Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ju4B_dBf6P1n4-bvMWAia3LNzOM.roa
File:                     ju4B_dBf6P1n4-bvMWAia3LNzOM.roa (raw, json)
Hash identifier:          JCl+CgCUlLAXvPGmWo31pI3oeKM/2notK1i8TGoEzEY=
Subject key identifier:   8E:EE:01:FD:D0:5F:E8:FD:67:E3:E6:EF:31:60:22:6B:72:CD:CC:E3
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019E0BB959F2A3DE03081EC301BD3F8982F2
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ju4B_dBf6P1n4-bvMWAia3LNzOM.roa
Signing time:             Sat 09 May 2026 07:52:37 +0000
ROA not before:           Sat 09 May 2026 07:52:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        89.42.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0b:b9:59:f2:a3:de:03:08:1e:c3:01:bd:3f:89:82:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May  9 07:52:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8eee01fdd05fe8fd67e3e6ef3160226b72cdcce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2d:f9:63:3a:7c:cc:c8:31:3a:c8:19:8a:ae:
                    e5:d2:ce:05:4a:67:7d:a2:20:71:7a:a5:06:50:b2:
                    1a:78:bf:c9:49:06:bd:d7:10:70:c2:5b:73:af:69:
                    2c:14:8e:66:ad:b1:88:26:71:7f:b7:66:12:a8:db:
                    83:81:ad:ba:b8:6d:33:d5:89:bf:59:e8:76:bd:00:
                    8f:cb:50:11:80:9e:dc:d1:54:f0:29:68:e6:6c:ee:
                    50:f9:a6:ac:b2:00:d5:17:c4:b3:b5:bc:0c:1e:1b:
                    5d:3c:90:93:fc:3f:ed:67:50:81:03:29:14:8c:b0:
                    bb:f1:cf:e4:7f:cc:22:b1:09:ea:ad:36:d8:e3:79:
                    41:ee:c1:ec:4c:99:4b:78:9f:05:df:bd:f3:26:1e:
                    51:9c:63:4a:8b:9f:4c:ca:cb:51:9d:e1:46:83:1e:
                    cf:93:6e:22:34:93:08:e6:a9:d2:d3:57:b1:75:10:
                    08:d3:c5:72:c7:ef:46:e1:40:6b:55:40:fd:5e:a5:
                    ec:34:af:a7:b4:92:c8:47:36:fa:b5:23:56:b7:8b:
                    57:f4:33:28:ef:a4:5c:42:2c:81:2d:03:97:22:e0:
                    68:0d:45:49:aa:27:04:97:c6:91:10:98:43:f5:c7:
                    ab:2a:23:ab:d5:37:83:4f:55:ab:70:d4:2c:2c:90:
                    a3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:EE:01:FD:D0:5F:E8:FD:67:E3:E6:EF:31:60:22:6B:72:CD:CC:E3
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ju4B_dBf6P1n4-bvMWAia3LNzOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:ef:04:ed:3f:b7:45:92:2b:e5:23:2d:5f:49:09:5d:fa:4e:
         b7:58:0d:6e:2a:7a:f2:6f:a5:0c:5c:fb:be:6b:b0:20:a5:ad:
         c8:1c:1c:4d:77:5b:f6:96:70:7a:04:d3:94:5a:8b:32:37:b9:
         94:44:90:3e:06:7f:78:81:0b:52:a8:0c:b2:ba:c4:98:7c:18:
         58:87:3a:10:b1:5d:67:dc:88:80:64:e7:05:92:fd:8b:e3:9a:
         a4:40:66:bb:be:3b:53:59:9d:a6:1b:a1:ef:de:8f:a3:19:be:
         22:5e:97:a5:ac:ef:69:8a:a7:a1:10:49:62:87:a7:14:5c:fd:
         4a:f5:b8:86:06:e2:38:03:45:3e:16:44:ee:8c:e0:19:8c:78:
         28:02:97:b5:11:cc:3d:69:1b:95:b4:20:48:49:b2:7d:ea:e5:
         d3:b4:10:f5:36:d3:be:b2:68:80:a3:ef:45:90:ff:6f:08:bd:
         03:e0:88:a0:21:04:5c:78:fb:c6:da:41:f4:75:23:ad:d0:7b:
         5e:3d:24:f8:87:79:12:ce:54:c6:e8:6c:dd:99:8f:15:a3:2b:
         b5:b7:71:91:0f:18:c1:df:81:ee:93:d9:33:3c:9a:33:74:f0:
         42:a3:c7:68:2a:1c:fb:05:4c:11:24:7a:e6:92:93:78:e9:5e:
         c3:f6:f2:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4LuVnyo94DCB7DAb0/iYLyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNTA5MDc1MjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWVlMDFmZGQwNWZlOGZkNjdlM2U2ZWYzMTYwMjI2YjcyY2RjY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoy35Yzp8zMgxOsgZiq7l0s4FSmd9
oiBxeqUGULIaeL/JSQa91xBwwltzr2ksFI5mrbGIJnF/t2YSqNuDga26uG0z1Ym/
Weh2vQCPy1ARgJ7c0VTwKWjmbO5Q+aassgDVF8SztbwMHhtdPJCT/D/tZ1CBAykU
jLC78c/kf8wisQnqrTbY43lB7sHsTJlLeJ8F373zJh5RnGNKi59MystRneFGgx7P
k24iNJMI5qnS01exdRAI08Vyx+9G4UBrVUD9XqXsNK+ntJLIRzb6tSNWt4tX9DMo
76RcQiyBLQOXIuBoDUVJqicEl8aREJhD9cerKiOr1TeDT1WrcNQsLJCjewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7uAf3QX+j9Z+Pm7zFgImtyzczjMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvanU0Ql9kQmY2UDFuNC1idk1XQWlhM0xOek9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSpaMA0G
CSqGSIb3DQEBCwUAA4IBAQAf7wTtP7dFkivlIy1fSQld+k63WA1uKnryb6UMXPu+
a7Agpa3IHBxNd1v2lnB6BNOUWosyN7mURJA+Bn94gQtSqAyyusSYfBhYhzoQsV1n
3IiAZOcFkv2L45qkQGa7vjtTWZ2mG6Hv3o+jGb4iXpelrO9piqehEElih6cUXP1K
9biGBuI4A0U+FkTujOAZjHgoApe1Ecw9aRuVtCBISbJ96uXTtBD1NtO+smiAo+9F
kP9vCL0D4IigIQRcePvG2kH0dSOt0HtePST4h3kSzlTG6GzdmY8Voyu1t3GRDxjB
34Huk9kzPJozdPBCo8doKhz7BUwRJHrmkpN46V7D9vKk
-----END CERTIFICATE-----