Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/4P1pKbRQtxYvx-OI1i8SlS6xn-A.roa
File:                     4P1pKbRQtxYvx-OI1i8SlS6xn-A.roa (raw, json)
Hash identifier:          ahPJwTVvmFqQJbgCwRR8jIWKid4w8OOrLTpMnnWap4w=
Subject key identifier:   E0:FD:69:29:B4:50:B7:16:2F:C7:E3:88:D6:2F:12:95:2E:B1:9F:E0
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       019E6E9C71F100F78EABF04E38018E4AC634
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/4P1pKbRQtxYvx-OI1i8SlS6xn-A.roa
Signing time:             Thu 28 May 2026 12:43:26 +0000
ROA not before:           Thu 28 May 2026 12:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        89.34.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6e:9c:71:f1:00:f7:8e:ab:f0:4e:38:01:8e:4a:c6:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: May 28 12:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0fd6929b450b7162fc7e388d62f12952eb19fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:82:fd:72:4a:a4:10:7a:f1:95:3a:d5:5c:23:
                    29:ff:cc:4a:65:ad:6a:73:9f:a4:97:77:a2:e2:58:
                    80:94:40:4b:92:3c:e0:47:e8:59:6b:cf:9b:e4:60:
                    b2:d4:5d:f7:6b:a5:cc:12:64:33:d0:8c:b5:e2:9c:
                    ed:b8:ad:a4:f4:d1:a7:79:a3:4c:04:e8:96:d4:97:
                    6d:1d:36:8e:d6:78:f1:8d:c4:5c:89:ee:83:84:9b:
                    2b:78:0e:4e:68:5a:73:bf:da:96:9b:c3:9d:ca:7c:
                    87:86:82:f5:d2:ec:52:cc:8e:d9:6b:d8:5f:ff:4d:
                    ea:d1:6c:9e:e1:ac:cf:18:ae:53:8c:3e:f6:a7:f1:
                    d5:6c:c9:40:9a:49:3f:fb:33:6e:16:a0:0b:dd:06:
                    17:50:93:dc:0f:8f:a3:ed:3f:5d:ae:91:1c:ce:a7:
                    70:51:4e:60:a4:6a:b4:a4:8b:13:07:3d:33:e2:1c:
                    be:3a:dc:ee:53:57:ad:17:e4:07:80:fd:c5:71:d7:
                    cf:e7:7b:49:62:bd:c0:a2:51:48:6a:bc:1b:c5:5f:
                    9b:9e:05:0a:23:25:4c:d5:a0:69:11:1b:1b:80:b7:
                    28:2e:d2:f7:de:3f:39:69:34:c2:0e:1f:fb:12:d4:
                    8c:02:0b:f9:72:65:f6:04:37:45:a1:74:b9:60:bb:
                    53:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:FD:69:29:B4:50:B7:16:2F:C7:E3:88:D6:2F:12:95:2E:B1:9F:E0
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/4P1pKbRQtxYvx-OI1i8SlS6xn-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ae:c2:3a:ee:75:7a:14:c1:bc:97:a2:20:9a:28:27:d7:3b:
         22:f0:4d:3a:69:16:7d:d5:25:5b:95:cf:c0:05:70:ef:49:ee:
         65:e1:7e:36:6e:67:2a:73:e4:9f:d4:d5:ef:cc:0a:90:55:ea:
         91:4a:20:d1:db:23:a8:29:de:90:5b:39:36:e2:cc:b5:4a:bf:
         36:05:b7:35:a2:30:7c:98:9d:55:3f:dc:be:14:07:3d:98:b7:
         7c:5c:9f:6d:8b:f8:b4:10:89:d5:c1:9f:9e:0c:10:0a:f0:b8:
         d8:01:f8:ff:f9:2c:6d:45:c8:5e:4e:f4:a7:66:43:12:2c:c4:
         ab:05:c5:f0:94:6a:54:95:58:b3:da:40:e8:9e:e9:a1:0e:05:
         b2:df:36:e9:42:97:0c:37:14:b2:0b:c4:ff:5f:7c:ff:ab:e5:
         67:1b:83:95:0c:2b:44:5d:2d:74:c9:57:30:f9:f4:13:71:f8:
         96:ae:ea:c5:36:77:ce:fe:f6:46:0e:6a:20:8f:6c:78:71:1d:
         4f:8c:9c:da:7f:55:76:0e:8c:15:fb:02:ee:00:c7:c4:44:24:
         d0:f0:51:79:36:7a:7b:8b:1e:7c:4b:0b:29:6b:75:d8:75:ba:
         f4:b4:99:17:12:89:16:4d:ca:da:b5:b3:3d:c2:1e:24:d5:be:
         c4:4e:b1:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5unHHxAPeOq/BOOAGOSsY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjYwNTI4MTI0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGZkNjkyOWI0NTBiNzE2MmZjN2UzODhkNjJmMTI5NTJlYjE5ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04L9ckqkEHrxlTrVXCMp/8xKZa1q
c5+kl3ei4liAlEBLkjzgR+hZa8+b5GCy1F33a6XMEmQz0Iy14pztuK2k9NGneaNM
BOiW1JdtHTaO1njxjcRcie6DhJsreA5OaFpzv9qWm8OdynyHhoL10uxSzI7Za9hf
/03q0Wye4azPGK5TjD72p/HVbMlAmkk/+zNuFqAL3QYXUJPcD4+j7T9drpEczqdw
UU5gpGq0pIsTBz0z4hy+OtzuU1etF+QHgP3FcdfP53tJYr3AolFIarwbxV+bngUK
IyVM1aBpERsbgLcoLtL33j85aTTCDh/7EtSMAgv5cmX2BDdFoXS5YLtTlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOD9aSm0ULcWL8fjiNYvEpUusZ/gMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvNFAxcEtiUlF0eFl2eC1PSTFpOFNsUzZ4bi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSJAMA0G
CSqGSIb3DQEBCwUAA4IBAQBCrsI67nV6FMG8l6Igmign1zsi8E06aRZ91SVblc/A
BXDvSe5l4X42bmcqc+Sf1NXvzAqQVeqRSiDR2yOoKd6QWzk24sy1Sr82Bbc1ojB8
mJ1VP9y+FAc9mLd8XJ9ti/i0EInVwZ+eDBAK8LjYAfj/+SxtRcheTvSnZkMSLMSr
BcXwlGpUlViz2kDonumhDgWy3zbpQpcMNxSyC8T/X3z/q+VnG4OVDCtEXS10yVcw
+fQTcfiWrurFNnfO/vZGDmogj2x4cR1PjJzaf1V2DowV+wLuAMfERCTQ8FF5Nnp7
ix58Swspa3XYdbr0tJkXEokWTcratbM9wh4k1b7ETrGK
-----END CERTIFICATE-----