Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DpXSbLOGmv0xLAwom7-PXffpmLk.roa
File:                     DpXSbLOGmv0xLAwom7-PXffpmLk.roa (raw, json)
Hash identifier:          JPaYp7OnvirG0WDjzcJdan9ImssY8EwrJ+jMJR3fi3c=
Subject key identifier:   0E:95:D2:6C:B3:86:9A:FD:31:2C:0C:28:9B:BF:8F:5D:F7:E9:98:B9
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019E4B6CB90CFB69B3C9093D7DD61EF20D6C
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DpXSbLOGmv0xLAwom7-PXffpmLk.roa
Signing time:             Thu 21 May 2026 16:44:36 +0000
ROA not before:           Thu 21 May 2026 16:44:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:6c:b9:0c:fb:69:b3:c9:09:3d:7d:d6:1e:f2:0d:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May 21 16:44:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e95d26cb3869afd312c0c289bbf8f5df7e998b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b3:d6:f1:da:e9:95:10:36:ef:12:a3:96:1f:
                    87:00:67:79:e0:f2:31:25:e9:5c:9a:bc:d7:4b:c2:
                    9c:73:50:e9:6f:1e:56:9e:e7:ec:fc:91:d1:91:93:
                    c4:3a:53:c3:4c:09:24:c4:7e:83:e2:30:7c:8e:91:
                    1c:4c:7e:d9:5e:4e:29:69:72:33:11:c4:20:82:83:
                    6b:4b:91:d2:36:66:d3:a3:37:e9:29:82:50:8b:a4:
                    b8:24:e8:9f:a4:92:09:dd:9b:0b:15:5a:06:1f:9f:
                    52:66:a9:02:24:9c:9d:1f:bf:9e:e7:ac:8f:77:b3:
                    32:e2:6d:2f:d1:95:9f:92:38:5d:79:46:7f:ea:24:
                    35:e3:16:e9:81:d6:8a:4b:d9:b1:d3:87:49:a0:09:
                    81:4b:28:eb:0c:8b:cc:00:2f:d8:48:8b:ac:a2:5f:
                    7c:c3:72:1b:36:1f:77:be:f6:7d:3c:85:6f:15:84:
                    34:d5:20:a1:05:6d:81:3f:47:53:9f:26:7b:5b:c7:
                    65:75:88:16:8c:a2:9e:7b:37:4a:b1:91:ef:6b:b4:
                    84:97:79:f2:97:91:25:f9:dd:47:75:05:e8:95:57:
                    a3:b4:85:86:71:ca:33:49:50:d2:bc:98:63:25:81:
                    c0:5f:fc:50:c9:0e:d1:f2:50:0f:bc:2a:d4:e3:b9:
                    ab:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:95:D2:6C:B3:86:9A:FD:31:2C:0C:28:9B:BF:8F:5D:F7:E9:98:B9
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DpXSbLOGmv0xLAwom7-PXffpmLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:38:e9:dd:a4:fe:34:4b:cc:db:2b:d7:8d:fc:05:95:9b:cd:
         9c:dc:b9:78:03:b4:1e:37:1d:18:83:16:e1:a6:ef:a7:96:3a:
         1e:d7:07:1b:0d:89:e9:db:30:99:e2:21:98:86:42:1d:11:b1:
         6a:22:8a:e6:1f:18:6e:21:89:40:42:0f:7a:78:06:9d:a4:60:
         49:a4:f6:e2:62:ae:0f:af:46:9a:53:f2:8b:32:d2:42:a3:7d:
         28:2f:51:4c:26:54:88:29:5b:9c:4f:5c:42:4d:3a:2d:e6:cd:
         63:d2:dd:b8:d9:02:d9:d7:b5:4d:69:b0:95:9d:9d:ff:ee:47:
         09:6a:cf:07:71:20:5e:8d:d1:b5:1b:21:89:4f:9e:85:64:a1:
         a2:13:08:f9:b6:1d:81:e2:d5:ed:53:18:ef:1b:35:75:94:79:
         f2:fc:51:8c:38:6a:cb:b4:e0:7f:fd:90:d3:2a:44:e4:96:50:
         9f:92:0d:65:2e:b1:5b:47:ca:cc:93:ea:ff:f1:0a:d7:4d:9a:
         36:4f:44:dc:2d:2f:59:3a:23:ec:75:9b:1e:85:c9:88:8e:d0:
         e0:06:cd:b5:b2:92:e3:ea:2f:48:02:d9:aa:81:df:ce:db:ef:
         62:80:e3:1b:6b:8b:06:eb:4a:bd:e5:3f:72:bd:31:86:6a:83:
         be:bf:32:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5LbLkM+2mzyQk9fdYe8g1sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNTIxMTY0NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTk1ZDI2Y2IzODY5YWZkMzEyYzBjMjg5YmJmOGY1ZGY3ZTk5OGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrPW8drplRA27xKjlh+HAGd54PIx
JelcmrzXS8Kcc1Dpbx5Wnufs/JHRkZPEOlPDTAkkxH6D4jB8jpEcTH7ZXk4paXIz
EcQggoNrS5HSNmbTozfpKYJQi6S4JOifpJIJ3ZsLFVoGH59SZqkCJJydH7+e56yP
d7My4m0v0ZWfkjhdeUZ/6iQ14xbpgdaKS9mx04dJoAmBSyjrDIvMAC/YSIusol98
w3IbNh93vvZ9PIVvFYQ01SChBW2BP0dTnyZ7W8dldYgWjKKeezdKsZHva7SEl3ny
l5El+d1HdQXolVejtIWGccozSVDSvJhjJYHAX/xQyQ7R8lAPvCrU47mrAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6V0myzhpr9MSwMKJu/j1336Zi5MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvRHBYU2JMT0dtdjB4TEF3b203LVBYZmZwbUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSpSMA0G
CSqGSIb3DQEBCwUAA4IBAQCBOOndpP40S8zbK9eN/AWVm82c3Ll4A7QeNx0Ygxbh
pu+nljoe1wcbDYnp2zCZ4iGYhkIdEbFqIormHxhuIYlAQg96eAadpGBJpPbiYq4P
r0aaU/KLMtJCo30oL1FMJlSIKVucT1xCTTot5s1j0t242QLZ17VNabCVnZ3/7kcJ
as8HcSBejdG1GyGJT56FZKGiEwj5th2B4tXtUxjvGzV1lHny/FGMOGrLtOB//ZDT
KkTkllCfkg1lLrFbR8rMk+r/8QrXTZo2T0TcLS9ZOiPsdZsehcmIjtDgBs21spLj
6i9IAtmqgd/O2+9igOMba4sG60q95T9yvTGGaoO+vzKU
-----END CERTIFICATE-----