Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/1--eSAxJW7ANQVg2tik_8bZDj9q8.roa
File:                     1--eSAxJW7ANQVg2tik_8bZDj9q8.roa (raw, json)
Hash identifier:          u1+8rmUvSvtmLA2XtOscVAsMq/5hm99CyupmXSEeFrg=
Subject key identifier:   FB:E7:92:03:12:56:EC:03:50:56:0D:AD:8A:4F:FC:6D:90:E3:F6:AF
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019E465E2D9A8F50BA52D2E4E7A06315D790
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/1--eSAxJW7ANQVg2tik_8bZDj9q8.roa
Signing time:             Wed 20 May 2026 17:10:37 +0000
ROA not before:           Wed 20 May 2026 17:10:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        89.32.164.0/24 maxlen: 24
                          89.34.122.0/24 maxlen: 24
                          89.34.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:5e:2d:9a:8f:50:ba:52:d2:e4:e7:a0:63:15:d7:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: May 20 17:10:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fbe792031256ec0350560dad8a4ffc6d90e3f6af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7d:75:26:33:e1:d6:75:31:30:b0:34:5e:30:
                    31:2d:4f:0d:5f:af:bf:dc:94:3f:f0:66:b3:4d:50:
                    36:b2:4c:fa:18:3d:16:8a:31:21:dd:91:20:d3:e9:
                    a2:d4:a2:2c:ca:a5:4a:60:29:71:2d:77:78:44:e3:
                    6c:ba:4b:f9:b6:6c:65:5e:52:7e:04:d0:4b:8f:2b:
                    be:3d:eb:de:0f:82:70:84:4c:d1:64:66:23:18:08:
                    0a:ac:bc:b9:a6:b5:0d:47:56:37:59:49:f7:9f:dd:
                    91:95:4a:9a:7e:98:df:c8:b6:fc:20:f3:8f:67:22:
                    a7:c6:d1:32:80:33:0e:e5:34:a6:0a:8e:57:d7:51:
                    03:bc:45:a2:fe:ea:c8:f9:09:27:8e:db:0e:ab:99:
                    01:8c:84:3a:88:9f:3e:61:96:68:79:23:41:2b:84:
                    6c:aa:fc:d5:e5:bf:0e:42:b4:46:a9:80:5b:ac:43:
                    46:5b:eb:57:6d:40:fc:dc:ac:32:a9:78:07:df:c0:
                    5b:ef:1a:34:3e:13:1c:5c:1f:0e:f9:34:63:40:ea:
                    c8:95:56:88:ca:10:4f:22:68:7d:1a:91:2a:65:18:
                    78:6a:c3:53:93:ef:74:69:aa:41:72:74:c7:ec:91:
                    56:13:d5:66:df:fe:37:62:c0:98:b0:d7:fc:91:91:
                    e8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:E7:92:03:12:56:EC:03:50:56:0D:AD:8A:4F:FC:6D:90:E3:F6:AF
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/1--eSAxJW7ANQVg2tik_8bZDj9q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.32.164.0/24
                  89.34.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d6:73:49:0c:3e:8f:90:5c:65:5e:e4:34:57:87:c9:91:96:d9:
         d9:1e:9b:c3:4e:09:94:19:5c:c4:9a:67:2e:0c:fe:73:26:09:
         ef:8b:6a:38:98:65:f7:1b:f4:f5:9d:9a:11:fa:ff:96:ab:37:
         f3:87:e9:a8:de:24:b5:1b:99:22:bb:92:bd:d1:74:3b:3c:36:
         9f:4c:26:df:a0:27:d1:67:48:2a:87:04:68:62:5b:4e:2a:cd:
         0a:09:07:72:dc:ec:ba:92:41:0e:32:0d:e2:40:98:32:55:b9:
         91:16:59:d7:45:bc:d3:08:bd:2f:6f:a5:9d:c0:dc:85:e7:93:
         02:53:3d:d2:aa:dd:4a:f4:59:cc:64:9a:7a:c4:47:8f:9d:7d:
         94:29:2d:bd:cd:17:ec:a5:ea:41:c4:a9:ed:ea:54:93:1d:2a:
         19:6e:cf:da:cd:d7:c1:3d:02:73:20:9f:2e:64:5f:c9:ac:1b:
         89:80:f4:45:45:ab:cc:20:8d:4c:d9:0d:9d:28:ee:1d:92:d0:
         97:df:1b:69:1d:dc:ef:34:29:78:50:2a:44:b6:5f:bd:c7:9e:
         11:a1:d3:67:b8:2d:1d:6f:07:c7:04:a6:0b:4c:94:3e:89:5a:
         61:53:9a:68:c6:19:11:f7:cd:f9:8c:bd:4d:b9:5d:8b:7e:0c:
         7d:e0:9b:84
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ5GXi2aj1C6UtLk56BjFdeQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjYwNTIwMTcxMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmU3OTIwMzEyNTZlYzAzNTA1NjBkYWQ4YTRmZmM2ZDkwZTNmNmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr311JjPh1nUxMLA0XjAxLU8NX6+/
3JQ/8GazTVA2skz6GD0WijEh3ZEg0+mi1KIsyqVKYClxLXd4RONsukv5tmxlXlJ+
BNBLjyu+PeveD4JwhEzRZGYjGAgKrLy5prUNR1Y3WUn3n92RlUqafpjfyLb8IPOP
ZyKnxtEygDMO5TSmCo5X11EDvEWi/urI+QknjtsOq5kBjIQ6iJ8+YZZoeSNBK4Rs
qvzV5b8OQrRGqYBbrENGW+tXbUD83KwyqXgH38Bb7xo0PhMcXB8O+TRjQOrIlVaI
yhBPImh9GpEqZRh4asNTk+90aapBcnTH7JFWE9Vm3/43YsCYsNf8kZHoxQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPvnkgMSVuwDUFYNrYpP/G2Q4/avMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvMS0tZVNBeEpXN0FOUVZnMnRpa184YlpEajlxOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvYzg5NzNjLTNjZmEtNDYwNC04MTEwLWNmMDZkMTk4M2Jh
MS8xLzJxOFhzQUZkdTN6Wmt2SnMzX0FjVGlZZ3R6NC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFkgpAME
AVkiejANBgkqhkiG9w0BAQsFAAOCAQEA1nNJDD6PkFxlXuQ0V4fJkZbZ2R6bw04J
lBlcxJpnLgz+cyYJ74tqOJhl9xv09Z2aEfr/lqs384fpqN4ktRuZIruSvdF0Ozw2
n0wm36An0WdIKocEaGJbTirNCgkHctzsupJBDjIN4kCYMlW5kRZZ10W80wi9L2+l
ncDcheeTAlM90qrdSvRZzGSaesRHj519lCktvc0X7KXqQcSp7epUkx0qGW7P2s3X
wT0CcyCfLmRfyawbiYD0RUWrzCCNTNkNnSjuHZLQl98baR3c7zQpeFAqRLZfvcee
EaHTZ7gtHW8HxwSmC0yUPolaYVOaaMYZEffN+Yy9Tbldi34MfeCbhA==
-----END CERTIFICATE-----