Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/vnWYobOqOoYaIzP6DDl2zOD2pRo.roa
File:                     vnWYobOqOoYaIzP6DDl2zOD2pRo.roa (raw, json)
Hash identifier:          pu8JkTCatEw9KFnVi2g28H/4m52wRxq3vgjpekuZ4ZU=
Subject key identifier:   BE:75:98:A1:B3:AA:3A:86:1A:23:33:FA:0C:39:76:CC:E0:F6:A5:1A
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0199A8D6A4257F261013382B4249BB581956
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/vnWYobOqOoYaIzP6DDl2zOD2pRo.roa
Signing time:             Fri 03 Oct 2025 06:51:03 +0000
ROA not before:           Fri 03 Oct 2025 06:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215727
IP address blocks:        89.33.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a8:d6:a4:25:7f:26:10:13:38:2b:42:49:bb:58:19:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct  3 06:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be7598a1b3aa3a861a2333fa0c3976cce0f6a51a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:72:96:81:ef:e1:93:19:a9:56:14:38:33:13:
                    00:62:05:c5:d8:ed:93:36:8d:3d:06:cd:7d:69:a3:
                    8f:bc:c4:6a:89:8f:92:b2:0a:5d:68:28:34:61:50:
                    d7:2a:44:37:6a:19:86:8d:57:df:ac:38:15:09:cc:
                    da:37:cc:ea:2d:b2:5e:3b:93:c4:05:df:f8:21:b7:
                    69:dc:47:4e:e4:7d:4c:73:6c:60:3d:ad:88:2d:0b:
                    e9:d1:01:d6:3d:68:e6:ed:7b:ea:37:92:78:d3:eb:
                    06:c4:33:d0:c5:95:e6:7d:a8:1d:e5:75:fe:b1:3c:
                    99:9f:4e:8a:63:2f:c0:fa:a0:b9:24:b8:a0:a8:2f:
                    2d:11:a6:25:33:ca:76:1c:8c:1b:fa:9e:5f:98:a2:
                    f3:7e:b2:e7:b8:c9:4a:a7:52:7a:fe:93:5f:70:d7:
                    ab:c7:4f:a4:44:6f:2d:73:5e:56:c9:75:b5:a8:fa:
                    0f:6b:9f:f3:d4:d1:9f:7d:6b:ce:74:dd:9f:ee:78:
                    0a:38:c4:af:d8:0c:76:87:4e:cd:56:f4:4b:67:36:
                    b3:2c:3f:d7:be:5b:a5:06:3c:59:98:20:3a:a4:58:
                    7e:85:93:2e:0c:fd:eb:97:2b:5d:81:d5:91:f5:2a:
                    e8:a9:0b:96:44:69:3f:fe:0a:7a:c4:f4:6b:b6:c5:
                    da:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:75:98:A1:B3:AA:3A:86:1A:23:33:FA:0C:39:76:CC:E0:F6:A5:1A
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/vnWYobOqOoYaIzP6DDl2zOD2pRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:01:e0:fb:3c:a8:c9:02:b4:05:74:58:6a:73:5b:94:68:38:
         0c:b8:88:ec:32:15:e1:e2:9c:be:f4:85:40:71:29:15:25:da:
         bd:c6:4f:fb:6c:39:4b:70:5d:6a:1b:77:92:3f:2a:ca:ca:c8:
         32:3a:bd:73:98:f5:ab:1a:f6:9a:92:19:da:44:5b:aa:c8:e1:
         7a:4d:98:07:e8:9d:88:c6:e5:73:18:87:93:cd:03:7e:3d:ee:
         53:83:96:c4:7f:a0:ba:97:f6:08:b7:06:22:70:e9:39:7e:74:
         f9:1b:28:37:a8:4c:6f:01:ed:0c:27:b4:38:19:8c:4e:f9:62:
         ad:5a:fd:56:4c:af:5a:3c:7f:f5:3a:b4:de:0f:0e:0f:7b:4e:
         a3:1e:31:27:48:c6:b2:00:4f:19:83:c7:94:c7:ea:bc:7a:03:
         d4:67:02:b6:ff:c9:db:36:cb:a9:c3:df:26:d7:f0:68:dd:4f:
         03:62:26:9e:fc:ce:82:40:3f:dd:e9:57:26:49:87:fb:9a:6c:
         5f:dc:8c:5d:16:37:e1:f7:54:fd:d8:99:2f:0a:47:2c:71:61:
         72:6c:e7:6b:44:7a:64:b3:ab:44:0a:0a:48:1f:c3:58:ed:ab:
         3a:91:e3:a2:5e:30:69:67:7d:f7:18:dd:43:70:e6:92:6b:78:
         18:44:87:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmo1qQlfyYQEzgrQkm7WBlWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUxMDAzMDY1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTc1OThhMWIzYWEzYTg2MWEyMzMzZmEwYzM5NzZjY2UwZjZhNTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3KWge/hkxmpVhQ4MxMAYgXF2O2T
No09Bs19aaOPvMRqiY+SsgpdaCg0YVDXKkQ3ahmGjVffrDgVCczaN8zqLbJeO5PE
Bd/4Ibdp3EdO5H1Mc2xgPa2ILQvp0QHWPWjm7XvqN5J40+sGxDPQxZXmfagd5XX+
sTyZn06KYy/A+qC5JLigqC8tEaYlM8p2HIwb+p5fmKLzfrLnuMlKp1J6/pNfcNer
x0+kRG8tc15WyXW1qPoPa5/z1NGffWvOdN2f7ngKOMSv2Ax2h07NVvRLZzazLD/X
vlulBjxZmCA6pFh+hZMuDP3rlytdgdWR9SroqQuWRGk//gp6xPRrtsXaMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL51mKGzqjqGGiMz+gw5dszg9qUaMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvdm5XWW9iT3FPb1lhSXpQNkREbDJ6T0QycFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHCMA0G
CSqGSIb3DQEBCwUAA4IBAQB7AeD7PKjJArQFdFhqc1uUaDgMuIjsMhXh4py+9IVA
cSkVJdq9xk/7bDlLcF1qG3eSPyrKysgyOr1zmPWrGvaakhnaRFuqyOF6TZgH6J2I
xuVzGIeTzQN+Pe5Tg5bEf6C6l/YItwYicOk5fnT5Gyg3qExvAe0MJ7Q4GYxO+WKt
Wv1WTK9aPH/1OrTeDw4Pe06jHjEnSMayAE8Zg8eUx+q8egPUZwK2/8nbNsupw98m
1/Bo3U8DYiae/M6CQD/d6VcmSYf7mmxf3IxdFjfh91T92JkvCkcscWFybOdrRHpk
s6tECgpIH8NY7as6keOiXjBpZ333GN1DcOaSa3gYRIc0
-----END CERTIFICATE-----