5e:50:29:ff:77:7c:2d:43:
         ec:4f:40:25:44:4a:96:7a:bf:48:00:c5:ee:c0:d5:71:04:b4:
         aa:7d:9d:9f:2d:73:bc:31:ed:be:65:7a:c2:72:f8:78:02:61:
         14:6a:7b:b4:c9:c8:42:ff:b1:cd:63:80:01:ad:d4:d4:b2:a0:
         34:ba:26:43:09:e2:80:b1:95:30:9a:3d:0a:21:d6:99:a0:71:
         da:b5:f1:1b:04:f6:cd:4a:81:2f:e1:90:32:ab:a9:e8:14:e8:
         42:67:35:f1:2f:2f:6a:87:f2:0e:de:e7:fd:fb:88:90:b4:28:
         44:a2:ea:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn8krywp+8fJI28fSKPUCdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUxMDE5MTMwNDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjcyNzM1Nzg1ZmFkZjQ0YzhlOTMxMmUxMjYyNmFlMjkxMTRkYzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS89yIOsyR6EIPvi4tVYxVPXAYF0
yqW1cR3nb3uLzYGoJU0WbsOyMA+pKjlBigVqevQ5okDcsy6moIz90VOAmCPqVD4Z
PcBraauzcFkKoFCZCIC+cUV063lWZAlOvSvJknUFAFbWOizqvzHyUxCbbjlnj4Mi
Qbpd31sz0QhRHLNSBzxYY505DIYVJ4VZsl+zf0Y05L0yI8GP4Y/Ewfjx7aD81Qw6
aVlVYqISpgdXoXHcun2I2En+UJlF7K6km3Ez2QiMxcwgKUc6yC5Pf69pIyJHT77A
1BkFVpLLF0WzpFv1a2iWBigWBUkFG5PF7GGEYiJp3UL+yWOvfn1GzFTA0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZyc1eF+t9EyOkxLhJiauKRFNxCMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWm5KelY0WDYzMFRJNlRFdUVtSnE0cEVVM0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSpSMA0G
CSqGSIb3DQEBCwUAA4IBAQBRhu/fB9qVHBcKTdlfXMeafSmT0AKqPA1M0ZlBxg+z
NMqbjs35FwGF6R3u1q3Wne1/olbtUv9Wu/q/8dkak169BL+R2ZvzJ4HpALwBa6Tw
XKfkxNzrhiZ5we0waQYYbbpdSgQllLCK36sXypVvsnxI0GC1Y5Z+aPV0c6X4uGa5
0c89ai9PfCvCXlAp/3d8LUPsT0AlREqWer9IAMXuwNVxBLSqfZ2fLXO8Me2+ZXrC
cvh4AmEUanu0ychC/7HNY4ABrdTUsqA0uiZDCeKAsZUwmj0KIdaZoHHatfEbBPbN
SoEv4ZAyq6noFOhCZzXxLy9qh/IO3uf9+4iQtChEourp
-----END CERTIFICATE-----