Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/d1da0S_Qs3kSwInes_WTLU5avig.roa
File:                     d1da0S_Qs3kSwInes_WTLU5avig.roa (raw, json)
Hash identifier:          7XoVzHetiNMwR1GmIZtMMDClku6cqyPzxWzBsF7v9Vk=
Subject key identifier:   77:57:5A:D1:2F:D0:B3:79:12:C0:89:DE:B3:F5:93:2D:4E:5A:BE:28
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019A25F8F27AA953C09CBF2A1FB9D64B6DA1
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/d1da0S_Qs3kSwInes_WTLU5avig.roa
Signing time:             Mon 27 Oct 2025 14:01:03 +0000
ROA not before:           Mon 27 Oct 2025 14:01:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204603
IP address blocks:        93.113.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:f8:f2:7a:a9:53:c0:9c:bf:2a:1f:b9:d6:4b:6d:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 27 14:01:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77575ad12fd0b37912c089deb3f5932d4e5abe28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:32:59:e6:09:f5:d9:a0:e9:67:48:74:f1:a6:
                    80:42:0b:35:74:68:81:6b:f0:c3:33:52:86:63:ef:
                    6b:24:14:8a:5c:7b:6b:43:e4:44:42:a5:89:f9:b2:
                    da:e0:2a:ec:f7:dc:e8:15:28:41:0e:52:8d:5f:4d:
                    5f:99:5a:47:d1:c3:22:66:ff:c4:29:95:83:a7:ac:
                    53:9d:af:51:2a:2c:7a:e0:7c:e7:60:92:67:6c:b3:
                    39:34:b6:c3:9a:42:c7:a6:1a:04:6f:e4:e0:46:f0:
                    2c:38:b9:ab:df:13:b2:fc:47:a3:a1:8f:a4:e5:de:
                    d0:69:5c:3d:4f:68:ca:81:e1:69:02:00:1f:12:00:
                    ce:c0:74:99:4d:5d:6d:9f:dd:8c:7b:98:c3:24:77:
                    b5:1d:eb:aa:63:57:3d:d8:45:e4:df:80:f4:b7:13:
                    67:a5:5c:61:af:72:bf:fa:42:7a:d3:27:46:82:35:
                    9f:72:41:d2:d3:1e:14:5f:b0:43:cc:b4:ca:a0:4c:
                    1a:4f:70:8b:1d:9d:b3:15:7e:c7:1a:0b:e3:d0:e1:
                    00:24:f9:ab:1a:7f:82:4a:76:67:38:81:87:3a:b3:
                    d9:24:f2:9f:8d:69:19:e6:03:8c:c1:c7:e8:26:af:
                    de:aa:d1:65:92:e6:dc:d8:d2:b0:10:34:59:29:83:
                    c3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:57:5A:D1:2F:D0:B3:79:12:C0:89:DE:B3:F5:93:2D:4E:5A:BE:28
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/d1da0S_Qs3kSwInes_WTLU5avig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:93:25:7a:4a:6f:fe:33:0c:51:78:7a:6a:c9:59:d9:bd:f0:
         16:6b:f7:c7:86:66:92:c5:87:16:d0:2e:40:b0:5a:2b:4b:11:
         37:ec:f0:2a:47:10:4d:37:30:4e:ca:3a:8b:e1:44:b2:4f:b0:
         9a:47:4c:d5:4b:50:49:16:6d:82:6c:f2:80:c1:3e:0f:79:1f:
         44:be:d4:2a:19:f4:a9:3f:ff:37:b9:2d:bc:c0:ef:2d:a2:35:
         9e:8e:67:af:f6:02:b3:c1:40:6a:b9:b6:76:02:41:36:5e:99:
         bc:67:a6:22:64:3d:96:66:87:f9:4c:ce:39:01:6a:1f:4e:49:
         76:c8:4e:4e:f8:b3:bc:c5:aa:d8:75:9c:59:df:2e:87:22:a5:
         a5:54:7b:e8:d7:08:d2:3d:85:b1:71:06:dc:ff:4b:27:41:c8:
         ab:81:eb:73:40:11:99:4f:23:56:f9:c8:40:de:f1:92:37:7f:
         c7:33:b8:1c:9b:9a:b3:4b:2a:3e:c9:c7:3d:a8:da:8f:22:7c:
         24:be:77:dc:18:a4:33:56:c1:f0:ed:e8:53:91:05:ed:21:9b:
         3b:0a:2b:ee:13:b3:4d:13:4b:33:99:d8:68:ba:e4:37:77:4d:
         10:99:2b:ca:34:fd:dd:21:1e:c4:cc:5a:5b:04:82:04:e7:c0:
         ff:cb:3b:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZol+PJ6qVPAnL8qH7nWS22hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUxMDI3MTQwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzU3NWFkMTJmZDBiMzc5MTJjMDg5ZGViM2Y1OTMyZDRlNWFiZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zJZ5gn12aDpZ0h08aaAQgs1dGiB
a/DDM1KGY+9rJBSKXHtrQ+REQqWJ+bLa4Crs99zoFShBDlKNX01fmVpH0cMiZv/E
KZWDp6xTna9RKix64HznYJJnbLM5NLbDmkLHphoEb+TgRvAsOLmr3xOy/EejoY+k
5d7QaVw9T2jKgeFpAgAfEgDOwHSZTV1tn92Me5jDJHe1HeuqY1c92EXk34D0txNn
pVxhr3K/+kJ60ydGgjWfckHS0x4UX7BDzLTKoEwaT3CLHZ2zFX7HGgvj0OEAJPmr
Gn+CSnZnOIGHOrPZJPKfjWkZ5gOMwcfoJq/eqtFlkubc2NKwEDRZKYPDsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdXWtEv0LN5EsCJ3rP1ky1OWr4oMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvZDFkYTBTX1FzM2tTd0luZXNfV1RMVTVhdmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXGzMA0G
CSqGSIb3DQEBCwUAA4IBAQARkyV6Sm/+MwxReHpqyVnZvfAWa/fHhmaSxYcW0C5A
sForSxE37PAqRxBNNzBOyjqL4USyT7CaR0zVS1BJFm2CbPKAwT4PeR9EvtQqGfSp
P/83uS28wO8tojWejmev9gKzwUBqubZ2AkE2Xpm8Z6YiZD2WZof5TM45AWofTkl2
yE5O+LO8xarYdZxZ3y6HIqWlVHvo1wjSPYWxcQbc/0snQcirgetzQBGZTyNW+chA
3vGSN3/HM7gcm5qzSyo+ycc9qNqPInwkvnfcGKQzVsHw7ehTkQXtIZs7CivuE7NN
E0szmdhouuQ3d00QmSvKNP3dIR7EzFpbBIIE58D/yzt8
-----END CERTIFICATE-----