Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Io6FLFEyX0cogI_Y7gq68HqMNPA.roa
File:                     Io6FLFEyX0cogI_Y7gq68HqMNPA.roa (raw, json)
Hash identifier:          GhRRUMCxk4Q0nYMEvJpr5E9BP6MSv5CcXqF7EZhp6Ok=
Subject key identifier:   22:8E:85:2C:51:32:5F:47:28:80:8F:D8:EE:0A:BA:F0:7A:8C:34:F0
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01990420B70E7435624EA7B25BB0096035F4
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Io6FLFEyX0cogI_Y7gq68HqMNPA.roa
Signing time:             Mon 01 Sep 2025 07:14:36 +0000
ROA not before:           Mon 01 Sep 2025 07:14:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        89.47.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:04:20:b7:0e:74:35:62:4e:a7:b2:5b:b0:09:60:35:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Sep  1 07:14:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=228e852c51325f4728808fd8ee0abaf07a8c34f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:87:e3:29:9b:d3:12:9a:50:09:62:e9:98:4a:
                    d1:89:8a:59:6a:2b:f5:23:fa:f7:aa:63:63:9b:0f:
                    15:3e:ce:ea:2d:cd:1e:bf:a5:3d:fa:36:dd:df:09:
                    fc:05:cb:4a:a2:5c:67:91:3d:72:df:7e:67:ff:22:
                    08:f7:be:f6:ad:b4:96:9e:fd:e5:08:fd:b2:75:7c:
                    90:1c:9b:a0:2e:47:16:b3:6c:1c:1c:bf:01:ab:4a:
                    10:19:ce:58:06:49:86:cb:3e:ab:a3:35:20:2f:8a:
                    e7:15:f9:1e:60:3e:59:75:72:57:51:7b:b8:53:fa:
                    86:a5:2b:33:50:64:c0:37:a5:b2:a8:2a:91:32:a7:
                    68:39:74:f4:a7:4d:6d:7c:26:f3:31:59:bf:5b:2d:
                    24:10:a4:a6:bf:4b:36:20:5c:3a:e6:f7:7f:b9:5d:
                    6e:bf:3d:66:b1:8a:81:38:55:ef:01:52:f7:6e:d9:
                    56:e2:be:01:8f:53:08:90:90:35:28:32:8e:12:bb:
                    ba:5e:21:66:a0:28:fe:f6:41:97:3c:83:db:1b:57:
                    23:6c:f2:9c:a5:d2:4a:84:3f:e3:42:40:58:11:ab:
                    42:e9:43:81:9c:7d:1b:a5:05:fd:a6:68:e5:ac:83:
                    49:04:70:66:b4:08:ed:83:2c:db:fb:89:e8:f9:e1:
                    56:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:8E:85:2C:51:32:5F:47:28:80:8F:D8:EE:0A:BA:F0:7A:8C:34:F0
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Io6FLFEyX0cogI_Y7gq68HqMNPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:f7:87:1f:04:e9:c9:fa:ae:73:d5:d4:b1:92:55:d3:08:97:
         56:7a:1c:33:f9:47:77:57:48:9f:c0:d9:09:62:60:97:4a:82:
         03:b9:e3:a0:79:d8:9e:e4:60:fc:be:93:63:d5:ff:8e:9b:33:
         c9:16:1f:38:8f:76:83:2c:36:f6:f8:20:5d:3b:aa:15:4a:65:
         fd:46:33:84:18:12:f5:af:4d:21:1a:42:dd:89:5f:a6:ae:6c:
         cb:81:03:b2:72:ed:2f:30:cd:1c:c1:8e:f8:63:ba:06:c1:f4:
         d1:eb:66:10:a3:e6:da:67:3d:dc:a2:ea:4e:dd:33:02:5f:43:
         65:e1:73:dc:66:e3:51:3e:67:3d:07:f0:57:2f:cb:d8:4e:72:
         54:92:6c:e9:88:ed:d5:14:be:61:56:58:10:6a:40:b1:51:2f:
         7c:e2:32:47:ab:91:92:75:3d:53:f1:ad:13:ea:24:60:74:84:
         84:cd:c4:95:d1:bd:06:69:1b:a1:70:0f:4c:11:5f:ac:07:16:
         0e:43:34:9b:8d:c0:63:00:58:41:b6:d1:6d:23:c7:0d:8b:d4:
         56:c3:30:03:a6:06:e7:1c:f8:2f:4e:29:fd:f8:70:08:56:a8:
         21:66:e1:88:b0:75:ed:a4:37:a0:d7:69:0e:17:56:29:95:b2:
         88:e6:ff:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkEILcOdDViTqeyW7AJYDX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwOTAxMDcxNDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjhlODUyYzUxMzI1ZjQ3Mjg4MDhmZDhlZTBhYmFmMDdhOGMzNGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4fjKZvTEppQCWLpmErRiYpZaiv1
I/r3qmNjmw8VPs7qLc0ev6U9+jbd3wn8BctKolxnkT1y335n/yII9772rbSWnv3l
CP2ydXyQHJugLkcWs2wcHL8Bq0oQGc5YBkmGyz6rozUgL4rnFfkeYD5ZdXJXUXu4
U/qGpSszUGTAN6WyqCqRMqdoOXT0p01tfCbzMVm/Wy0kEKSmv0s2IFw65vd/uV1u
vz1msYqBOFXvAVL3btlW4r4Bj1MIkJA1KDKOEru6XiFmoCj+9kGXPIPbG1cjbPKc
pdJKhD/jQkBYEatC6UOBnH0bpQX9pmjlrINJBHBmtAjtgyzb+4no+eFWWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKOhSxRMl9HKICP2O4KuvB6jDTwMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSW82RkxGRXlYMGNvZ0lfWTdncTY4SHFNTlBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS9kMA0G
CSqGSIb3DQEBCwUAA4IBAQBr94cfBOnJ+q5z1dSxklXTCJdWehwz+Ud3V0ifwNkJ
YmCXSoIDueOgedie5GD8vpNj1f+OmzPJFh84j3aDLDb2+CBdO6oVSmX9RjOEGBL1
r00hGkLdiV+mrmzLgQOycu0vMM0cwY74Y7oGwfTR62YQo+baZz3coupO3TMCX0Nl
4XPcZuNRPmc9B/BXL8vYTnJUkmzpiO3VFL5hVlgQakCxUS984jJHq5GSdT1T8a0T
6iRgdISEzcSV0b0GaRuhcA9MEV+sBxYOQzSbjcBjAFhBttFtI8cNi9RWwzADpgbn
HPgvTin9+HAIVqghZuGIsHXtpDeg12kOF1YplbKI5v/F
-----END CERTIFICATE-----