Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/FLuKUGBAJZK8GPA2i7Z_teORI7o.roa
File:                     FLuKUGBAJZK8GPA2i7Z_teORI7o.roa (raw, json)
Hash identifier:          EIfvGa1RePFd8Vz7EZAI4HZ8+QjItieHVlUkXwDbAB0=
Subject key identifier:   14:BB:8A:50:60:40:25:92:BC:18:F0:36:8B:B6:7F:B5:E3:91:23:BA
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019D71E0F0D6C81DFFE61FC5F0472B28883E
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/FLuKUGBAJZK8GPA2i7Z_teORI7o.roa
Signing time:             Thu 09 Apr 2026 10:54:20 +0000
ROA not before:           Thu 09 Apr 2026 10:54:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:e0:f0:d6:c8:1d:ff:e6:1f:c5:f0:47:2b:28:88:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr  9 10:54:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14bb8a5060402592bc18f0368bb67fb5e39123ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ab:85:2f:f5:31:1e:d8:24:2c:33:a8:23:03:
                    6a:04:f8:fb:3f:39:72:13:96:3c:27:00:23:f5:e4:
                    e8:37:84:20:3a:ff:4d:11:cd:d2:ba:72:9e:16:c7:
                    6c:19:31:9b:9d:d8:51:d8:7f:e5:e4:de:12:5e:a6:
                    0d:0a:02:1a:a7:c9:7d:34:0a:69:ce:78:59:2e:c3:
                    2d:1d:ec:2f:dd:74:5f:e7:3a:ff:8f:03:2a:0e:0a:
                    29:b3:18:82:98:f6:0f:a4:3d:4b:eb:3c:fd:8c:d5:
                    b4:4e:66:cc:ee:25:6e:2e:ca:ae:21:dd:da:90:b7:
                    b3:31:20:69:82:2e:56:36:fe:b2:f8:13:e5:49:0b:
                    0f:7e:ee:f3:08:42:19:3a:71:00:5a:d6:ff:4c:d7:
                    df:5c:0e:12:66:0f:8e:70:04:66:81:f9:62:40:ba:
                    5e:66:6b:a8:5f:61:00:cd:48:d6:23:97:b6:71:cb:
                    1d:eb:6b:34:d6:36:1f:3d:59:f0:4c:d8:1b:00:1a:
                    35:1a:f1:47:7d:54:54:a5:8f:08:41:c7:d2:43:25:
                    54:21:ee:e6:1a:eb:11:f2:a5:38:66:58:94:26:12:
                    a7:cc:8e:5a:f5:52:5c:8a:23:fb:0a:56:32:a6:e9:
                    06:76:db:f8:68:df:97:64:19:f8:07:bb:41:28:12:
                    8f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:BB:8A:50:60:40:25:92:BC:18:F0:36:8B:B6:7F:B5:E3:91:23:BA
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/FLuKUGBAJZK8GPA2i7Z_teORI7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:5b:8e:4b:1b:c8:91:91:74:19:ad:41:b1:82:01:eb:60:48:
         84:38:a5:4f:51:ac:f1:f9:ac:2d:be:f4:08:4a:71:72:70:91:
         76:f8:2f:63:93:1c:1e:6f:f9:c3:e2:00:cd:57:4c:ba:d1:ac:
         6c:2e:fe:0e:64:75:c4:6c:19:32:80:e6:31:9b:cb:ed:55:0a:
         63:e4:25:10:58:09:21:0c:0d:c8:be:64:77:b0:51:b0:da:c9:
         02:59:ae:13:c5:a3:ee:b4:e8:bb:32:2b:6d:9b:70:7f:02:26:
         ce:0a:8b:9c:9f:b7:28:f4:d1:ea:65:90:14:10:66:ed:ca:b6:
         38:fc:25:f9:7c:29:70:63:9c:50:aa:b9:db:61:14:88:cc:9d:
         41:83:c7:50:06:da:b3:d3:30:f9:5f:3e:84:ab:e8:66:35:b6:
         76:3c:63:f0:56:95:70:ab:38:e0:3c:f9:23:3a:06:4a:b6:9a:
         5d:42:8b:f4:0e:af:ee:b5:f7:01:41:55:5b:b5:5f:0e:1e:aa:
         ad:b5:e3:a8:ec:97:60:f3:57:02:b3:d9:84:3a:e0:d9:88:75:
         e9:16:74:d9:6f:73:e7:5d:a7:92:11:6b:3a:f6:a7:4c:9f:fd:
         0c:c6:20:f5:ba:8d:8d:e7:2a:4b:b0:55:78:e8:71:08:74:5b:
         61:99:1c:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1x4PDWyB3/5h/F8EcrKIg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNDA5MTA1NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGJiOGE1MDYwNDAyNTkyYmMxOGYwMzY4YmI2N2ZiNWUzOTEyM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6uFL/UxHtgkLDOoIwNqBPj7Pzly
E5Y8JwAj9eToN4QgOv9NEc3SunKeFsdsGTGbndhR2H/l5N4SXqYNCgIap8l9NApp
znhZLsMtHewv3XRf5zr/jwMqDgopsxiCmPYPpD1L6zz9jNW0TmbM7iVuLsquId3a
kLezMSBpgi5WNv6y+BPlSQsPfu7zCEIZOnEAWtb/TNffXA4SZg+OcARmgfliQLpe
ZmuoX2EAzUjWI5e2ccsd62s01jYfPVnwTNgbABo1GvFHfVRUpY8IQcfSQyVUIe7m
GusR8qU4ZliUJhKnzI5a9VJciiP7ClYypukGdtv4aN+XZBn4B7tBKBKPJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBS7ilBgQCWSvBjwNou2f7XjkSO6MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvRkx1S1VHQkFKWks4R1BBMmk3Wl90ZU9SSTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSpSMA0G
CSqGSIb3DQEBCwUAA4IBAQAjW45LG8iRkXQZrUGxggHrYEiEOKVPUazx+awtvvQI
SnFycJF2+C9jkxweb/nD4gDNV0y60axsLv4OZHXEbBkygOYxm8vtVQpj5CUQWAkh
DA3IvmR3sFGw2skCWa4TxaPutOi7Mittm3B/AibOCoucn7co9NHqZZAUEGbtyrY4
/CX5fClwY5xQqrnbYRSIzJ1Bg8dQBtqz0zD5Xz6Eq+hmNbZ2PGPwVpVwqzjgPPkj
OgZKtppdQov0Dq/utfcBQVVbtV8OHqqtteOo7Jdg81cCs9mEOuDZiHXpFnTZb3Pn
XaeSEWs69qdMn/0MxiD1uo2N5ypLsFV46HEIdFthmRyC
-----END CERTIFICATE-----