Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/34Go47Jiaka6rTYwv3ql1pJGxoc.roa
File:                     34Go47Jiaka6rTYwv3ql1pJGxoc.roa (raw, json)
Hash identifier:          HOzNbcT62kC5xi2Ab1YMi7QD87eSUvISa5TD3IWKrmI=
Subject key identifier:   DF:81:A8:E3:B2:62:6A:46:BA:AD:36:30:BF:7A:A5:D6:92:46:C6:87
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019D68FA32157B6FD2AD2D0515E510EDAB42
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/34Go47Jiaka6rTYwv3ql1pJGxoc.roa
Signing time:             Tue 07 Apr 2026 17:25:20 +0000
ROA not before:           Tue 07 Apr 2026 17:25:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        89.47.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:fa:32:15:7b:6f:d2:ad:2d:05:15:e5:10:ed:ab:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr  7 17:25:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df81a8e3b2626a46baad3630bf7aa5d69246c687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d4:3e:70:62:75:94:3e:cb:cf:79:23:56:b8:
                    c3:ad:ea:10:5a:7c:91:9e:71:6b:65:51:b2:70:e2:
                    ba:e6:30:a1:cc:c5:e4:06:01:58:f2:1b:1f:4d:15:
                    4c:02:fd:0d:93:ed:e6:d2:cd:c9:c4:3b:83:8a:89:
                    b3:5d:cb:80:0d:55:52:cf:9b:fc:21:39:71:46:76:
                    b4:a0:28:a6:4c:b5:c1:42:cc:cf:77:aa:8f:87:4c:
                    19:98:10:3f:1b:11:9f:2e:24:ec:4a:73:93:4d:88:
                    47:75:05:1a:61:dd:5f:1b:64:e6:90:f2:05:55:bf:
                    a1:7d:fa:fe:01:8c:3d:15:f5:29:18:b9:3e:0e:c6:
                    da:d0:37:5b:f3:9c:63:d8:4a:36:e2:91:07:79:66:
                    1a:3e:16:ab:a0:8d:17:8e:83:d2:18:72:78:44:a5:
                    ee:38:7e:a1:12:dc:4e:1e:66:d0:18:36:99:81:1d:
                    13:0c:75:f1:53:d9:8b:9f:73:68:a0:2f:f0:9a:32:
                    02:90:5f:6c:8f:c7:c1:c0:6c:42:62:af:7d:e3:6f:
                    6d:fa:97:1d:c2:5b:89:59:46:0a:aa:8d:06:98:3b:
                    75:65:7c:ff:97:8a:d4:6a:dc:fe:ff:bb:b1:b3:94:
                    0f:2e:56:ca:0c:57:19:07:a6:c6:3f:2a:86:91:2b:
                    d5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:81:A8:E3:B2:62:6A:46:BA:AD:36:30:BF:7A:A5:D6:92:46:C6:87
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/34Go47Jiaka6rTYwv3ql1pJGxoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:59:e7:d7:0a:d7:24:9d:05:cd:24:a7:f4:dd:41:09:91:cc:
         df:87:bc:d4:90:f4:e7:50:e6:bf:26:c4:67:92:3d:a2:bf:93:
         37:3b:94:33:b3:3f:df:2a:47:66:eb:32:ba:08:b6:63:1a:9d:
         dc:4a:20:54:b8:b6:1d:bc:ec:a6:47:21:af:57:f9:fc:ee:78:
         8c:8e:ae:c8:ec:c2:f8:d4:28:66:1e:62:97:79:de:79:a4:bc:
         33:0f:a9:2b:02:56:ec:6d:e0:ab:44:df:bf:61:9b:41:f1:2e:
         54:70:2c:f1:a2:17:8d:31:7f:b4:ad:34:7f:30:70:ef:fc:8e:
         9c:21:c0:22:26:66:77:f0:89:00:9e:36:8a:03:02:76:b6:e9:
         a5:47:39:44:b6:c2:f8:02:91:22:d0:16:3a:0b:46:43:64:67:
         fe:91:a5:7c:c2:3a:5a:fa:72:d8:86:44:6f:1a:24:d1:58:0b:
         98:e4:f4:a0:1c:51:67:c1:7f:47:e2:1e:e1:4e:04:d2:5d:9f:
         8a:71:65:70:7b:d4:e3:02:41:fb:d8:17:4d:97:87:93:65:f3:
         85:e1:df:a6:94:3a:02:58:23:56:64:f2:93:9f:fa:e6:8e:44:
         c0:1a:8e:c0:8b:c7:df:e4:5e:9e:f2:d0:35:e9:80:bc:ef:82:
         69:f4:95:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1o+jIVe2/SrS0FFeUQ7atCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNDA3MTcyNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjgxYThlM2IyNjI2YTQ2YmFhZDM2MzBiZjdhYTVkNjkyNDZjNjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9Q+cGJ1lD7Lz3kjVrjDreoQWnyR
nnFrZVGycOK65jChzMXkBgFY8hsfTRVMAv0Nk+3m0s3JxDuDiomzXcuADVVSz5v8
ITlxRna0oCimTLXBQszPd6qPh0wZmBA/GxGfLiTsSnOTTYhHdQUaYd1fG2TmkPIF
Vb+hffr+AYw9FfUpGLk+Dsba0Ddb85xj2Eo24pEHeWYaPharoI0XjoPSGHJ4RKXu
OH6hEtxOHmbQGDaZgR0TDHXxU9mLn3NooC/wmjICkF9sj8fBwGxCYq99429t+pcd
wluJWUYKqo0GmDt1ZXz/l4rUatz+/7uxs5QPLlbKDFcZB6bGPyqGkSvV5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+BqOOyYmpGuq02ML96pdaSRsaHMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvMzRHbzQ3Smlha2E2clRZd3YzcWwxcEpHeG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS92MA0G
CSqGSIb3DQEBCwUAA4IBAQBkWefXCtcknQXNJKf03UEJkczfh7zUkPTnUOa/JsRn
kj2iv5M3O5Qzsz/fKkdm6zK6CLZjGp3cSiBUuLYdvOymRyGvV/n87niMjq7I7ML4
1ChmHmKXed55pLwzD6krAlbsbeCrRN+/YZtB8S5UcCzxoheNMX+0rTR/MHDv/I6c
IcAiJmZ38IkAnjaKAwJ2tumlRzlEtsL4ApEi0BY6C0ZDZGf+kaV8wjpa+nLYhkRv
GiTRWAuY5PSgHFFnwX9H4h7hTgTSXZ+KcWVwe9TjAkH72BdNl4eTZfOF4d+mlDoC
WCNWZPKTn/rmjkTAGo7Ai8ff5F6e8tA16YC874Jp9JWX
-----END CERTIFICATE-----