Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZysbWbbBE9JWvpk5b0b6XAigniA.roa
File:                     ZysbWbbBE9JWvpk5b0b6XAigniA.roa (raw, json)
Hash identifier:          447kX0X9q6uuylEV9Q1tbNzg9VOunaPxGX6hTirjnqQ=
Subject key identifier:   67:2B:1B:59:B6:C1:13:D2:56:BE:99:39:6F:46:FA:5C:08:A0:9E:20
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01993DDBC143C21A4AD05713A9BE68FEDF78
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZysbWbbBE9JWvpk5b0b6XAigniA.roa
Signing time:             Fri 12 Sep 2025 12:17:15 +0000
ROA not before:           Fri 12 Sep 2025 12:17:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 08:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:db:c1:43:c2:1a:4a:d0:57:13:a9:be:68:fe:df:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Sep 12 12:17:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=672b1b59b6c113d256be99396f46fa5c08a09e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:be:1b:af:c8:35:35:ab:eb:5c:f8:dd:86:31:
                    dd:aa:09:36:fe:08:af:d2:c8:5c:ac:3a:65:23:60:
                    b9:1f:85:6e:4e:99:c3:48:f4:70:1a:18:8b:95:f6:
                    20:60:92:94:a6:30:50:c8:c3:cc:65:de:8f:98:10:
                    48:24:5b:ae:87:fa:97:a7:d6:a5:5d:0a:d6:63:e2:
                    bd:f8:25:a0:cc:7d:a7:a7:30:37:10:4d:73:5c:6c:
                    97:9b:52:fa:16:2e:66:87:26:b9:6a:b3:e8:13:fd:
                    e4:b6:f5:37:a2:92:e9:d6:79:6e:b3:45:2c:dc:a3:
                    d2:e1:e6:e0:3e:a0:72:ef:fb:07:2c:8f:b7:72:01:
                    c6:f2:fd:a2:a7:a3:10:9e:f0:cd:74:de:84:eb:60:
                    a7:ba:c9:7e:d8:30:a1:5d:66:12:2b:81:63:51:2f:
                    b1:5b:de:ed:af:0d:cb:05:80:60:33:39:ce:bd:e8:
                    8c:1f:68:77:84:de:20:eb:84:12:45:cf:36:13:06:
                    e4:e7:66:fb:e0:df:17:f7:1b:9a:af:1b:a8:4a:8a:
                    22:db:d6:73:48:17:36:b6:2a:75:5d:45:78:50:7c:
                    a3:ae:27:96:b4:3f:5b:29:a9:f7:bb:14:f6:45:4d:
                    84:0d:cb:83:b5:28:4e:6a:b8:af:5c:06:64:5b:21:
                    4a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:2B:1B:59:B6:C1:13:D2:56:BE:99:39:6F:46:FA:5C:08:A0:9E:20
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZysbWbbBE9JWvpk5b0b6XAigniA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:44:5f:b7:f0:f9:88:c6:b1:9c:a8:03:90:95:b6:25:0b:da:
         e5:f1:83:eb:2b:bc:69:c9:09:5c:5e:44:ad:6d:2b:21:10:98:
         74:ed:bc:5e:36:94:32:15:4e:ef:3b:45:19:b5:81:14:98:30:
         93:5b:36:a7:0a:e3:2a:f4:00:4c:1c:e7:76:fa:3c:e2:ee:6c:
         93:db:94:f0:bb:28:36:57:26:a8:39:0f:f6:96:cf:49:a9:45:
         13:97:87:96:81:99:15:4b:4c:2b:65:35:8b:be:ff:e7:d9:f4:
         40:d7:8e:f2:e6:bb:ea:78:3b:51:5b:43:d3:c5:33:a8:38:c3:
         d5:e9:3f:76:d5:54:fd:3a:c6:8c:a8:63:3b:b9:a0:e7:fd:50:
         6d:6a:f4:9c:04:44:97:13:35:ce:06:c1:05:50:e0:66:43:4a:
         fb:b6:5e:79:6e:bb:09:c0:e5:bf:f0:9c:d0:bb:e3:df:01:6a:
         18:1c:8d:33:3c:c0:41:85:05:7c:87:47:c4:40:16:3e:94:11:
         03:a0:29:43:00:5d:db:b6:eb:43:09:1f:39:4f:1f:33:76:f9:
         ef:49:10:1d:2a:af:13:5a:61:bd:e7:9e:c2:9d:8b:83:91:10:
         ba:ca:e8:bd:88:c0:9e:a3:6e:a7:de:c8:e6:26:35:7f:dc:d6:
         e5:f8:e8:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk928FDwhpK0FcTqb5o/t94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwOTEyMTIxNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzJiMWI1OWI2YzExM2QyNTZiZTk5Mzk2ZjQ2ZmE1YzA4YTA5ZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9b4br8g1NavrXPjdhjHdqgk2/giv
0shcrDplI2C5H4VuTpnDSPRwGhiLlfYgYJKUpjBQyMPMZd6PmBBIJFuuh/qXp9al
XQrWY+K9+CWgzH2npzA3EE1zXGyXm1L6Fi5mhya5arPoE/3ktvU3opLp1nlus0Us
3KPS4ebgPqBy7/sHLI+3cgHG8v2ip6MQnvDNdN6E62Cnusl+2DChXWYSK4FjUS+x
W97trw3LBYBgMznOveiMH2h3hN4g64QSRc82Ewbk52b74N8X9xuarxuoSooi29Zz
SBc2tip1XUV4UHyjrieWtD9bKan3uxT2RU2EDcuDtShOarivXAZkWyFK9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcrG1m2wRPSVr6ZOW9G+lwIoJ4gMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWnlzYldiYkJFOUpXdnBrNWIwYjZYQWlnbmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSpSMA0G
CSqGSIb3DQEBCwUAA4IBAQBHRF+38PmIxrGcqAOQlbYlC9rl8YPrK7xpyQlcXkSt
bSshEJh07bxeNpQyFU7vO0UZtYEUmDCTWzanCuMq9ABMHOd2+jzi7myT25Twuyg2
VyaoOQ/2ls9JqUUTl4eWgZkVS0wrZTWLvv/n2fRA147y5rvqeDtRW0PTxTOoOMPV
6T921VT9OsaMqGM7uaDn/VBtavScBESXEzXOBsEFUOBmQ0r7tl55brsJwOW/8JzQ
u+PfAWoYHI0zPMBBhQV8h0fEQBY+lBEDoClDAF3btutDCR85Tx8zdvnvSRAdKq8T
WmG9557CnYuDkRC6yui9iMCeo26n3sjmJjV/3Nbl+Oj1
-----END CERTIFICATE-----