Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/YDnY8X6JwyL4mVE6Xh2b3evBJ4s.roa
File:                     YDnY8X6JwyL4mVE6Xh2b3evBJ4s.roa (raw, json)
Hash identifier:          aMznFgnnEpL6nA+1mi8OC6LNHUs0jqO1QM1kV+OxeWE=
Subject key identifier:   60:39:D8:F1:7E:89:C3:22:F8:99:51:3A:5E:1D:9B:DD:EB:C1:27:8B
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019E4B6BCE86DBDFE6092203D7729A70F130
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/YDnY8X6JwyL4mVE6Xh2b3evBJ4s.roa
Signing time:             Thu 21 May 2026 16:43:36 +0000
ROA not before:           Thu 21 May 2026 16:43:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200074
IP address blocks:        89.33.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:6b:ce:86:db:df:e6:09:22:03:d7:72:9a:70:f1:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May 21 16:43:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6039d8f17e89c322f899513a5e1d9bddebc1278b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:59:b9:79:e7:d3:06:ac:37:f0:20:c0:3e:5b:
                    07:31:b4:79:44:89:af:2b:38:60:11:45:fe:75:08:
                    52:cc:1b:bf:7e:9e:dc:18:88:cb:f1:f0:cf:aa:6d:
                    2a:1b:b1:8b:07:9f:a9:4e:f5:6e:79:bf:c4:ec:ee:
                    58:d0:5b:25:e4:bc:65:4a:b7:6c:57:42:52:83:0c:
                    c7:fb:4f:9c:af:55:49:ee:52:9d:f4:64:59:b2:5f:
                    ff:8f:5e:ec:fe:66:7f:36:c4:16:d8:c9:17:5f:be:
                    65:9c:1d:c4:a1:11:31:9f:09:26:a1:49:c7:02:40:
                    15:9a:5e:8c:d5:17:5e:b7:7a:60:ca:d0:5a:87:e3:
                    53:89:62:85:17:5a:b6:cc:57:b2:11:60:b9:d8:cd:
                    88:f0:7b:66:74:df:47:a0:c6:4a:00:63:73:01:ae:
                    1f:d3:2a:90:06:14:3b:e6:b5:69:f5:9c:ec:2b:ab:
                    5d:e0:b1:6e:bd:62:f7:e7:f9:b8:c9:67:05:ca:22:
                    a2:d2:05:eb:b9:5d:02:6f:9d:9a:c0:9a:13:95:7f:
                    eb:51:88:ae:d8:ea:17:b5:6e:71:6e:43:78:e9:69:
                    4c:04:d9:c2:61:75:24:4a:90:4a:b5:c4:cc:50:ea:
                    4c:2b:a2:28:16:05:ae:ae:f6:c5:d3:62:fe:5f:6c:
                    32:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:39:D8:F1:7E:89:C3:22:F8:99:51:3A:5E:1D:9B:DD:EB:C1:27:8B
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/YDnY8X6JwyL4mVE6Xh2b3evBJ4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:70:72:eb:2b:c4:c8:d6:a1:99:d0:90:a6:11:34:57:76:7d:
         3a:64:38:f2:35:b6:c4:75:f6:0d:cb:2b:33:3a:97:94:07:e6:
         94:ce:bc:10:90:c0:5e:fc:d5:02:88:60:59:2b:ea:60:ab:49:
         a4:bd:9b:82:c6:4e:dd:3e:17:eb:92:36:ee:39:29:16:0e:a4:
         1d:b1:15:0e:ef:67:57:ef:38:62:13:17:78:34:e6:55:41:51:
         b4:54:0d:99:e1:cb:46:2f:88:4b:c9:3a:6c:99:9c:6f:c9:9e:
         ab:b4:6e:b5:9b:24:1f:4b:0d:2c:ef:ad:a1:dc:c4:36:7b:79:
         ee:00:c7:ed:3f:7a:8c:6c:a3:56:e6:31:04:cd:ce:83:7b:5c:
         1b:cb:2b:95:fe:58:af:62:4d:b9:25:35:10:8c:c4:45:a8:56:
         ef:1e:21:42:c7:97:4b:6d:47:51:6a:20:7d:71:e4:37:8c:82:
         79:22:2e:c9:e5:97:a6:58:84:c0:b6:c1:67:cc:14:96:8b:0f:
         69:bc:17:a2:f6:24:c8:45:c4:ff:a5:d7:80:35:43:a6:53:94:
         f3:ea:3f:ea:d6:8a:67:fc:49:cc:58:49:ab:3d:2c:98:24:f6:
         af:78:71:c4:b2:43:db:f5:30:f5:2b:3b:7a:d0:03:b8:fd:c6:
         19:2e:b5:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5La86G29/mCSID13KacPEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNTIxMTY0MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDM5ZDhmMTdlODljMzIyZjg5OTUxM2E1ZTFkOWJkZGViYzEyNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFm5eefTBqw38CDAPlsHMbR5RImv
KzhgEUX+dQhSzBu/fp7cGIjL8fDPqm0qG7GLB5+pTvVueb/E7O5Y0Fsl5LxlSrds
V0JSgwzH+0+cr1VJ7lKd9GRZsl//j17s/mZ/NsQW2MkXX75lnB3EoRExnwkmoUnH
AkAVml6M1Rdet3pgytBah+NTiWKFF1q2zFeyEWC52M2I8HtmdN9HoMZKAGNzAa4f
0yqQBhQ75rVp9ZzsK6td4LFuvWL35/m4yWcFyiKi0gXruV0Cb52awJoTlX/rUYiu
2OoXtW5xbkN46WlMBNnCYXUkSpBKtcTMUOpMK6IoFgWurvbF02L+X2wytwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGA52PF+icMi+JlROl4dm93rwSeLMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWURuWThYNkp3eUw0bVZFNlhoMmIzZXZCSjRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHBMA0G
CSqGSIb3DQEBCwUAA4IBAQCEcHLrK8TI1qGZ0JCmETRXdn06ZDjyNbbEdfYNyysz
OpeUB+aUzrwQkMBe/NUCiGBZK+pgq0mkvZuCxk7dPhfrkjbuOSkWDqQdsRUO72dX
7zhiExd4NOZVQVG0VA2Z4ctGL4hLyTpsmZxvyZ6rtG61myQfSw0s762h3MQ2e3nu
AMftP3qMbKNW5jEEzc6De1wbyyuV/livYk25JTUQjMRFqFbvHiFCx5dLbUdRaiB9
ceQ3jIJ5Ii7J5ZemWITAtsFnzBSWiw9pvBei9iTIRcT/pdeANUOmU5Tz6j/q1opn
/EnMWEmrPSyYJPaveHHEskPb9TD1Kzt60AO4/cYZLrXO
-----END CERTIFICATE-----