Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/hnUhOxmoehK95ObbrcTwHN3GXAo.roa
File:                     hnUhOxmoehK95ObbrcTwHN3GXAo.roa (raw, json)
Hash identifier:          CUHmEpu6We+KYBXSyWqOLCUbOVeCAbaFwKiS/ioyIBs=
Subject key identifier:   86:75:21:3B:19:A8:7A:12:BD:E4:E6:DB:AD:C4:F0:1C:DD:C6:5C:0A
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019D09F2F2419C8856219E47A205CDE7F1CD
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/hnUhOxmoehK95ObbrcTwHN3GXAo.roa
Signing time:             Fri 20 Mar 2026 06:33:29 +0000
ROA not before:           Fri 20 Mar 2026 06:33:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200282
IP address blocks:        89.46.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:09:f2:f2:41:9c:88:56:21:9e:47:a2:05:cd:e7:f1:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar 20 06:33:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8675213b19a87a12bde4e6dbadc4f01cddc65c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:19:d8:2a:3d:c5:67:4b:76:ab:e4:54:b2:a5:
                    53:e2:12:15:5d:2d:fb:ca:b4:71:27:d6:6d:80:e3:
                    92:03:19:b3:6f:9b:a4:94:cf:5c:30:5e:c7:df:b3:
                    49:3c:92:96:7c:f1:a8:08:af:cc:a1:9d:71:d7:22:
                    8b:5f:01:df:53:b3:6a:dc:43:25:f6:ce:a3:66:13:
                    f4:73:db:7b:b6:f3:89:df:b7:55:67:ac:7a:31:a7:
                    69:3b:ea:47:f8:81:cf:85:55:f3:4b:3e:20:e1:7c:
                    92:f6:dc:4f:a5:c7:1f:d5:4e:de:a3:dd:06:16:78:
                    70:84:a6:46:08:c0:f6:67:78:48:2e:7e:72:54:4a:
                    6b:e3:8d:16:1d:15:d6:dd:69:68:03:99:00:6e:01:
                    36:be:25:77:b6:09:fc:19:51:06:35:0a:d7:10:0b:
                    9f:c3:ed:59:5f:21:2a:51:2c:e3:37:66:13:ec:b0:
                    4e:35:e8:a9:ad:c7:6c:e0:80:b4:ee:d2:7c:8e:4a:
                    65:e7:24:87:ea:98:f6:05:ec:9b:9b:c4:21:8e:49:
                    2d:50:08:fc:35:9c:d3:ee:21:aa:a5:70:8a:ca:ab:
                    51:91:35:e6:c5:bd:c8:b2:a6:44:7d:64:3a:a7:2b:
                    29:6c:a7:63:dd:e2:f0:93:87:21:a6:05:b4:4a:10:
                    e8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:75:21:3B:19:A8:7A:12:BD:E4:E6:DB:AD:C4:F0:1C:DD:C6:5C:0A
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/hnUhOxmoehK95ObbrcTwHN3GXAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:f3:70:2e:36:38:55:7b:2e:c4:3e:59:7c:cb:83:84:e0:7f:
         6a:45:7f:24:3c:b2:14:06:46:7c:5a:37:03:c8:8a:5b:86:dd:
         9d:d6:48:10:82:6d:14:ef:64:e1:0f:66:ac:55:63:df:d7:39:
         ad:c7:86:53:9f:18:e6:cc:8f:e1:66:85:d5:08:e5:78:de:69:
         e0:a5:90:72:7c:40:70:49:a2:ce:47:16:d5:c2:a2:5b:dd:f4:
         72:e5:3a:62:ac:76:c6:6f:f6:58:ec:de:ee:a1:ea:79:8b:67:
         e6:df:c1:3b:72:2c:62:91:78:da:57:a6:87:0c:73:7c:43:16:
         82:5b:46:36:7d:c7:54:49:bf:5d:b4:aa:9d:be:81:23:7e:4d:
         d4:b2:e0:72:ed:a7:d3:87:ff:63:45:0b:aa:a5:9d:4d:cb:92:
         2f:d0:a8:41:9d:45:84:9b:cb:be:5d:ba:e0:02:ad:33:cc:c9:
         0f:1c:3c:74:4b:77:1e:a4:50:65:14:e5:1d:92:00:21:b5:46:
         34:52:ee:38:53:17:fc:18:19:7a:e8:9d:d7:6e:a0:6a:8a:fd:
         7e:2f:87:62:c4:24:99:19:8f:13:ae:95:d2:19:48:dc:8e:83:
         e6:34:d1:1a:48:fc:ba:c0:eb:53:62:00:88:dc:70:23:29:9d:
         c2:41:18:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0J8vJBnIhWIZ5HogXN5/HNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMzIwMDYzMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njc1MjEzYjE5YTg3YTEyYmRlNGU2ZGJhZGM0ZjAxY2RkYzY1YzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxnYKj3FZ0t2q+RUsqVT4hIVXS37
yrRxJ9ZtgOOSAxmzb5uklM9cMF7H37NJPJKWfPGoCK/MoZ1x1yKLXwHfU7Nq3EMl
9s6jZhP0c9t7tvOJ37dVZ6x6MadpO+pH+IHPhVXzSz4g4XyS9txPpccf1U7eo90G
FnhwhKZGCMD2Z3hILn5yVEpr440WHRXW3WloA5kAbgE2viV3tgn8GVEGNQrXEAuf
w+1ZXyEqUSzjN2YT7LBONeiprcds4IC07tJ8jkpl5ySH6pj2Beybm8QhjkktUAj8
NZzT7iGqpXCKyqtRkTXmxb3IsqZEfWQ6pyspbKdj3eLwk4chpgW0ShDoMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZ1ITsZqHoSveTm263E8BzdxlwKMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvaG5VaE94bW9laEs5NU9iYnJjVHdITjNHWEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS4BMA0G
CSqGSIb3DQEBCwUAA4IBAQAu83AuNjhVey7EPll8y4OE4H9qRX8kPLIUBkZ8WjcD
yIpbht2d1kgQgm0U72ThD2asVWPf1zmtx4ZTnxjmzI/hZoXVCOV43mngpZByfEBw
SaLORxbVwqJb3fRy5TpirHbGb/ZY7N7uoep5i2fm38E7cixikXjaV6aHDHN8QxaC
W0Y2fcdUSb9dtKqdvoEjfk3UsuBy7afTh/9jRQuqpZ1Ny5Iv0KhBnUWEm8u+Xbrg
Aq0zzMkPHDx0S3cepFBlFOUdkgAhtUY0Uu44Uxf8GBl66J3XbqBqiv1+L4dixCSZ
GY8TrpXSGUjcjoPmNNEaSPy6wOtTYgCI3HAjKZ3CQRg7
-----END CERTIFICATE-----