Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/gmk72pD6t5peENTZFXpdAAh6GM8.roa
File:                     gmk72pD6t5peENTZFXpdAAh6GM8.roa (raw, json)
Hash identifier:          FAkJ9mlRAS3dsDG1CPo6oRPH/WzT9XhqwRUUCy1nrdA=
Subject key identifier:   82:69:3B:DA:90:FA:B7:9A:5E:10:D4:D9:15:7A:5D:00:08:7A:18:CF
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019EBA986C7B3B27361F62AB1D912D4E085F
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/gmk72pD6t5peENTZFXpdAAh6GM8.roa
Signing time:             Fri 12 Jun 2026 06:50:11 +0000
ROA not before:           Fri 12 Jun 2026 06:50:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        89.47.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:98:6c:7b:3b:27:36:1f:62:ab:1d:91:2d:4e:08:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jun 12 06:50:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82693bda90fab79a5e10d4d9157a5d00087a18cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c9:4d:75:d8:53:0f:f9:06:2f:de:28:08:e6:
                    b2:41:62:c1:b0:51:cf:2c:1e:a8:5e:35:68:04:86:
                    07:34:ec:95:ff:10:3d:20:ad:aa:2a:61:6e:56:0a:
                    9d:57:84:e1:b7:63:1a:b3:62:d1:b1:bd:e0:df:b6:
                    d9:00:bb:02:b5:6f:5e:7b:42:ce:66:24:ff:d4:92:
                    89:94:08:04:5f:cd:9e:81:4d:ae:99:82:56:26:04:
                    1d:70:aa:cc:73:c2:42:e7:2d:ba:57:ad:38:f7:ff:
                    cc:34:45:f2:73:1b:5b:e2:f4:d4:f6:49:18:94:68:
                    87:7e:07:14:b8:22:81:7a:be:77:22:5c:a6:53:f2:
                    98:e3:65:47:ca:d7:ee:60:08:75:8b:09:c3:ba:f2:
                    45:fe:d1:d3:40:15:7f:92:fa:d6:dc:b0:13:89:47:
                    68:e4:19:e9:ef:f3:b7:2b:01:79:87:e7:ef:95:6f:
                    62:c3:78:8b:77:11:01:9b:1b:5a:0c:00:79:f8:c5:
                    92:68:a7:f3:44:9e:67:31:70:3a:d1:5a:64:ef:db:
                    5a:12:ea:c5:6d:c4:31:4c:a6:46:43:2e:83:4c:b8:
                    14:0d:45:db:96:ad:9d:83:91:f4:b9:c0:06:80:ac:
                    1f:bd:00:a3:d4:fd:21:16:d3:d9:70:45:18:7f:6f:
                    47:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:69:3B:DA:90:FA:B7:9A:5E:10:D4:D9:15:7A:5D:00:08:7A:18:CF
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/gmk72pD6t5peENTZFXpdAAh6GM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:31:4a:a9:31:5e:70:4d:09:f7:51:3d:48:b0:93:b4:db:65:
         e1:9a:e6:60:9d:9b:20:33:b7:8b:c1:69:97:89:aa:b9:b4:cc:
         50:ee:b5:90:4b:f2:1c:62:85:16:9d:52:94:d5:72:37:e6:07:
         81:25:a7:6f:40:66:a9:ab:10:f6:4c:98:3d:20:a9:fe:82:a4:
         71:6e:95:ff:c6:46:93:bf:ec:c7:de:b5:ec:b6:87:93:c0:34:
         15:8e:99:fd:01:c2:05:7e:75:15:c3:6e:a9:a3:69:76:9d:a5:
         cb:35:fb:d1:17:de:57:5d:3f:a6:03:d9:20:bb:90:b5:da:4c:
         c6:b3:1e:68:64:84:dc:fa:29:cb:b2:4d:12:ae:64:e3:9f:66:
         4b:0f:3b:e6:13:8c:26:07:92:c9:14:3e:28:64:da:bf:d6:93:
         15:c7:11:51:46:05:65:f6:21:7f:65:f7:79:ab:3b:03:4e:24:
         ad:7d:dd:a0:12:c6:1c:17:bb:f5:94:9f:dc:52:d3:7c:12:63:
         0b:7d:ab:14:2c:9d:11:53:e3:8c:ac:0c:7a:6c:e8:57:a1:51:
         51:eb:61:7a:a6:67:57:f4:eb:52:22:43:11:b2:43:34:b7:46:
         cd:12:3f:78:5d:44:ca:cc:36:cb:d4:69:12:94:d1:eb:c7:0e:
         fe:fc:90:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ66mGx7Oyc2H2KrHZEtTghfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNjEyMDY1MDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjY5M2JkYTkwZmFiNzlhNWUxMGQ0ZDkxNTdhNWQwMDA4N2ExOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvclNddhTD/kGL94oCOayQWLBsFHP
LB6oXjVoBIYHNOyV/xA9IK2qKmFuVgqdV4Tht2Mas2LRsb3g37bZALsCtW9ee0LO
ZiT/1JKJlAgEX82egU2umYJWJgQdcKrMc8JC5y26V6049//MNEXycxtb4vTU9kkY
lGiHfgcUuCKBer53IlymU/KY42VHytfuYAh1iwnDuvJF/tHTQBV/kvrW3LATiUdo
5Bnp7/O3KwF5h+fvlW9iw3iLdxEBmxtaDAB5+MWSaKfzRJ5nMXA60Vpk79taEurF
bcQxTKZGQy6DTLgUDUXblq2dg5H0ucAGgKwfvQCj1P0hFtPZcEUYf29HCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJpO9qQ+reaXhDU2RV6XQAIehjPMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvZ21rNzJwRDZ0NXBlRU5UWkZYcGRBQWg2R004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS92MA0G
CSqGSIb3DQEBCwUAA4IBAQASMUqpMV5wTQn3UT1IsJO022XhmuZgnZsgM7eLwWmX
iaq5tMxQ7rWQS/IcYoUWnVKU1XI35geBJadvQGapqxD2TJg9IKn+gqRxbpX/xkaT
v+zH3rXstoeTwDQVjpn9AcIFfnUVw26po2l2naXLNfvRF95XXT+mA9kgu5C12kzG
sx5oZITc+inLsk0SrmTjn2ZLDzvmE4wmB5LJFD4oZNq/1pMVxxFRRgVl9iF/Zfd5
qzsDTiStfd2gEsYcF7v1lJ/cUtN8EmMLfasULJ0RU+OMrAx6bOhXoVFR62F6pmdX
9OtSIkMRskM0t0bNEj94XUTKzDbL1GkSlNHrxw7+/JD5
-----END CERTIFICATE-----