Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1g5AxnHOMkvuSVngFacCyi2uri8.roa
File:                     1g5AxnHOMkvuSVngFacCyi2uri8.roa (raw, json)
Hash identifier:          BA/YpoSs0suCjCjx+XNRT+18iypmJRTohejPElacwE0=
Subject key identifier:   D6:0E:40:C6:71:CE:32:4B:EE:49:59:E0:15:A7:02:CA:2D:AE:AE:2F
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019CB80D53BAC1CD313338A01E314E3ED4C4
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1g5AxnHOMkvuSVngFacCyi2uri8.roa
Signing time:             Wed 04 Mar 2026 08:53:27 +0000
ROA not before:           Wed 04 Mar 2026 08:53:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        89.47.114.0/24 maxlen: 24
                          93.114.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:0d:53:ba:c1:cd:31:33:38:a0:1e:31:4e:3e:d4:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar  4 08:53:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d60e40c671ce324bee4959e015a702ca2daeae2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2b:ac:83:33:8e:dd:50:f0:be:2f:10:36:ac:
                    da:f7:50:ca:23:9a:37:05:4e:32:e1:94:a1:f5:81:
                    c9:72:7c:ea:4d:c0:ea:c2:f6:25:7e:99:3e:b9:c8:
                    88:90:79:8e:74:e8:e2:7f:f4:17:13:e8:da:87:25:
                    ae:36:49:d2:e7:6d:5b:45:65:ce:f4:fb:51:ee:52:
                    8f:59:5f:fd:ee:cb:4f:f4:35:2d:01:50:bc:2c:e8:
                    c8:86:51:35:5b:4f:85:86:8c:b5:a9:61:33:a8:7c:
                    5e:a0:1b:e5:2c:dc:c7:a5:c0:23:ec:53:7e:a3:02:
                    58:04:07:cc:51:4c:75:e6:76:33:f1:08:a7:61:a6:
                    db:5f:7f:1b:de:8c:62:e2:4f:cd:99:a1:60:e4:09:
                    1e:3f:e3:a7:a7:91:52:05:0a:f7:35:93:a5:39:71:
                    96:46:34:2c:31:f2:cc:e3:b8:c7:ff:4b:07:ba:61:
                    c2:42:25:86:42:87:89:15:3c:a2:06:fc:49:db:9a:
                    35:89:1c:3d:20:21:82:f3:21:61:9f:96:fe:57:60:
                    05:74:30:0e:e1:c5:a3:48:34:ac:3a:16:91:5d:7d:
                    00:fd:cb:72:4e:23:46:32:4d:5a:07:ee:64:63:8f:
                    1c:e6:d1:2d:3b:fd:4d:7c:fe:ae:b5:9a:c9:91:72:
                    15:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:0E:40:C6:71:CE:32:4B:EE:49:59:E0:15:A7:02:CA:2D:AE:AE:2F
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1g5AxnHOMkvuSVngFacCyi2uri8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.114.0/24
                  93.114.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:a7:e5:0d:b0:8a:27:a5:40:f9:0b:dd:6e:7c:39:23:97:ef:
         5f:c0:bd:60:12:dc:e4:0d:1d:b2:71:a8:f3:d6:e8:84:8d:94:
         ee:c7:6b:1d:6f:a3:67:d7:f9:09:7f:b1:a5:93:19:f9:25:73:
         ae:a0:73:73:03:c9:ed:9c:6b:21:7d:f2:62:ba:91:ed:bb:64:
         1d:6b:55:72:68:2b:40:24:28:dd:28:d3:19:a5:2b:e3:4d:d6:
         7d:c9:27:58:c0:bc:78:de:9c:52:bd:38:85:f6:20:4b:22:14:
         d1:bc:9b:ea:ff:cc:8e:5f:a1:f6:52:76:71:a1:ca:13:80:c3:
         c1:c2:1d:f0:b6:bc:38:7d:60:12:19:77:78:96:26:fe:c8:92:
         f0:0e:9b:28:96:ee:f1:09:bc:21:34:d4:d3:78:dc:0c:5c:cb:
         61:c8:6a:56:36:49:2b:da:aa:e8:40:f4:8c:a3:67:93:6b:23:
         68:23:ff:a0:3c:cb:0c:1c:e0:2a:26:3b:e0:d6:6e:87:70:7d:
         b0:eb:51:0b:0a:23:6e:4c:9e:70:8d:61:76:94:04:35:93:99:
         ea:01:15:28:95:b1:19:d0:44:ea:82:52:f2:4f:33:b6:aa:56:
         d7:f1:b5:0f:fa:ec:c3:23:6f:2f:22:bd:1f:34:10:fe:2c:3a:
         f1:d5:4f:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy4DVO6wc0xMzigHjFOPtTEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMzA0MDg1MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjBlNDBjNjcxY2UzMjRiZWU0OTU5ZTAxNWE3MDJjYTJkYWVhZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCusgzOO3VDwvi8QNqza91DKI5o3
BU4y4ZSh9YHJcnzqTcDqwvYlfpk+uciIkHmOdOjif/QXE+jahyWuNknS521bRWXO
9PtR7lKPWV/97stP9DUtAVC8LOjIhlE1W0+Fhoy1qWEzqHxeoBvlLNzHpcAj7FN+
owJYBAfMUUx15nYz8QinYabbX38b3oxi4k/NmaFg5AkeP+Onp5FSBQr3NZOlOXGW
RjQsMfLM47jH/0sHumHCQiWGQoeJFTyiBvxJ25o1iRw9ICGC8yFhn5b+V2AFdDAO
4cWjSDSsOhaRXX0A/ctyTiNGMk1aB+5kY48c5tEtO/1NfP6utZrJkXIV9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNYOQMZxzjJL7klZ4BWnAsotrq4vMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvMWc1QXhuSE9Na3Z1U1ZuZ0ZhY0N5aTJ1cmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS9yAwQA
XXJJMA0GCSqGSIb3DQEBCwUAA4IBAQCFp+UNsIonpUD5C91ufDkjl+9fwL1gEtzk
DR2ycajz1uiEjZTux2sdb6Nn1/kJf7Glkxn5JXOuoHNzA8ntnGshffJiupHtu2Qd
a1VyaCtAJCjdKNMZpSvjTdZ9ySdYwLx43pxSvTiF9iBLIhTRvJvq/8yOX6H2UnZx
ocoTgMPBwh3wtrw4fWASGXd4lib+yJLwDpsolu7xCbwhNNTTeNwMXMthyGpWNkkr
2qroQPSMo2eTayNoI/+gPMsMHOAqJjvg1m6HcH2w61ELCiNuTJ5wjWF2lAQ1k5nq
ARUolbEZ0ETqglLyTzO2qlbX8bUP+uzDI28vIr0fNBD+LDrx1U/a
-----END CERTIFICATE-----