Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/22yqP4mkUAOfScElIKKRUWgLt8Q.roa
File:                     22yqP4mkUAOfScElIKKRUWgLt8Q.roa (raw, json)
Hash identifier:          fXou+nz0DRloMdSpPyDN1RLecVgaXP5M1sg+9xUPeW0=
Subject key identifier:   DB:6C:AA:3F:89:A4:50:03:9F:49:C1:25:20:A2:91:51:68:0B:B7:C4
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0198194408C6D1442E134707DF560578A2C2
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/22yqP4mkUAOfScElIKKRUWgLt8Q.roa
Signing time:             Thu 17 Jul 2025 16:42:25 +0000
ROA not before:           Thu 17 Jul 2025 16:42:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 19:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:19:44:08:c6:d1:44:2e:13:47:07:df:56:05:78:a2:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jul 17 16:42:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db6caa3f89a450039f49c12520a29151680bb7c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2d:80:11:a8:dc:c7:46:a6:12:8c:39:c3:c3:
                    6d:d9:a9:08:b3:22:6f:b3:32:2d:94:6e:58:90:8f:
                    3a:27:29:15:89:5d:2b:6e:0d:66:d6:97:e9:c1:95:
                    44:18:09:82:4b:9c:20:5f:39:1e:8b:0c:39:1d:ed:
                    95:61:4b:bf:cd:94:8e:e0:92:8f:e9:33:25:a8:49:
                    1f:31:48:00:79:86:26:3c:e0:f4:33:7b:31:63:ac:
                    3e:f2:4b:62:c5:80:9c:10:46:d1:84:e8:99:2e:72:
                    25:19:f3:07:3a:71:1b:98:d7:cd:d4:75:48:5a:dd:
                    06:c0:4d:89:47:13:89:58:cb:67:aa:01:10:ec:36:
                    c5:3c:8c:5c:9a:ee:cc:2d:7f:67:7c:89:94:3b:01:
                    c4:7b:23:1e:42:12:41:b7:69:48:91:8d:8f:d5:58:
                    d2:08:93:92:da:f5:9f:06:97:3e:df:f5:43:26:60:
                    a3:20:d3:de:99:20:94:fb:fb:b3:cb:04:ff:ec:28:
                    4c:ec:be:90:4a:78:cc:45:13:a5:ea:f8:19:13:48:
                    c0:32:39:7c:6a:4a:59:1e:b3:11:b5:8e:24:4e:55:
                    d3:87:e7:85:37:80:de:6b:69:f6:00:c7:51:64:30:
                    bd:29:14:fa:f1:e0:c7:a0:09:a7:1c:aa:81:d7:af:
                    ef:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:6C:AA:3F:89:A4:50:03:9F:49:C1:25:20:A2:91:51:68:0B:B7:C4
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/22yqP4mkUAOfScElIKKRUWgLt8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.81.0-89.42.83.255

    Signature Algorithm: sha256WithRSAEncryption
         6a:49:d9:56:2f:06:34:5e:5d:fd:02:8f:63:c4:6d:76:49:1d:
         34:86:76:ca:fa:b1:a4:92:43:da:4e:1e:e3:40:51:d9:e6:ef:
         f8:94:ae:76:5c:fe:f8:ea:bb:e1:e3:3a:83:2b:73:e6:09:ea:
         98:af:71:41:15:45:fd:f7:d0:f9:3c:d7:8e:29:9b:1a:db:bb:
         89:72:15:2d:5a:88:c1:f9:db:8d:b2:43:bd:13:db:d4:99:9b:
         aa:02:51:fb:ac:a9:4e:ac:cc:b1:a8:d8:40:06:be:10:24:56:
         44:0f:fa:4c:2a:ad:b0:4a:2e:7c:d9:23:f1:af:66:7d:e9:d7:
         0c:45:9d:c6:12:a6:16:d5:78:1a:16:bd:7d:b5:ee:47:a8:97:
         72:79:b0:14:3a:f4:a9:6c:9d:9a:3b:7c:1f:5d:b6:af:e7:ca:
         29:96:ec:72:9b:04:7d:32:26:e4:f1:fd:20:ed:c3:fd:de:79:
         29:29:52:b3:b6:5b:6c:42:ca:60:51:40:2c:45:44:f3:bd:d6:
         6e:5f:08:3c:ec:21:cf:40:4c:ac:e5:60:fa:10:a4:ad:4b:ff:
         9e:eb:ad:c4:94:60:c1:86:03:71:24:ed:97:82:0d:9b:8e:25:
         20:6e:1f:71:06:af:d8:6d:fa:48:bd:b0:a7:78:09:21:4e:7c:
         64:f1:67:43
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZgZRAjG0UQuE0cH31YFeKLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwNzE3MTY0MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjZjYWEzZjg5YTQ1MDAzOWY0OWMxMjUyMGEyOTE1MTY4MGJiN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC2AEajcx0amEow5w8Nt2akIsyJv
szItlG5YkI86JykViV0rbg1m1pfpwZVEGAmCS5wgXzkeiww5He2VYUu/zZSO4JKP
6TMlqEkfMUgAeYYmPOD0M3sxY6w+8ktixYCcEEbRhOiZLnIlGfMHOnEbmNfN1HVI
Wt0GwE2JRxOJWMtnqgEQ7DbFPIxcmu7MLX9nfImUOwHEeyMeQhJBt2lIkY2P1VjS
CJOS2vWfBpc+3/VDJmCjINPemSCU+/uzywT/7ChM7L6QSnjMRROl6vgZE0jAMjl8
akpZHrMRtY4kTlXTh+eFN4Dea2n2AMdRZDC9KRT68eDHoAmnHKqB16/vDwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNtsqj+JpFADn0nBJSCikVFoC7fEMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvMjJ5cVA0bWtVQU9mU2NFbElLS1JVV2dMdDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZKlED
BAJZKlAwDQYJKoZIhvcNAQELBQADggEBAGpJ2VYvBjReXf0Cj2PEbXZJHTSGdsr6
saSSQ9pOHuNAUdnm7/iUrnZc/vjqu+HjOoMrc+YJ6pivcUEVRf330Pk8144pmxrb
u4lyFS1aiMH5242yQ70T29SZm6oCUfusqU6szLGo2EAGvhAkVkQP+kwqrbBKLnzZ
I/GvZn3p1wxFncYSphbVeBoWvX217keol3J5sBQ69KlsnZo7fB9dtq/nyimW7HKb
BH0yJuTx/SDtw/3eeSkpUrO2W2xCymBRQCxFRPO91m5fCDzsIc9ATKzlYPoQpK1L
/57rrcSUYMGGA3Ek7ZeCDZuOJSBuH3EGr9ht+ki9sKd4CSFOfGTxZ0M=
-----END CERTIFICATE-----