Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/eB2hSV_Hdx6UpXi8AI7IynGR-nU.roa
File:                     eB2hSV_Hdx6UpXi8AI7IynGR-nU.roa (raw, json)
Hash identifier:          dc/doO6o1+KWXt12g3TR56aCxeeTLAIL3hhXaij4HvQ=
Subject key identifier:   78:1D:A1:49:5F:C7:77:1E:94:A5:78:BC:00:8E:C8:CA:71:91:FA:75
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       0198F0121BFAEDAB40385E9315207221F2F7
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/eB2hSV_Hdx6UpXi8AI7IynGR-nU.roa
Signing time:             Thu 28 Aug 2025 09:46:15 +0000
ROA not before:           Thu 28 Aug 2025 09:46:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8764
IP address blocks:        89.117.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:12:1b:fa:ed:ab:40:38:5e:93:15:20:72:21:f2:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Aug 28 09:46:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=781da1495fc7771e94a578bc008ec8ca7191fa75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c4:24:2f:6e:bc:36:de:50:8b:12:12:36:42:
                    9f:98:b1:4c:f3:d1:83:d6:fd:69:8e:10:bc:d1:98:
                    f2:7e:e2:72:dc:ea:6d:c9:c3:86:a9:6f:1a:e4:9a:
                    e5:fb:b8:3f:d1:97:f5:14:b8:f4:fd:cf:71:b3:06:
                    55:d0:da:98:51:2f:95:f1:94:a6:53:a8:c2:da:0a:
                    88:ea:b3:b8:d6:d3:bb:a1:a9:9e:56:ec:7e:1d:5f:
                    0e:73:62:23:29:a7:4a:aa:e8:49:00:e6:44:b6:eb:
                    27:ac:9f:2a:12:a4:bb:15:6d:98:66:b3:06:ac:d2:
                    78:5e:a8:7e:ce:d6:29:5a:12:14:c7:0a:83:76:48:
                    00:06:31:6a:58:72:83:cc:50:8e:50:42:2f:13:9b:
                    9a:5e:0c:08:4a:65:a2:9e:d1:52:fd:51:bf:1c:0d:
                    ac:9a:69:ad:be:84:42:a5:96:43:5d:39:2d:c3:0d:
                    e0:47:03:a8:22:13:e3:8e:5d:44:e5:ff:f8:f0:3e:
                    9a:62:41:60:a4:31:0c:1a:d2:70:f3:8a:ed:0f:ac:
                    82:97:37:d1:71:7e:de:2f:29:af:8d:5f:b7:f2:47:
                    e4:8d:40:36:eb:65:a9:37:84:f2:5a:30:0b:0c:7e:
                    d5:b4:7d:2d:35:85:00:21:7e:68:c4:e0:d5:0b:03:
                    0c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1D:A1:49:5F:C7:77:1E:94:A5:78:BC:00:8E:C8:CA:71:91:FA:75
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/eB2hSV_Hdx6UpXi8AI7IynGR-nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.117.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:75:30:12:e2:28:99:b7:ed:ae:89:7b:47:e8:58:82:2d:54:
         4c:88:ce:4d:0c:5f:c1:a2:95:be:3d:c1:34:02:70:a0:04:5f:
         a5:3c:7e:fd:3c:4e:5d:2d:3c:7b:a0:cd:97:30:ad:86:b6:03:
         17:26:da:b5:90:ff:9f:d0:a3:39:ee:0a:e3:26:f0:ef:c3:7b:
         cd:8e:f6:db:b0:3f:0c:b3:4c:8d:94:1d:d0:14:9b:eb:08:6e:
         76:ad:26:6a:82:c4:6a:20:5f:70:24:08:ab:eb:54:5b:51:d1:
         19:49:86:99:c2:41:4a:06:2c:66:a6:83:4c:40:27:53:d8:57:
         b2:79:77:82:b0:ac:50:a1:5a:fb:39:0d:77:81:ed:5f:8c:5a:
         79:eb:e0:a3:81:02:a2:c4:5e:f7:a3:34:8c:ab:7e:2a:ba:ae:
         07:36:15:30:f7:a5:4e:54:13:f5:7c:55:6b:36:31:ea:20:ca:
         12:9d:7f:c8:01:30:dc:4d:9a:b5:c4:42:88:fd:f9:97:94:a1:
         92:b2:03:1e:d9:f6:9a:c8:91:11:8d:85:54:b8:bd:69:b6:0e:
         ea:6a:83:49:37:7a:f2:ea:2c:a4:01:58:fe:5b:e5:cd:f4:ef:
         48:e6:28:c6:52:b8:49:44:51:2f:42:a1:67:36:9b:7a:87:ea:
         23:e7:a0:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjwEhv67atAOF6TFSByIfL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwODI4MDk0NjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODFkYTE0OTVmYzc3NzFlOTRhNTc4YmMwMDhlYzhjYTcxOTFmYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcQkL268Nt5QixISNkKfmLFM89GD
1v1pjhC80ZjyfuJy3OptycOGqW8a5Jrl+7g/0Zf1FLj0/c9xswZV0NqYUS+V8ZSm
U6jC2gqI6rO41tO7oameVux+HV8Oc2IjKadKquhJAOZEtusnrJ8qEqS7FW2YZrMG
rNJ4Xqh+ztYpWhIUxwqDdkgABjFqWHKDzFCOUEIvE5uaXgwISmWintFS/VG/HA2s
mmmtvoRCpZZDXTktww3gRwOoIhPjjl1E5f/48D6aYkFgpDEMGtJw84rtD6yClzfR
cX7eLymvjV+38kfkjUA262WpN4TyWjALDH7VtH0tNYUAIX5oxODVCwMM9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgdoUlfx3celKV4vACOyMpxkfp1MB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvZUIyaFNWX0hkeDZVcFhpOEFJN0l5bkdSLW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWXXwMA0G
CSqGSIb3DQEBCwUAA4IBAQCodTAS4iiZt+2uiXtH6FiCLVRMiM5NDF/BopW+PcE0
AnCgBF+lPH79PE5dLTx7oM2XMK2GtgMXJtq1kP+f0KM57grjJvDvw3vNjvbbsD8M
s0yNlB3QFJvrCG52rSZqgsRqIF9wJAir61RbUdEZSYaZwkFKBixmpoNMQCdT2Fey
eXeCsKxQoVr7OQ13ge1fjFp56+CjgQKixF73ozSMq34quq4HNhUw96VOVBP1fFVr
NjHqIMoSnX/IATDcTZq1xEKI/fmXlKGSsgMe2faayJERjYVUuL1ptg7qaoNJN3ry
6iykAVj+W+XN9O9I5ijGUrhJRFEvQqFnNpt6h+oj56Bv
-----END CERTIFICATE-----