Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/I80j-_zEqKsXH99ur7VIXbGeOSc.roa
File:                     I80j-_zEqKsXH99ur7VIXbGeOSc.roa (raw, json)
Hash identifier:          sVCeiuo0Y4wzWcj6cPjMNlhp6bo2eVVTcH3iXvgMXh4=
Subject key identifier:   23:CD:23:FB:FC:C4:A8:AB:17:1F:DF:6E:AF:B5:48:5D:B1:9E:39:27
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019675E73C01BCFE90424FE096800A9FE15C
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/I80j-_zEqKsXH99ur7VIXbGeOSc.roa
Signing time:             Sun 27 Apr 2025 06:20:10 +0000
ROA not before:           Sun 27 Apr 2025 06:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        89.47.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:75:e7:3c:01:bc:fe:90:42:4f:e0:96:80:0a:9f:e1:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr 27 06:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23cd23fbfcc4a8ab171fdf6eafb5485db19e3927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:82:35:45:e8:3e:eb:32:04:e4:d7:16:7d:46:
                    45:79:2f:50:7e:16:67:74:19:8e:d5:bc:28:a1:61:
                    c4:c5:e9:8c:f3:af:f7:db:54:f0:c8:24:b1:00:ac:
                    ae:28:e6:0a:9d:19:2e:e8:ec:70:56:0d:16:ba:5a:
                    e6:75:f2:4a:b8:5b:ef:af:f9:27:a6:38:6d:8c:be:
                    4d:08:3e:20:8e:54:d0:99:4f:80:d8:2a:9a:97:fd:
                    6e:fe:36:ca:30:b4:e0:fb:d0:3d:1d:ad:34:e2:36:
                    b0:da:1a:1b:7a:a4:7c:d7:77:8d:f1:0f:ef:13:8b:
                    70:c7:e5:36:94:27:40:6f:2d:71:a0:04:39:eb:fc:
                    65:c6:4e:89:9a:bc:0d:31:6e:29:44:b4:12:35:93:
                    a7:f0:d5:f8:68:7a:35:79:0f:45:40:d8:c2:16:8c:
                    7a:3d:d6:8e:0c:38:76:01:3e:e4:71:67:e5:7c:a7:
                    57:53:00:bf:7e:e7:bb:2c:79:b2:ca:cb:72:5e:8a:
                    9b:67:60:87:67:b1:94:b2:85:88:e6:f1:20:b9:6e:
                    ab:65:31:c8:35:58:99:a4:fc:36:44:55:88:d9:fb:
                    a3:27:38:0c:a6:72:67:b8:ad:c2:b3:b2:ad:26:b9:
                    56:2e:4f:2e:4e:fa:c2:d0:8d:f4:63:91:09:9a:f0:
                    4a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:CD:23:FB:FC:C4:A8:AB:17:1F:DF:6E:AF:B5:48:5D:B1:9E:39:27
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/I80j-_zEqKsXH99ur7VIXbGeOSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:35:7a:1b:ab:c7:30:cf:31:ce:05:60:dd:e0:7a:e5:2b:37:
         b3:a9:a1:7f:a7:17:75:d1:57:8f:61:e1:4a:17:71:16:27:69:
         27:69:44:9d:c3:fd:aa:84:bc:e6:0f:4d:b6:77:6d:e6:23:f1:
         a8:09:46:40:37:9c:a1:61:10:66:5e:2d:77:e5:9e:40:30:1d:
         59:d4:99:d1:a3:55:96:e1:81:cf:f4:a9:ae:41:77:b7:3f:9b:
         47:cd:09:75:94:b4:e0:3c:9e:17:d4:96:9b:b2:6c:39:81:53:
         39:ba:4e:55:8e:9a:eb:09:34:da:1c:70:9a:6c:ef:e3:8f:e9:
         05:46:b5:24:fa:0a:3d:7f:3a:8c:f3:45:24:ee:a6:73:f6:64:
         e4:22:c7:c4:95:ad:14:2c:fd:e4:7f:d5:02:ac:5d:52:d0:d4:
         67:32:ec:e7:a6:59:29:ff:f1:98:40:e2:f6:d9:3e:c2:5e:18:
         84:e4:1b:8e:c0:dc:f9:58:eb:44:f2:26:b6:e0:e2:1f:ae:b9:
         3d:41:70:e9:a1:a7:1c:e5:9f:32:07:d6:7d:7c:fe:50:5c:12:
         3b:e1:16:20:de:bc:e5:7c:a5:4f:f0:5f:e4:50:c7:e7:8b:12:
         9d:45:3b:aa:77:ac:e0:54:49:40:97:f3:7c:90:39:2d:9f:73:
         b7:3c:53:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ15zwBvP6QQk/gloAKn+FcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwNDI3MDYyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2NkMjNmYmZjYzRhOGFiMTcxZmRmNmVhZmI1NDg1ZGIxOWUzOTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYI1Reg+6zIE5NcWfUZFeS9QfhZn
dBmO1bwooWHExemM86/321TwyCSxAKyuKOYKnRku6OxwVg0WulrmdfJKuFvvr/kn
pjhtjL5NCD4gjlTQmU+A2Cqal/1u/jbKMLTg+9A9Ha004jaw2hobeqR813eN8Q/v
E4twx+U2lCdAby1xoAQ56/xlxk6JmrwNMW4pRLQSNZOn8NX4aHo1eQ9FQNjCFox6
PdaODDh2AT7kcWflfKdXUwC/fue7LHmyystyXoqbZ2CHZ7GUsoWI5vEguW6rZTHI
NViZpPw2RFWI2fujJzgMpnJnuK3Cs7KtJrlWLk8uTvrC0I30Y5EJmvBKCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPNI/v8xKirFx/fbq+1SF2xnjknMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSTgwai1fekVxS3NYSDk5dXI3VklYYkdlT1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS9kMA0G
CSqGSIb3DQEBCwUAA4IBAQAjNXobq8cwzzHOBWDd4HrlKzezqaF/pxd10VePYeFK
F3EWJ2knaUSdw/2qhLzmD022d23mI/GoCUZAN5yhYRBmXi135Z5AMB1Z1JnRo1WW
4YHP9KmuQXe3P5tHzQl1lLTgPJ4X1Jabsmw5gVM5uk5VjprrCTTaHHCabO/jj+kF
RrUk+go9fzqM80Uk7qZz9mTkIsfEla0ULP3kf9UCrF1S0NRnMuznplkp//GYQOL2
2T7CXhiE5BuOwNz5WOtE8ia24OIfrrk9QXDpoacc5Z8yB9Z9fP5QXBI74RYg3rzl
fKVP8F/kUMfnixKdRTuqd6zgVElAl/N8kDktn3O3PFN3
-----END CERTIFICATE-----