Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TS9_7eIf6_4Z6SW2AjAu4QF3AtI.roa
File:                     TS9_7eIf6_4Z6SW2AjAu4QF3AtI.roa (raw, json)
Hash identifier:          CeQL3kOvmnbh5y/m9HfP0hGwqkeRMobkXRqCY6XP93A=
Subject key identifier:   4D:2F:7F:ED:E2:1F:EB:FE:19:E9:25:B6:02:30:2E:E1:01:77:02:D2
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019D665873E31A74A8933C4B58AB5DB7CC19
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TS9_7eIf6_4Z6SW2AjAu4QF3AtI.roa
Signing time:             Tue 07 Apr 2026 05:09:26 +0000
ROA not before:           Tue 07 Apr 2026 05:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     133150
IP address blocks:        89.33.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:66:58:73:e3:1a:74:a8:93:3c:4b:58:ab:5d:b7:cc:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr  7 05:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d2f7fede21febfe19e925b602302ee1017702d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9f:63:38:ab:c9:8a:1e:b0:be:d5:e3:39:bd:
                    01:f2:53:5c:5d:35:7c:75:07:cc:3e:8c:bf:7b:b6:
                    13:ea:5f:d8:dc:48:5c:d4:93:31:d5:a7:a6:b5:eb:
                    2b:93:18:0b:b4:79:da:45:8c:74:f6:7e:50:a5:7d:
                    9b:97:4c:11:37:1f:8a:1f:c7:59:23:ed:bb:b0:61:
                    ad:c7:62:46:20:6c:cb:5c:d7:a3:92:b3:f5:6d:4c:
                    ce:39:da:91:8f:09:80:67:4f:1a:77:e3:a4:c8:0e:
                    f2:ee:a2:02:4b:dc:b8:ee:41:fa:91:48:9d:c4:e8:
                    bf:69:57:42:c5:2a:1c:94:29:9a:fa:6b:a9:a6:60:
                    22:67:23:23:69:e3:8b:e0:56:a5:2c:bd:8a:2e:f9:
                    09:4d:dc:ae:a1:72:90:57:c7:77:22:2e:25:60:4d:
                    b5:ee:bb:c7:5a:18:0b:e9:52:b8:e3:f6:ed:a0:eb:
                    64:3b:32:51:96:2d:18:2c:57:b6:e7:e9:f9:c2:b5:
                    47:39:70:2a:1d:f6:92:4c:7c:01:b0:e6:4e:8b:5b:
                    22:40:dc:c1:c0:34:fc:76:66:53:d9:40:01:3a:41:
                    28:30:10:b6:9e:54:0e:2b:8e:8c:03:b8:c2:c5:9d:
                    4c:8d:8c:0c:09:12:b6:8c:60:b2:a0:de:c8:16:b4:
                    df:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:2F:7F:ED:E2:1F:EB:FE:19:E9:25:B6:02:30:2E:E1:01:77:02:D2
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TS9_7eIf6_4Z6SW2AjAu4QF3AtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:24:18:5a:ee:7c:9f:9e:d0:99:3f:45:ae:eb:5f:35:64:67:
         01:0c:b7:13:6f:14:42:66:41:7a:84:55:0a:b9:bf:01:71:3e:
         97:f2:61:60:c6:d9:9c:f8:be:95:5d:a6:8e:60:cb:56:d7:10:
         44:f8:81:11:b1:24:71:3f:f1:66:a2:90:60:e7:4f:15:da:28:
         6f:83:4b:a0:4f:1c:97:66:71:0f:4e:95:bf:d2:5c:b7:c0:aa:
         4c:aa:0f:d9:97:c7:03:96:99:a2:ca:b5:29:70:68:12:2e:3e:
         db:24:c8:1d:61:68:d3:b2:c6:39:99:eb:5a:83:e0:85:3d:87:
         51:8b:1b:3e:d1:c7:d2:f1:2f:fc:47:24:78:ab:bf:e2:c2:a2:
         72:71:c2:89:dd:de:df:06:85:21:0f:80:74:7f:c9:2d:d7:a8:
         3b:58:7f:53:73:15:48:ab:0f:bd:a3:2c:5a:52:c9:35:58:cd:
         19:7a:1f:ec:54:78:60:c2:04:d5:a1:fa:18:21:71:31:a8:f6:
         7e:af:72:06:18:7b:c7:13:87:5f:d9:ce:e4:4d:ea:1a:cb:6a:
         69:67:8b:1e:35:67:49:51:70:eb:1b:fe:13:20:0c:b6:dc:94:
         c3:dd:1d:e5:2b:1b:a1:a1:65:55:e5:64:08:ec:3f:13:8c:3d:
         90:3d:23:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1mWHPjGnSokzxLWKtdt8wZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNDA3MDUwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDJmN2ZlZGUyMWZlYmZlMTllOTI1YjYwMjMwMmVlMTAxNzcwMmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr59jOKvJih6wvtXjOb0B8lNcXTV8
dQfMPoy/e7YT6l/Y3Ehc1JMx1aemtesrkxgLtHnaRYx09n5QpX2bl0wRNx+KH8dZ
I+27sGGtx2JGIGzLXNejkrP1bUzOOdqRjwmAZ08ad+OkyA7y7qICS9y47kH6kUid
xOi/aVdCxSoclCma+muppmAiZyMjaeOL4FalLL2KLvkJTdyuoXKQV8d3Ii4lYE21
7rvHWhgL6VK44/btoOtkOzJRli0YLFe25+n5wrVHOXAqHfaSTHwBsOZOi1siQNzB
wDT8dmZT2UABOkEoMBC2nlQOK46MA7jCxZ1MjYwMCRK2jGCyoN7IFrTfvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0vf+3iH+v+GekltgIwLuEBdwLSMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvVFM5XzdlSWY2XzRaNlNXMkFqQXU0UUYzQXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSEMMA0G
CSqGSIb3DQEBCwUAA4IBAQB1JBha7nyfntCZP0Wu6181ZGcBDLcTbxRCZkF6hFUK
ub8BcT6X8mFgxtmc+L6VXaaOYMtW1xBE+IERsSRxP/FmopBg508V2ihvg0ugTxyX
ZnEPTpW/0ly3wKpMqg/Zl8cDlpmiyrUpcGgSLj7bJMgdYWjTssY5metag+CFPYdR
ixs+0cfS8S/8RyR4q7/iwqJyccKJ3d7fBoUhD4B0f8kt16g7WH9TcxVIqw+9oyxa
Usk1WM0Zeh/sVHhgwgTVofoYIXExqPZ+r3IGGHvHE4df2c7kTeoay2ppZ4seNWdJ
UXDrG/4TIAy23JTD3R3lKxuhoWVV5WQI7D8TjD2QPSPE
-----END CERTIFICATE-----