Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/oi24D1ir2zsQhvmMzR14Aa3WPcI.roa
File:                     oi24D1ir2zsQhvmMzR14Aa3WPcI.roa (raw, json)
Hash identifier:          BTLCEa/cwCzDeXwdKjn6iFoTYP4vATIlG90UPhB5pgk=
Subject key identifier:   A2:2D:B8:0F:58:AB:DB:3B:10:86:F9:8C:CD:1D:78:01:AD:D6:3D:C2
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019D71E0F15E492C720B22D41F900E4B3CEB
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/oi24D1ir2zsQhvmMzR14Aa3WPcI.roa
Signing time:             Thu 09 Apr 2026 10:54:20 +0000
ROA not before:           Thu 09 Apr 2026 10:54:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        89.42.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:e0:f1:5e:49:2c:72:0b:22:d4:1f:90:0e:4b:3c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr  9 10:54:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a22db80f58abdb3b1086f98ccd1d7801add63dc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:78:e2:c6:7e:40:cd:09:e0:28:a5:98:b5:6d:
                    34:ec:b9:28:22:1d:74:5a:17:66:37:58:56:95:3f:
                    a1:c5:89:29:83:6e:3e:8d:5d:ff:e4:bd:13:1a:04:
                    7b:16:5a:8d:88:60:47:4d:7f:98:45:2a:fd:fd:1f:
                    07:1b:1a:b4:4e:5e:df:74:18:ad:6f:a9:a2:c4:a8:
                    ce:e0:b6:61:52:96:2f:cf:41:84:68:a5:79:c4:08:
                    64:18:0b:eb:b8:e8:33:a8:c8:16:7e:50:dd:29:08:
                    b2:f3:05:04:28:f8:63:d4:62:2d:4c:f7:61:16:40:
                    0e:eb:86:aa:85:dc:0f:29:96:b6:cb:44:f8:2e:26:
                    0d:b7:a8:f5:b1:a7:5f:90:7f:40:d8:3f:ea:2f:fb:
                    16:2a:21:cb:49:01:b1:d1:68:df:82:bc:86:15:75:
                    07:81:70:50:14:57:03:06:5d:ca:90:f3:e9:f5:fc:
                    e3:bd:b9:90:0d:2a:b4:27:f0:fe:2c:8c:2f:d4:e2:
                    f8:a6:8b:55:5f:95:6a:7a:db:6f:d0:e3:bc:a9:1d:
                    59:28:9e:90:e1:d2:6f:99:1a:14:20:7e:d6:d6:53:
                    86:25:3e:28:e8:7a:af:c3:4a:f6:f1:6c:25:70:fb:
                    0c:7e:f8:0a:b4:8e:0c:b3:f2:f8:f4:e6:7f:f3:63:
                    01:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:2D:B8:0F:58:AB:DB:3B:10:86:F9:8C:CD:1D:78:01:AD:D6:3D:C2
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/oi24D1ir2zsQhvmMzR14Aa3WPcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:3f:86:34:36:10:63:6d:d8:50:5b:ab:40:7d:07:cd:07:41:
         83:7b:5e:e9:60:a3:db:dc:aa:da:83:36:0e:79:07:b5:dd:6d:
         4b:ef:71:85:ba:5d:64:e6:34:a1:71:d1:2f:b9:1b:fa:06:12:
         63:f5:6e:d3:5d:49:65:79:e8:ae:b3:48:b3:51:27:13:0d:c2:
         5b:ea:67:53:e6:08:24:87:86:17:ab:aa:aa:c8:c3:1b:cc:ef:
         66:5d:54:14:16:7a:f9:03:c1:ad:1f:c0:09:58:a6:04:31:21:
         dc:8e:67:fe:bf:94:fe:11:d5:e1:40:be:f0:d8:26:d5:66:bb:
         44:18:a3:9a:54:5a:25:f9:0b:b4:9d:81:02:fc:ef:7e:24:d0:
         ef:5b:84:4d:9e:12:8d:2c:65:98:38:a0:df:2f:e6:cd:8a:0d:
         5f:6c:c2:bc:3e:36:28:90:9b:86:4a:cf:75:75:10:a3:d4:e9:
         d0:7c:92:9c:bf:c7:85:d1:e1:34:ec:b9:8e:57:11:f8:28:61:
         9c:88:e1:e5:fe:ec:06:60:3e:53:f2:0b:4c:0c:32:71:19:6d:
         c7:10:b1:40:5c:99:c5:bb:c5:8e:c1:40:49:6e:70:9f:12:95:
         23:f7:b3:eb:ba:1c:24:2c:cc:45:e1:b7:cf:cb:19:ba:a4:c4:
         1d:d2:17:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1x4PFeSSxyCyLUH5AOSzzrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNDA5MTA1NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjJkYjgwZjU4YWJkYjNiMTA4NmY5OGNjZDFkNzgwMWFkZDYzZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3jixn5AzQngKKWYtW007LkoIh10
WhdmN1hWlT+hxYkpg24+jV3/5L0TGgR7FlqNiGBHTX+YRSr9/R8HGxq0Tl7fdBit
b6mixKjO4LZhUpYvz0GEaKV5xAhkGAvruOgzqMgWflDdKQiy8wUEKPhj1GItTPdh
FkAO64aqhdwPKZa2y0T4LiYNt6j1sadfkH9A2D/qL/sWKiHLSQGx0WjfgryGFXUH
gXBQFFcDBl3KkPPp9fzjvbmQDSq0J/D+LIwv1OL4potVX5Vqettv0OO8qR1ZKJ6Q
4dJvmRoUIH7W1lOGJT4o6Hqvw0r28WwlcPsMfvgKtI4Ms/L49OZ/82MBEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKItuA9Yq9s7EIb5jM0deAGt1j3CMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvb2kyNEQxaXIyenNRaHZtTXpSMTRBYTNXUGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSpfMA0G
CSqGSIb3DQEBCwUAA4IBAQB6P4Y0NhBjbdhQW6tAfQfNB0GDe17pYKPb3KragzYO
eQe13W1L73GFul1k5jShcdEvuRv6BhJj9W7TXUlleeius0izUScTDcJb6mdT5ggk
h4YXq6qqyMMbzO9mXVQUFnr5A8GtH8AJWKYEMSHcjmf+v5T+EdXhQL7w2CbVZrtE
GKOaVFol+Qu0nYEC/O9+JNDvW4RNnhKNLGWYOKDfL+bNig1fbMK8PjYokJuGSs91
dRCj1OnQfJKcv8eF0eE07LmOVxH4KGGciOHl/uwGYD5T8gtMDDJxGW3HELFAXJnF
u8WOwUBJbnCfEpUj97PruhwkLMxF4bfPyxm6pMQd0hey
-----END CERTIFICATE-----