Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/jYmBTXfSXpPvhaX9doOmDRm70zM.roa
File:                     jYmBTXfSXpPvhaX9doOmDRm70zM.roa (raw, json)
Hash identifier:          pZ9t6+13YlcAce89fxRlYtBdz5ZDEoyYn4MXpu/BC0U=
Subject key identifier:   8D:89:81:4D:77:D2:5E:93:EF:85:A5:FD:76:83:A6:0D:19:BB:D3:33
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019E0C97D25D7C518ED20ECC35A150900A59
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/jYmBTXfSXpPvhaX9doOmDRm70zM.roa
Signing time:             Sat 09 May 2026 11:55:36 +0000
ROA not before:           Sat 09 May 2026 11:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0c:97:d2:5d:7c:51:8e:d2:0e:cc:35:a1:50:90:0a:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May  9 11:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d89814d77d25e93ef85a5fd7683a60d19bbd333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:dd:41:c9:49:69:60:13:08:6b:38:33:cf:14:
                    0d:33:91:71:3c:ff:bf:14:9b:13:84:38:1f:40:4b:
                    a5:00:26:89:17:87:66:a5:a2:44:cf:7d:14:6f:8f:
                    c6:05:ed:9d:5f:22:1d:7e:ca:a7:a0:86:37:96:ee:
                    1f:32:fa:60:39:08:9c:61:49:eb:96:68:0e:2b:09:
                    3f:00:b5:39:4c:2a:fd:40:94:55:b3:c7:f9:6c:02:
                    72:da:1b:42:b8:e7:f1:97:3b:92:ea:c1:a2:3e:e4:
                    f2:3d:68:9c:6a:1b:5b:0b:e0:31:52:6c:9f:6e:d7:
                    88:f7:aa:72:06:3b:d7:7e:07:21:fb:67:1c:07:fe:
                    43:a6:9b:f8:6d:43:a9:e8:29:40:17:5c:24:13:4d:
                    08:00:32:d9:5a:56:6f:d1:e9:0b:f2:5b:0e:c8:6d:
                    16:ea:24:cc:7b:b9:0d:d4:c0:d3:2c:e1:1b:98:57:
                    33:c3:50:22:15:6e:48:21:26:70:f0:aa:72:d1:9d:
                    07:37:dc:f6:92:aa:21:23:75:e4:19:17:20:5d:b8:
                    0f:93:32:49:fe:d5:97:46:b1:82:e9:60:9f:aa:d9:
                    e4:b7:39:a0:39:f3:ef:c5:17:17:5b:f1:f4:ea:8d:
                    97:6f:c9:39:d5:7a:88:c7:a4:7c:24:36:9e:fb:9a:
                    45:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:89:81:4D:77:D2:5E:93:EF:85:A5:FD:76:83:A6:0D:19:BB:D3:33
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/jYmBTXfSXpPvhaX9doOmDRm70zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:c5:6c:ed:41:f4:75:86:9e:44:5b:b0:a1:7f:11:b7:c4:d9:
         56:3e:f1:dd:94:86:ae:1e:20:0e:ac:d2:ba:77:67:41:bc:13:
         92:a6:e6:4b:6c:a2:96:3b:c4:6d:61:73:14:84:77:fe:5c:9a:
         e2:f1:e3:e0:9c:12:01:32:fe:05:83:55:c6:a6:9b:d8:c6:9b:
         5a:d3:78:18:c8:ab:3d:15:a2:14:ad:9b:01:2d:57:93:95:86:
         3e:f2:40:e5:b6:bf:52:d9:c9:9e:92:19:1e:e3:e2:1c:51:3e:
         30:98:55:f3:f3:bf:13:36:a6:44:1e:c3:5b:c3:59:af:9b:9c:
         4b:76:e0:a4:9a:bb:4e:ed:22:2a:52:6c:40:fc:7b:e9:a4:63:
         38:77:77:14:6f:08:ec:10:3a:cd:31:8b:85:b3:cc:ba:31:92:
         44:38:0a:1b:85:77:f4:1f:84:74:de:38:37:20:8d:0c:87:01:
         5d:e8:cb:15:f5:fd:eb:31:37:1c:7d:0d:66:65:cd:3d:09:bc:
         94:bb:ac:b6:7f:1c:00:c7:90:43:d2:32:e3:63:12:8f:f2:44:
         9b:90:43:50:2a:ad:fc:36:a8:aa:43:c7:fb:bf:1b:b6:36:7c:
         ed:a5:d3:ec:42:f3:9c:f1:a4:33:32:72:62:2b:79:00:05:de:
         b7:3b:d0:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Ml9JdfFGO0g7MNaFQkApZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNTA5MTE1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDg5ODE0ZDc3ZDI1ZTkzZWY4NWE1ZmQ3NjgzYTYwZDE5YmJkMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8t1ByUlpYBMIazgzzxQNM5FxPP+/
FJsThDgfQEulACaJF4dmpaJEz30Ub4/GBe2dXyIdfsqnoIY3lu4fMvpgOQicYUnr
lmgOKwk/ALU5TCr9QJRVs8f5bAJy2htCuOfxlzuS6sGiPuTyPWicahtbC+AxUmyf
bteI96pyBjvXfgch+2ccB/5Dppv4bUOp6ClAF1wkE00IADLZWlZv0ekL8lsOyG0W
6iTMe7kN1MDTLOEbmFczw1AiFW5IISZw8Kpy0Z0HN9z2kqohI3XkGRcgXbgPkzJJ
/tWXRrGC6WCfqtnktzmgOfPvxRcXW/H06o2Xb8k51XqIx6R8JDae+5pFkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2JgU130l6T74Wl/XaDpg0Zu9MzMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvalltQlRYZlNYcFB2aGFYOWRvT21EUm03MHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSpSMA0G
CSqGSIb3DQEBCwUAA4IBAQA2xWztQfR1hp5EW7ChfxG3xNlWPvHdlIauHiAOrNK6
d2dBvBOSpuZLbKKWO8RtYXMUhHf+XJri8ePgnBIBMv4Fg1XGppvYxpta03gYyKs9
FaIUrZsBLVeTlYY+8kDltr9S2cmekhke4+IcUT4wmFXz878TNqZEHsNbw1mvm5xL
duCkmrtO7SIqUmxA/HvppGM4d3cUbwjsEDrNMYuFs8y6MZJEOAobhXf0H4R03jg3
II0MhwFd6MsV9f3rMTccfQ1mZc09CbyUu6y2fxwAx5BD0jLjYxKP8kSbkENQKq38
NqiqQ8f7vxu2NnztpdPsQvOc8aQzMnJiK3kABd63O9Cn
-----END CERTIFICATE-----