Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ltS-_8SNxnYRnMpwNjnE1rCBkUo.roa
File:                     ltS-_8SNxnYRnMpwNjnE1rCBkUo.roa (raw, json)
Hash identifier:          GdVcGXbzWMoQUkZ9hFaBmayJyfiusf1KDgU30Vv16xU=
Subject key identifier:   96:D4:BE:FF:C4:8D:C6:76:11:9C:CA:70:36:39:C4:D6:B0:81:91:4A
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0199F2A7113336F0E4B35926D8A85D810047
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ltS-_8SNxnYRnMpwNjnE1rCBkUo.roa
Signing time:             Fri 17 Oct 2025 14:50:59 +0000
ROA not before:           Fri 17 Oct 2025 14:50:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214366
IP address blocks:        89.37.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:a7:11:33:36:f0:e4:b3:59:26:d8:a8:5d:81:00:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 17 14:50:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96d4beffc48dc676119cca703639c4d6b081914a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:33:98:75:e0:c3:b6:a5:12:ef:b4:02:73:c8:
                    c8:ff:64:05:e0:38:16:2d:00:c7:48:a0:14:32:62:
                    95:96:56:11:ce:ea:f9:ab:35:6b:38:b0:6d:2f:eb:
                    e1:0e:60:59:99:3f:17:a1:4b:23:04:56:cd:6a:55:
                    85:8c:63:aa:23:fb:90:d1:74:98:f1:7d:de:09:59:
                    ce:7d:11:a2:ba:45:ed:12:b3:f3:d1:5b:3f:06:92:
                    4d:e3:58:99:ea:59:a5:8c:c8:f5:33:83:a2:e1:41:
                    05:2c:31:19:6f:7e:86:38:60:76:0d:b6:05:5b:6f:
                    6d:c3:cc:37:f3:be:27:80:08:45:11:75:56:df:f4:
                    3c:8e:24:3d:7c:e3:5e:7d:01:a1:c1:28:6b:9a:94:
                    92:e3:44:b3:6b:67:b4:7b:6b:e4:f2:28:62:8a:10:
                    91:ff:f0:9a:6d:65:7e:02:d3:95:39:d0:c8:be:f5:
                    e0:ab:d3:4d:1e:e6:3b:e1:7e:7b:b4:96:b2:6e:43:
                    d2:be:e4:3e:4f:7c:22:a8:b6:56:ba:be:26:b4:cd:
                    36:ff:43:6e:48:78:29:b8:23:57:39:f5:7e:5d:01:
                    a8:71:6d:1a:5e:d8:1d:0c:d4:29:95:43:5c:4e:cf:
                    06:24:92:ac:a4:17:b2:00:69:9d:54:f3:f4:70:b5:
                    40:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D4:BE:FF:C4:8D:C6:76:11:9C:CA:70:36:39:C4:D6:B0:81:91:4A
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ltS-_8SNxnYRnMpwNjnE1rCBkUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:a2:09:96:cf:a7:5e:9e:7d:54:73:a9:0d:64:eb:37:e8:38:
         bb:c4:85:b2:15:c4:48:8b:9c:62:7e:53:cc:b1:f2:12:1f:35:
         a7:15:84:e5:36:53:fc:1c:fe:a4:45:03:de:3b:e8:9e:b3:78:
         df:3e:81:2e:46:40:ef:af:a3:65:f0:72:69:5d:3d:2e:17:ec:
         ad:f5:42:57:4f:c9:7d:bd:ad:c8:10:f1:79:90:24:01:52:ec:
         fe:28:99:4b:dd:fb:4a:db:10:a4:59:b7:90:80:04:2e:73:b5:
         b8:06:ab:49:dd:da:98:8d:08:22:d7:1a:2d:a5:dd:7f:9c:f1:
         da:6b:b4:c5:74:ac:31:ae:78:c8:4a:a1:bf:0a:58:45:80:44:
         20:6c:63:1b:df:5f:9e:63:d4:31:2e:f4:6c:ed:6e:09:be:a6:
         af:f8:67:30:3e:6d:fb:1f:5b:54:5b:33:09:87:42:46:20:5f:
         0d:5f:ae:ca:fa:51:b8:cf:a5:a5:91:c1:46:c6:f2:6e:38:65:
         d2:0e:29:b7:fa:0c:9d:65:fe:f2:8a:2b:f1:1f:26:e3:2d:99:
         52:4a:e2:b6:c1:cc:13:31:29:50:1c:33:dd:64:b1:2b:bd:f3:
         bc:a0:9f:2a:f5:fd:fc:4a:ef:ac:c8:55:3f:eb:21:a0:4f:93:
         b9:65:80:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnypxEzNvDks1km2KhdgQBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUxMDE3MTQ1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmQ0YmVmZmM0OGRjNjc2MTE5Y2NhNzAzNjM5YzRkNmIwODE5MTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4TOYdeDDtqUS77QCc8jI/2QF4DgW
LQDHSKAUMmKVllYRzur5qzVrOLBtL+vhDmBZmT8XoUsjBFbNalWFjGOqI/uQ0XSY
8X3eCVnOfRGiukXtErPz0Vs/BpJN41iZ6lmljMj1M4Oi4UEFLDEZb36GOGB2DbYF
W29tw8w3874ngAhFEXVW3/Q8jiQ9fONefQGhwShrmpSS40Sza2e0e2vk8ihiihCR
//CabWV+AtOVOdDIvvXgq9NNHuY74X57tJaybkPSvuQ+T3wiqLZWur4mtM02/0Nu
SHgpuCNXOfV+XQGocW0aXtgdDNQplUNcTs8GJJKspBeyAGmdVPP0cLVAiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbUvv/EjcZ2EZzKcDY5xNawgZFKMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvbHRTLV84U054bllSbk1wd05qbkUxckNCa1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSXEMA0G
CSqGSIb3DQEBCwUAA4IBAQAQogmWz6denn1Uc6kNZOs36Di7xIWyFcRIi5xiflPM
sfISHzWnFYTlNlP8HP6kRQPeO+ies3jfPoEuRkDvr6Nl8HJpXT0uF+yt9UJXT8l9
va3IEPF5kCQBUuz+KJlL3ftK2xCkWbeQgAQuc7W4BqtJ3dqYjQgi1xotpd1/nPHa
a7TFdKwxrnjISqG/ClhFgEQgbGMb31+eY9QxLvRs7W4Jvqav+GcwPm37H1tUWzMJ
h0JGIF8NX67K+lG4z6WlkcFGxvJuOGXSDim3+gydZf7yiivxHybjLZlSSuK2wcwT
MSlQHDPdZLErvfO8oJ8q9f38Su+syFU/6yGgT5O5ZYAP
-----END CERTIFICATE-----