Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/XKbodjEpQym38OTBdpTzeAozz0A.roa
File:                     XKbodjEpQym38OTBdpTzeAozz0A.roa (raw, json)
Hash identifier:          uhhPtxzPOMQ9DqeDPH/YfWnuXTZjwkDi+1VLvG6/Ef0=
Subject key identifier:   5C:A6:E8:76:31:29:43:29:B7:F0:E4:C1:76:94:F3:78:0A:33:CF:40
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019CBC7EE45883461BBFDA13EC117564BFE2
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/XKbodjEpQym38OTBdpTzeAozz0A.roa
Signing time:             Thu 05 Mar 2026 05:35:58 +0000
ROA not before:           Thu 05 Mar 2026 05:35:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.33.12.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23
                          89.46.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bc:7e:e4:58:83:46:1b:bf:da:13:ec:11:75:64:bf:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar  5 05:35:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ca6e87631294329b7f0e4c17694f3780a33cf40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d9:57:6d:42:25:64:a8:b6:b8:78:88:85:39:
                    df:c2:7b:5d:8b:33:44:24:eb:bf:08:60:59:f7:60:
                    99:9a:c1:1a:d6:bf:0a:94:17:52:fc:59:f6:55:d5:
                    2b:0f:52:80:c6:8b:87:a7:d2:b6:7a:6c:3b:24:1d:
                    d8:ca:29:92:db:84:8c:88:74:0c:c7:04:f3:f3:5f:
                    06:67:87:e0:98:87:af:47:8f:50:86:11:6f:c5:16:
                    ba:9d:85:f6:e1:c4:0d:63:b9:32:67:66:08:fe:a5:
                    3e:79:29:61:3a:90:23:06:9a:83:8d:eb:a6:87:ba:
                    d0:ed:1b:06:5b:f7:98:c1:71:ee:0c:0b:b8:06:7b:
                    53:f2:da:ac:2a:13:53:42:a6:38:9a:71:4b:55:1d:
                    33:74:bf:db:c2:a6:e3:3b:f3:d3:c2:8e:c0:a0:f2:
                    92:15:37:6a:7e:fc:0f:7d:ad:bb:33:be:f4:28:d7:
                    37:32:5c:8a:9f:cd:da:b4:4a:5d:b7:61:07:4a:79:
                    72:30:2c:27:62:96:f1:86:d4:b1:38:7d:3c:9d:a2:
                    58:29:01:e6:f4:e1:3f:09:fc:97:14:3d:d4:fc:49:
                    31:7f:bc:36:92:ec:3e:b4:d5:83:d1:95:c8:ce:a7:
                    bf:7e:0f:78:3f:bf:f1:fa:9e:8b:b8:db:37:13:ef:
                    d3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A6:E8:76:31:29:43:29:B7:F0:E4:C1:76:94:F3:78:0A:33:CF:40
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/XKbodjEpQym38OTBdpTzeAozz0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.12.0/24
                  89.42.82.0/23
                  89.46.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:95:9d:2c:7d:cd:f3:c0:2b:ce:54:ad:a1:00:eb:a4:96:29:
         78:64:aa:eb:ff:8b:86:47:49:bd:ad:74:9b:59:98:53:0f:b4:
         71:af:68:00:55:3d:af:85:04:4b:cd:8a:23:60:47:72:c7:9d:
         ff:1c:33:a1:5f:60:93:61:89:cd:db:ed:09:ab:35:3f:64:4c:
         64:74:d5:0f:9e:9a:3b:e7:24:a8:80:ff:86:cd:07:95:47:2e:
         d3:8e:92:a3:24:c8:09:7e:c8:34:bf:e2:a7:c6:00:33:5b:42:
         b9:df:df:c7:91:e4:e4:0e:2f:3c:88:33:93:97:aa:1c:85:ad:
         47:2c:64:db:34:d8:18:af:eb:b6:31:b3:5d:0a:20:7b:83:e6:
         6f:59:a7:a9:8b:cb:1a:d9:10:e9:88:14:9f:71:51:77:7f:ef:
         2f:ca:47:9b:2b:0f:4f:47:c5:55:33:e0:d0:aa:0f:b8:4a:95:
         20:88:48:67:e5:03:5d:98:12:35:f3:31:0a:19:da:c4:42:0f:
         7a:88:e9:ff:d5:4f:c1:5e:b6:21:e4:92:c5:c4:4c:f6:fb:0d:
         3a:88:33:95:a4:8e:30:fb:8e:a0:8b:97:cf:d0:b2:24:6b:34:
         4b:a1:5e:4b:e3:36:8e:0f:d2:13:dc:97:0a:df:f7:59:37:29:
         c1:5e:93:ed
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy8fuRYg0Ybv9oT7BF1ZL/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMzA1MDUzNTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E2ZTg3NjMxMjk0MzI5YjdmMGU0YzE3Njk0ZjM3ODBhMzNjZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNlXbUIlZKi2uHiIhTnfwntdizNE
JOu/CGBZ92CZmsEa1r8KlBdS/Fn2VdUrD1KAxouHp9K2emw7JB3YyimS24SMiHQM
xwTz818GZ4fgmIevR49QhhFvxRa6nYX24cQNY7kyZ2YI/qU+eSlhOpAjBpqDjeum
h7rQ7RsGW/eYwXHuDAu4BntT8tqsKhNTQqY4mnFLVR0zdL/bwqbjO/PTwo7AoPKS
FTdqfvwPfa27M770KNc3MlyKn83atEpdt2EHSnlyMCwnYpbxhtSxOH08naJYKQHm
9OE/CfyXFD3U/Ekxf7w2kuw+tNWD0ZXIzqe/fg94P7/x+p6LuNs3E+/TbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFym6HYxKUMpt/DkwXaU83gKM89AMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWEtib2RqRXBReW0zOE9UQmRwVHplQW96ejBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSEMAwQB
WSpSAwQAWS4BMA0GCSqGSIb3DQEBCwUAA4IBAQAIlZ0sfc3zwCvOVK2hAOuklil4
ZKrr/4uGR0m9rXSbWZhTD7Rxr2gAVT2vhQRLzYojYEdyx53/HDOhX2CTYYnN2+0J
qzU/ZExkdNUPnpo75ySogP+GzQeVRy7TjpKjJMgJfsg0v+KnxgAzW0K539/HkeTk
Di88iDOTl6ocha1HLGTbNNgYr+u2MbNdCiB7g+ZvWaepi8sa2RDpiBSfcVF3f+8v
ykebKw9PR8VVM+DQqg+4SpUgiEhn5QNdmBI18zEKGdrEQg96iOn/1U/BXrYh5JLF
xEz2+w06iDOVpI4w+46gi5fP0LIkazRLoV5L4zaOD9IT3JcK3/dZNynBXpPt
-----END CERTIFICATE-----