Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/e_JAL29KijNf9cdsFGOVG4_dhS8.roa
File:                     e_JAL29KijNf9cdsFGOVG4_dhS8.roa (raw, json)
Hash identifier:          6H/IyhlqkrxvIlSNJ3m+5QJuBnkU5fHJTsmpxdRoX3c=
Subject key identifier:   7B:F2:40:2F:6F:4A:8A:33:5F:F5:C7:6C:14:63:95:1B:8F:DD:85:2F
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019876111B50E0D50327498FB61848901D03
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/e_JAL29KijNf9cdsFGOVG4_dhS8.roa
Signing time:             Mon 04 Aug 2025 17:11:29 +0000
ROA not before:           Mon 04 Aug 2025 17:11:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23
                          89.47.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:76:11:1b:50:e0:d5:03:27:49:8f:b6:18:48:90:1d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Aug  4 17:11:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bf2402f6f4a8a335ff5c76c1463951b8fdd852f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0a:3b:fe:aa:55:a3:b9:0a:07:b9:ba:cd:54:
                    e3:bc:e1:4c:ce:df:17:19:96:70:2a:40:10:0a:9a:
                    a1:aa:e7:31:c9:26:50:52:8a:64:af:e7:37:7a:7a:
                    ef:84:0e:33:71:69:bb:f0:26:c6:94:88:a7:e5:62:
                    23:c8:74:06:a9:22:13:35:97:ac:a3:db:be:11:5a:
                    b0:81:52:23:5b:38:a1:00:a3:45:4c:3b:46:f0:4c:
                    2c:69:4a:b5:37:cd:67:b9:ec:46:55:08:57:26:4f:
                    2e:fc:ae:be:db:2b:62:8c:27:cf:ec:fc:60:2a:ca:
                    ad:b1:04:c3:c9:1d:f4:e3:cc:ac:cb:fd:5d:7b:b8:
                    7d:3d:77:92:56:eb:35:2e:7f:3d:18:d5:54:42:dc:
                    71:3a:85:53:e7:f2:59:d8:29:8f:5a:fe:7c:89:e3:
                    a8:e1:bc:0d:4d:b9:4d:63:67:15:a2:98:4e:a6:f2:
                    43:11:83:b5:de:20:79:78:b8:0e:c3:23:e2:aa:60:
                    87:dc:e1:49:92:49:ae:fa:a7:a2:d2:f1:f1:01:1e:
                    8c:51:44:c7:a2:af:9b:bf:a6:27:01:b6:85:d2:5a:
                    72:d1:9f:5c:5c:a7:ea:7a:25:fb:44:3c:89:47:bd:
                    18:9e:7b:91:df:65:ef:13:fe:21:55:8c:06:41:82:
                    b6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:F2:40:2F:6F:4A:8A:33:5F:F5:C7:6C:14:63:95:1B:8F:DD:85:2F
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/e_JAL29KijNf9cdsFGOVG4_dhS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.81.0-89.42.83.255
                  89.47.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:42:96:c6:fb:2b:53:b9:d0:6f:c8:29:02:9b:4e:06:26:42:
         a3:bc:7f:6b:cb:9c:63:22:5a:de:29:cf:5e:e5:5e:82:11:e8:
         29:46:c5:02:1b:2f:a3:8e:5f:e2:63:fe:9b:1c:fa:7c:26:72:
         c7:7a:40:d7:6f:59:1b:bc:f6:fc:da:b3:4f:ce:d4:56:91:bc:
         ff:5e:a0:34:23:59:10:8f:cd:88:9d:36:6b:a3:24:ee:e9:bf:
         d5:b4:fe:90:6c:6b:b9:7f:74:1e:ca:d3:30:7c:6d:99:8d:86:
         53:a2:6a:0b:69:1b:fb:f8:b6:68:9f:2e:e3:72:bc:9d:2b:a5:
         0a:4d:42:a7:f2:13:5f:44:b0:a4:df:32:c9:1c:ca:72:16:40:
         33:54:53:6c:e6:64:9f:fc:52:85:bc:be:dc:66:ca:88:2c:15:
         0d:3d:39:1f:5b:6a:3f:2d:c7:87:9d:18:aa:80:e1:44:5d:08:
         4f:4a:80:df:96:76:40:ed:ec:d0:d3:f2:13:af:ee:bd:72:d3:
         10:2b:79:4f:dd:02:ff:23:7e:6b:e7:8d:a4:36:75:7c:a0:c8:
         d5:a4:b6:08:29:17:95:17:38:d2:9f:4f:0b:73:fc:fe:bb:c6:
         94:40:8a:1b:73:d1:bb:c2:02:4c:84:19:7c:5c:91:eb:22:c6:
         50:9d:2f:85
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZh2ERtQ4NUDJ0mPthhIkB0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwODA0MTcxMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmYyNDAyZjZmNGE4YTMzNWZmNWM3NmMxNDYzOTUxYjhmZGQ4NTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAo7/qpVo7kKB7m6zVTjvOFMzt8X
GZZwKkAQCpqhqucxySZQUopkr+c3enrvhA4zcWm78CbGlIin5WIjyHQGqSITNZes
o9u+EVqwgVIjWzihAKNFTDtG8EwsaUq1N81nuexGVQhXJk8u/K6+2ytijCfP7Pxg
KsqtsQTDyR3048ysy/1de7h9PXeSVus1Ln89GNVUQtxxOoVT5/JZ2CmPWv58ieOo
4bwNTblNY2cVophOpvJDEYO13iB5eLgOwyPiqmCH3OFJkkmu+qei0vHxAR6MUUTH
oq+bv6YnAbaF0lpy0Z9cXKfqeiX7RDyJR70YnnuR32XvE/4hVYwGQYK2BwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHvyQC9vSoozX/XHbBRjlRuP3YUvMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvZV9KQUwyOUtpak5mOWNkc0ZHT1ZHNF9kaFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABZKlED
BAJZKlADBABZL2QwDQYJKoZIhvcNAQELBQADggEBAEZClsb7K1O50G/IKQKbTgYm
QqO8f2vLnGMiWt4pz17lXoIR6ClGxQIbL6OOX+Jj/psc+nwmcsd6QNdvWRu89vza
s0/O1FaRvP9eoDQjWRCPzYidNmujJO7pv9W0/pBsa7l/dB7K0zB8bZmNhlOiagtp
G/v4tmifLuNyvJ0rpQpNQqfyE19EsKTfMskcynIWQDNUU2zmZJ/8UoW8vtxmyogs
FQ09OR9baj8tx4edGKqA4URdCE9KgN+WdkDt7NDT8hOv7r1y0xAreU/dAv8jfmvn
jaQ2dXygyNWktggpF5UXONKfTwtz/P67xpRAihtz0bvCAkyEGXxckesixlCdL4U=
-----END CERTIFICATE-----