Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2oMkAqIKITYhSRCbkmht6Sh2tso.roa
File:                     2oMkAqIKITYhSRCbkmht6Sh2tso.roa (raw, json)
Hash identifier:          qhQs2MMcabX3T9dCrlROlUMvUatk1FKUbchelIoO0gI=
Subject key identifier:   DA:83:24:02:A2:0A:21:36:21:49:10:9B:92:68:6D:E9:28:76:B6:CA
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019864676E055FB5326DEB5C5B05DB371EC3
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2oMkAqIKITYhSRCbkmht6Sh2tso.roa
Signing time:             Fri 01 Aug 2025 06:52:36 +0000
ROA not before:           Fri 01 Aug 2025 06:52:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:67:6e:05:5f:b5:32:6d:eb:5c:5b:05:db:37:1e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Aug  1 06:52:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da832402a20a21362149109b92686de92876b6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:13:ec:d2:78:d3:04:61:ed:75:37:0b:d8:60:
                    4c:80:7f:ae:77:43:51:e4:51:cf:22:48:23:10:1a:
                    ca:b0:af:39:49:29:40:1a:86:2b:0b:0d:a8:19:18:
                    1e:86:39:91:29:b0:78:4b:bb:0a:6d:9a:a8:ca:31:
                    be:08:73:dd:83:74:ef:2a:93:e5:c8:b9:04:07:1d:
                    98:4f:b9:62:8d:ac:32:2f:3f:38:97:51:3c:44:19:
                    a9:f8:22:52:c8:10:fd:23:e7:79:09:60:94:28:41:
                    88:8d:1f:20:7f:da:97:63:2a:52:32:ed:5b:70:c6:
                    12:ed:b1:1a:d7:aa:40:18:f0:cf:90:e6:5f:5c:78:
                    d6:21:7d:a7:e3:57:d2:b4:1c:bd:8f:22:71:65:fa:
                    18:99:fb:9d:2b:55:ef:c5:c4:2d:0c:55:ef:6a:25:
                    85:75:76:28:05:b6:c8:e2:9d:7d:7c:33:79:f4:0b:
                    f8:f8:9f:68:94:94:b6:0d:84:64:33:87:1a:01:ea:
                    dc:7a:77:06:4e:bc:74:a2:1d:31:ed:b6:07:0d:32:
                    92:cb:8c:bd:a0:90:44:c4:c6:96:41:95:07:e8:c2:
                    04:72:c4:07:8b:27:57:61:7b:fa:3e:8d:dc:46:db:
                    f2:79:89:12:cb:a3:69:09:c2:80:f4:8f:c8:da:93:
                    f2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:83:24:02:A2:0A:21:36:21:49:10:9B:92:68:6D:E9:28:76:B6:CA
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2oMkAqIKITYhSRCbkmht6Sh2tso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.81.0-89.42.83.255

    Signature Algorithm: sha256WithRSAEncryption
         27:c6:54:3f:5b:50:19:d3:a9:ff:28:d3:00:18:e0:81:1b:27:
         56:d2:8b:b7:22:09:55:bd:6d:54:1c:cb:9c:df:aa:b0:f5:f5:
         20:7d:3b:15:e4:37:eb:5d:e1:04:d9:7e:fa:da:c4:4a:bb:ac:
         f4:6c:60:37:ba:9f:a8:c7:07:98:90:d3:9f:7a:4a:a0:f4:43:
         e4:cd:15:9a:9f:ad:2a:25:15:fe:8f:dd:ab:92:95:b3:fe:3b:
         66:a7:45:7a:ed:59:11:d2:b5:48:75:57:1f:14:95:56:0a:a5:
         f6:6a:66:79:56:88:c0:29:42:de:96:fc:21:6c:ea:33:b1:cf:
         95:8e:70:18:64:51:5e:ee:ca:d0:04:4a:07:ad:01:74:eb:63:
         b7:5b:e1:7a:e4:b7:44:6e:d2:f6:34:72:c6:5f:d5:61:8c:c0:
         5c:7b:65:ea:5c:a4:3b:7c:36:ee:07:36:72:e8:3e:dc:34:fe:
         cf:6b:8b:7f:74:c6:15:db:10:f8:f4:83:45:a3:2a:89:4b:1e:
         d6:68:91:5f:fd:cb:08:3b:e9:c6:a0:db:7f:ee:5e:d3:b3:83:
         fb:05:f9:f2:e5:4f:12:61:6d:e7:27:60:06:b1:ce:06:48:4b:
         5a:1d:c6:75:22:72:3a:84:6d:2e:26:bf:14:dd:f8:60:5e:d2:
         cd:a1:42:ea
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZhkZ24FX7UybetcWwXbNx7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwODAxMDY1MjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTgzMjQwMmEyMGEyMTM2MjE0OTEwOWI5MjY4NmRlOTI4NzZiNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhPs0njTBGHtdTcL2GBMgH+ud0NR
5FHPIkgjEBrKsK85SSlAGoYrCw2oGRgehjmRKbB4S7sKbZqoyjG+CHPdg3TvKpPl
yLkEBx2YT7lijawyLz84l1E8RBmp+CJSyBD9I+d5CWCUKEGIjR8gf9qXYypSMu1b
cMYS7bEa16pAGPDPkOZfXHjWIX2n41fStBy9jyJxZfoYmfudK1XvxcQtDFXvaiWF
dXYoBbbI4p19fDN59Av4+J9olJS2DYRkM4caAercencGTrx0oh0x7bYHDTKSy4y9
oJBExMaWQZUH6MIEcsQHiydXYXv6Po3cRtvyeYkSy6NpCcKA9I/I2pPyPQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNqDJAKiCiE2IUkQm5JobekodrbKMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvMm9Na0FxSUtJVFloU1JDYmttaHQ2U2gydHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZKlED
BAJZKlAwDQYJKoZIhvcNAQELBQADggEBACfGVD9bUBnTqf8o0wAY4IEbJ1bSi7ci
CVW9bVQcy5zfqrD19SB9OxXkN+td4QTZfvraxEq7rPRsYDe6n6jHB5iQ0596SqD0
Q+TNFZqfrSolFf6P3auSlbP+O2anRXrtWRHStUh1Vx8UlVYKpfZqZnlWiMApQt6W
/CFs6jOxz5WOcBhkUV7uytAESgetAXTrY7db4Xrkt0Ru0vY0csZf1WGMwFx7Zepc
pDt8Nu4HNnLoPtw0/s9ri390xhXbEPj0g0WjKolLHtZokV/9ywg76cag23/uXtOz
g/sF+fLlTxJhbecnYAaxzgZIS1odxnUicjqEbS4mvxTd+GBe0s2hQuo=
-----END CERTIFICATE-----