Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/tLoJODMao6dewM1XNe7bPAZXU6w.roa
File:                     tLoJODMao6dewM1XNe7bPAZXU6w.roa (raw, json)
Hash identifier:          +daf2aH8cROb+EwRmv5S9jyf+Dkop7EZ60lcU5p/huU=
Subject key identifier:   B4:BA:09:38:33:1A:A3:A7:5E:C0:CD:57:35:EE:DB:3C:06:57:53:AC
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019DECEA459CAF03839A5D56E2F86E4365DE
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/tLoJODMao6dewM1XNe7bPAZXU6w.roa
Signing time:             Sun 03 May 2026 08:17:49 +0000
ROA not before:           Sun 03 May 2026 08:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        89.33.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ec:ea:45:9c:af:03:83:9a:5d:56:e2:f8:6e:43:65:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May  3 08:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4ba0938331aa3a75ec0cd5735eedb3c065753ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:00:0b:cf:30:2c:99:6f:8c:57:90:48:c0:ce:
                    e8:0a:36:25:aa:46:97:66:c5:cc:f7:d9:94:d9:d8:
                    8b:98:18:99:51:5b:ca:50:71:86:6f:f1:02:5d:1a:
                    0c:a6:ef:8f:af:b6:aa:80:cd:0b:49:97:67:80:be:
                    95:d6:bb:e0:63:0a:54:3c:8d:7c:6b:7b:ed:e1:da:
                    76:18:e1:7e:13:e5:f8:bc:e5:e1:d3:8c:41:ab:2a:
                    67:69:67:d0:a3:97:f3:c6:82:3e:d7:29:6f:9a:83:
                    a6:9f:d6:67:04:db:7f:6a:9f:e9:e4:92:a3:70:6b:
                    0a:9e:0c:76:9a:ff:e9:92:66:42:50:0a:29:07:e3:
                    f1:87:1e:40:8d:5f:d1:f2:1d:00:a5:f2:33:a8:1e:
                    fe:13:0b:d3:53:de:e5:54:8d:16:32:ed:8c:28:e5:
                    d1:4c:76:28:57:7b:ea:26:ba:7c:6a:d6:fd:2e:60:
                    57:8b:3f:ab:50:21:1f:c4:6e:f2:89:f7:6c:74:bf:
                    ed:be:3e:9b:89:18:87:74:b6:61:77:93:80:36:67:
                    20:1b:cf:c5:69:18:71:07:14:8f:31:4d:69:ac:68:
                    d6:27:bf:89:8f:d0:fd:e0:ff:15:31:35:9e:23:67:
                    34:e9:bc:77:1c:23:ba:43:50:a8:06:55:1a:e9:fa:
                    4d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:BA:09:38:33:1A:A3:A7:5E:C0:CD:57:35:EE:DB:3C:06:57:53:AC
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/tLoJODMao6dewM1XNe7bPAZXU6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:58:0c:99:9c:8f:38:df:8a:af:ef:94:37:af:21:24:df:ee:
         9a:15:b7:4c:f6:3f:b6:13:8c:ee:82:7b:8a:14:b2:92:94:6e:
         9c:b9:36:44:84:0d:19:23:da:8c:f6:04:1f:9c:1b:e6:6c:89:
         93:4e:10:ed:dd:71:2c:3b:1f:2a:b1:e0:b4:ac:1a:f5:25:83:
         5d:bc:f5:d4:38:bf:91:8c:fa:3d:e7:15:b9:04:f8:41:5b:c2:
         bd:3f:06:6c:6d:62:47:36:f1:2d:81:30:cf:c5:c8:15:81:54:
         f2:d2:34:65:3a:37:a1:c3:11:d7:87:4a:71:9d:81:be:4f:28:
         19:c5:b4:4d:1a:15:c0:13:1c:17:ed:5d:2e:95:e2:fc:fa:d9:
         bb:57:62:5c:6b:f8:6b:6b:d2:8f:52:51:bb:bc:79:9d:c6:b6:
         dd:ca:1e:94:f4:cc:7c:fd:c2:29:e1:97:bb:4e:7f:4a:16:59:
         0e:d9:63:9a:06:3b:95:9d:5b:3c:54:f2:b9:b6:5e:0f:9a:1f:
         29:f6:82:c3:53:27:64:74:84:72:a4:2c:b0:b1:24:0b:cc:88:
         69:8c:88:7b:cc:7a:f1:c1:6d:ed:17:f0:da:7f:06:30:b4:cd:
         d6:bd:21:ef:e7:7b:c9:c9:99:7b:52:2f:97:40:52:5d:9a:8c:
         49:aa:96:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3s6kWcrwODml1W4vhuQ2XeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNTAzMDgxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGJhMDkzODMzMWFhM2E3NWVjMGNkNTczNWVlZGIzYzA2NTc1M2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngALzzAsmW+MV5BIwM7oCjYlqkaX
ZsXM99mU2diLmBiZUVvKUHGGb/ECXRoMpu+Pr7aqgM0LSZdngL6V1rvgYwpUPI18
a3vt4dp2GOF+E+X4vOXh04xBqypnaWfQo5fzxoI+1ylvmoOmn9ZnBNt/ap/p5JKj
cGsKngx2mv/pkmZCUAopB+Pxhx5AjV/R8h0ApfIzqB7+EwvTU97lVI0WMu2MKOXR
THYoV3vqJrp8atb9LmBXiz+rUCEfxG7yifdsdL/tvj6biRiHdLZhd5OANmcgG8/F
aRhxBxSPMU1prGjWJ7+Jj9D94P8VMTWeI2c06bx3HCO6Q1CoBlUa6fpN2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLS6CTgzGqOnXsDNVzXu2zwGV1OsMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvdExvSk9ETWFvNmRld00xWE5lN2JQQVpYVTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHBMA0G
CSqGSIb3DQEBCwUAA4IBAQAxWAyZnI8434qv75Q3ryEk3+6aFbdM9j+2E4zugnuK
FLKSlG6cuTZEhA0ZI9qM9gQfnBvmbImTThDt3XEsOx8qseC0rBr1JYNdvPXUOL+R
jPo95xW5BPhBW8K9PwZsbWJHNvEtgTDPxcgVgVTy0jRlOjehwxHXh0pxnYG+TygZ
xbRNGhXAExwX7V0uleL8+tm7V2Jca/hra9KPUlG7vHmdxrbdyh6U9Mx8/cIp4Ze7
Tn9KFlkO2WOaBjuVnVs8VPK5tl4Pmh8p9oLDUydkdIRypCywsSQLzIhpjIh7zHrx
wW3tF/DafwYwtM3WvSHv53vJyZl7Ui+XQFJdmoxJqpaq
-----END CERTIFICATE-----