Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3w7FkQbEfBIefVRcY65SEbgFqyY.roa
File:                     3w7FkQbEfBIefVRcY65SEbgFqyY.roa (raw, json)
Hash identifier:          K6q6JprNLSw1ZgHGdiF/r0Z0KjuSKyE14QyyNyqUAlk=
Subject key identifier:   DF:0E:C5:91:06:C4:7C:12:1E:7D:54:5C:63:AE:52:11:B8:05:AB:26
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01983BC8643F9904CF21226BFCA98FBB30EF
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3w7FkQbEfBIefVRcY65SEbgFqyY.roa
Signing time:             Thu 24 Jul 2025 09:34:05 +0000
ROA not before:           Thu 24 Jul 2025 09:34:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207847
IP address blocks:        89.34.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:c8:64:3f:99:04:cf:21:22:6b:fc:a9:8f:bb:30:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jul 24 09:34:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df0ec59106c47c121e7d545c63ae5211b805ab26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:9f:87:34:99:81:9c:e7:03:59:de:b2:da:9c:
                    87:dc:e2:66:8f:1e:6d:21:fe:19:4a:fd:18:5f:e1:
                    97:8a:45:33:1a:d1:66:bb:96:6f:e1:53:a0:25:ce:
                    4e:69:37:6e:85:11:db:a3:d6:0c:d0:5a:71:36:a1:
                    89:fa:82:93:fa:f0:dc:56:78:ca:53:5a:4e:5c:10:
                    b8:56:70:30:ff:6a:1f:e1:00:74:0a:e6:1a:13:36:
                    be:8d:7f:5a:01:fb:89:b2:b8:fb:24:27:72:e8:8f:
                    01:15:ea:bc:01:d0:32:c5:27:4a:71:ce:ec:09:a3:
                    3a:17:76:05:56:1f:47:e9:a4:df:f1:7f:cb:e5:ac:
                    c3:40:a9:68:15:1c:d6:49:40:d3:f7:6a:06:ae:c3:
                    89:29:24:ce:1d:0f:4b:84:ab:7b:73:b3:a2:6d:31:
                    8c:7c:03:b5:20:c3:49:9f:59:4b:2e:d7:69:6d:73:
                    f7:6c:62:e2:81:f6:37:e4:7d:27:1e:4d:f2:0d:83:
                    da:d7:48:e4:d1:5d:66:09:21:af:18:f5:2c:b3:3f:
                    3f:a1:02:55:9e:31:e1:65:a6:9c:b3:28:08:11:28:
                    29:9a:b9:e8:24:0c:8f:4f:fc:a5:96:d9:c7:c1:c7:
                    a8:47:f5:ed:96:4c:ae:dc:45:26:0b:11:64:86:63:
                    69:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:0E:C5:91:06:C4:7C:12:1E:7D:54:5C:63:AE:52:11:B8:05:AB:26
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3w7FkQbEfBIefVRcY65SEbgFqyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:dc:54:36:6c:00:89:8c:4b:51:1f:5c:bd:cc:db:09:3e:6e:
         f6:80:86:3a:86:50:3d:06:8c:a1:33:e1:5b:95:40:02:39:b2:
         86:90:2a:e4:78:8b:4a:a0:06:15:25:25:d7:61:14:8f:de:d8:
         c3:98:69:d4:8b:1b:f7:e3:94:00:a0:ac:2f:a6:2a:6f:6c:43:
         9a:58:3c:1a:5a:70:0a:4a:a5:f8:db:30:57:8d:eb:ad:ae:d1:
         0d:e5:25:68:d1:2c:a4:7a:c1:f4:5a:b6:93:3b:ea:7a:ab:e4:
         43:1b:42:d2:bf:f4:73:6e:01:6f:b6:1d:f3:c2:e5:eb:9f:4b:
         e2:2d:b1:4a:2d:68:00:39:7e:77:6e:ac:48:35:39:ec:f1:83:
         13:94:ed:0f:45:6a:e0:a7:66:d1:39:c0:27:b1:8d:3d:eb:83:
         6b:3c:4b:84:3e:4a:e9:e7:1c:e2:48:c3:8e:10:21:42:69:15:
         00:82:8a:64:95:4e:ad:db:18:d7:9f:14:c3:80:a3:ba:0d:b6:
         7b:1f:4d:6e:3d:27:7c:ca:ab:fe:41:59:81:23:93:12:9f:2a:
         a1:af:df:03:8f:88:7d:60:d4:83:55:9c:0e:a4:d0:f6:7b:e2:
         51:9d:4f:20:a1:34:7d:eb:e5:98:56:3f:8e:4f:26:14:ee:87:
         3d:e4:f4:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg7yGQ/mQTPISJr/KmPuzDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwNzI0MDkzNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjBlYzU5MTA2YzQ3YzEyMWU3ZDU0NWM2M2FlNTIxMWI4MDVhYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4J+HNJmBnOcDWd6y2pyH3OJmjx5t
If4ZSv0YX+GXikUzGtFmu5Zv4VOgJc5OaTduhRHbo9YM0FpxNqGJ+oKT+vDcVnjK
U1pOXBC4VnAw/2of4QB0CuYaEza+jX9aAfuJsrj7JCdy6I8BFeq8AdAyxSdKcc7s
CaM6F3YFVh9H6aTf8X/L5azDQKloFRzWSUDT92oGrsOJKSTOHQ9LhKt7c7OibTGM
fAO1IMNJn1lLLtdpbXP3bGLigfY35H0nHk3yDYPa10jk0V1mCSGvGPUssz8/oQJV
njHhZaacsygIESgpmrnoJAyPT/ylltnHwceoR/Xtlkyu3EUmCxFkhmNpQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8OxZEGxHwSHn1UXGOuUhG4BasmMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvM3c3RmtRYkVmQkllZlZSY1k2NVNFYmdGcXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSLmMA0G
CSqGSIb3DQEBCwUAA4IBAQBN3FQ2bACJjEtRH1y9zNsJPm72gIY6hlA9BoyhM+Fb
lUACObKGkCrkeItKoAYVJSXXYRSP3tjDmGnUixv345QAoKwvpipvbEOaWDwaWnAK
SqX42zBXjeutrtEN5SVo0SykesH0WraTO+p6q+RDG0LSv/RzbgFvth3zwuXrn0vi
LbFKLWgAOX53bqxINTns8YMTlO0PRWrgp2bROcAnsY0964NrPEuEPkrp5xziSMOO
ECFCaRUAgopklU6t2xjXnxTDgKO6DbZ7H01uPSd8yqv+QVmBI5MSnyqhr98Dj4h9
YNSDVZwOpND2e+JRnU8goTR96+WYVj+OTyYU7oc95PTn
-----END CERTIFICATE-----