Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/whKN1EjIw2l1dkI9ofATVg_RcFU.roa
File:                     whKN1EjIw2l1dkI9ofATVg_RcFU.roa (raw, json)
Hash identifier:          z5mKfKiIcdWeq9Pdeg+sUHG8xLA1s8cqXxzHffnlE3M=
Subject key identifier:   C2:12:8D:D4:48:C8:C3:69:75:76:42:3D:A1:F0:13:56:0F:D1:70:55
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019929461BC520B0A7BB956396B7449D5067
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/whKN1EjIw2l1dkI9ofATVg_RcFU.roa
Signing time:             Mon 08 Sep 2025 12:21:24 +0000
ROA not before:           Mon 08 Sep 2025 12:21:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        89.47.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:46:1b:c5:20:b0:a7:bb:95:63:96:b7:44:9d:50:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Sep  8 12:21:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2128dd448c8c3697576423da1f013560fd17055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:5e:16:a9:8b:fc:d9:94:39:eb:2f:11:2e:5b:
                    af:c9:6e:f4:8f:a9:59:4a:19:23:21:ea:e6:f1:52:
                    8c:e6:49:9c:d2:60:5b:39:47:59:9e:31:28:4f:00:
                    e2:19:c9:d6:96:cd:87:3b:25:f5:ff:83:27:6b:5a:
                    da:5f:26:b7:02:9b:4f:59:4d:39:d8:b4:cc:db:0c:
                    06:26:c3:50:4a:ed:1b:1c:d7:2a:10:3a:2f:df:83:
                    4e:63:01:92:4c:2e:5a:4a:e1:34:62:d6:b8:f0:3e:
                    77:97:3e:5b:c4:65:87:af:6b:99:f3:07:c0:4b:33:
                    07:4b:ec:0c:50:29:95:18:14:d8:6a:26:d5:fc:4f:
                    8f:48:33:4b:ff:ec:d2:ba:c5:df:1b:e5:c3:6a:d9:
                    ff:5b:0e:66:ec:88:53:a1:61:8c:17:f4:9c:6e:4c:
                    02:59:b5:80:84:89:88:1f:c5:37:cd:50:34:b2:ed:
                    03:e6:2e:e3:79:15:1b:56:67:d7:b4:ce:59:4f:53:
                    c0:d7:67:96:d9:70:cb:02:04:d0:47:e7:7f:28:a0:
                    95:5a:cd:0b:33:51:d5:df:f6:54:25:92:df:6e:f6:
                    ba:2d:61:de:5d:f0:7a:38:11:d9:4f:b3:ac:a4:c6:
                    1a:98:19:13:b2:ae:c1:a3:3e:5b:ad:e5:25:f6:d3:
                    a5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:12:8D:D4:48:C8:C3:69:75:76:42:3D:A1:F0:13:56:0F:D1:70:55
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/whKN1EjIw2l1dkI9ofATVg_RcFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:ca:30:86:70:b2:2f:10:f2:b8:27:2a:bb:28:0a:46:4f:a6:
         17:06:5d:19:43:35:d5:80:2c:bc:c6:22:d6:af:80:6a:21:a1:
         4a:2d:6a:e9:c2:41:4f:e2:d9:22:48:fd:37:f3:e0:b6:18:16:
         54:7c:e9:9e:a6:ea:6f:67:ce:f5:2e:85:91:dd:4a:0c:28:4e:
         41:b7:74:85:e5:80:09:c1:69:e5:e7:a1:f9:00:84:c4:18:91:
         09:9f:29:3a:17:09:69:2b:a1:b2:5e:7e:07:37:79:6c:1f:05:
         f3:84:1b:1b:45:a3:27:65:c9:1b:66:ac:66:6a:14:b9:8c:40:
         9e:09:2d:eb:07:3a:54:58:47:0c:3a:65:1f:b5:aa:9b:f1:f4:
         a7:16:c4:d1:32:59:39:55:d2:bc:44:32:1f:3b:3e:c1:b6:6b:
         97:f3:82:d0:9a:30:9e:54:7a:d3:bd:da:c0:83:72:be:c4:25:
         9d:18:98:d0:c9:68:4b:b6:da:ea:6d:4a:ab:0c:6b:d9:2e:2a:
         e1:2c:a0:fb:4e:85:b1:42:a6:05:7d:f9:f6:09:78:f9:90:31:
         9c:51:60:d3:31:55:8b:23:a0:f8:30:d8:8d:ed:e8:56:a4:d6:
         7a:db:92:45:a3:21:5e:15:4c:2e:cb:5c:11:45:79:f7:6d:3c:
         26:14:22:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkpRhvFILCnu5VjlrdEnVBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwOTA4MTIyMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjEyOGRkNDQ4YzhjMzY5NzU3NjQyM2RhMWYwMTM1NjBmZDE3MDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0F4WqYv82ZQ56y8RLluvyW70j6lZ
ShkjIerm8VKM5kmc0mBbOUdZnjEoTwDiGcnWls2HOyX1/4Mna1raXya3AptPWU05
2LTM2wwGJsNQSu0bHNcqEDov34NOYwGSTC5aSuE0Yta48D53lz5bxGWHr2uZ8wfA
SzMHS+wMUCmVGBTYaibV/E+PSDNL/+zSusXfG+XDatn/Ww5m7IhToWGMF/ScbkwC
WbWAhImIH8U3zVA0su0D5i7jeRUbVmfXtM5ZT1PA12eW2XDLAgTQR+d/KKCVWs0L
M1HV3/ZUJZLfbva6LWHeXfB6OBHZT7OspMYamBkTsq7Boz5breUl9tOlcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMISjdRIyMNpdXZCPaHwE1YP0XBVMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvd2hLTjFFakl3MmwxZGtJOW9mQVRWZ19SY0ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS90MA0G
CSqGSIb3DQEBCwUAA4IBAQAXyjCGcLIvEPK4Jyq7KApGT6YXBl0ZQzXVgCy8xiLW
r4BqIaFKLWrpwkFP4tkiSP038+C2GBZUfOmepupvZ871LoWR3UoMKE5Bt3SF5YAJ
wWnl56H5AITEGJEJnyk6FwlpK6GyXn4HN3lsHwXzhBsbRaMnZckbZqxmahS5jECe
CS3rBzpUWEcMOmUftaqb8fSnFsTRMlk5VdK8RDIfOz7BtmuX84LQmjCeVHrTvdrA
g3K+xCWdGJjQyWhLttrqbUqrDGvZLirhLKD7ToWxQqYFffn2CXj5kDGcUWDTMVWL
I6D4MNiN7ehWpNZ625JFoyFeFUwuy1wRRXn3bTwmFCK5
-----END CERTIFICATE-----