Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/hBL-A4FHheliH2L3sDyGG-fBgnE.roa
File:                     hBL-A4FHheliH2L3sDyGG-fBgnE.roa (raw, json)
Hash identifier:          RZdHyNQLK9maK2PadwRAhQryHZsY9oCJUHSXKW+fmII=
Subject key identifier:   84:12:FE:03:81:47:85:E9:62:1F:62:F7:B0:3C:86:1B:E7:C1:82:71
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0198855658D23A7F062AD98BDEE846072702
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/hBL-A4FHheliH2L3sDyGG-fBgnE.roa
Signing time:             Thu 07 Aug 2025 16:21:25 +0000
ROA not before:           Thu 07 Aug 2025 16:21:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        89.47.100.0/24 maxlen: 24
                          93.113.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:85:56:58:d2:3a:7f:06:2a:d9:8b:de:e8:46:07:27:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Aug  7 16:21:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8412fe03814785e9621f62f7b03c861be7c18271
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ac:32:48:33:c1:d4:d8:6d:55:37:67:46:90:
                    68:25:02:91:5d:88:88:c7:59:c8:b8:ad:64:08:ad:
                    e4:0e:86:48:e8:d0:f9:d7:e0:ea:40:de:b7:13:2e:
                    80:85:92:58:14:e6:80:75:68:a7:98:46:f1:ae:a0:
                    07:97:3e:77:1f:1a:21:f6:8b:02:94:af:2b:0b:64:
                    1b:48:88:50:65:60:36:11:97:cf:aa:90:31:89:4b:
                    9e:55:05:5d:44:14:c7:b9:a1:c9:4f:93:eb:f0:d5:
                    f2:a3:84:4e:a3:dc:d4:bd:3e:57:2d:fb:25:f5:a4:
                    4f:b5:cb:98:53:35:6f:44:db:19:f7:32:7c:81:e6:
                    e8:70:fe:45:c0:04:2d:37:53:f7:f1:b6:2a:ce:81:
                    62:53:73:fe:50:05:88:7f:9d:81:7f:b0:61:32:08:
                    b4:78:6e:d2:d0:f9:76:da:2f:7a:2d:67:f1:d0:08:
                    84:6d:5a:4d:89:1f:2f:0d:65:18:3d:7c:62:16:46:
                    a4:e8:11:6f:c3:5e:22:d9:17:1f:5d:ef:fd:c0:68:
                    7d:b9:da:c8:d3:1c:47:fb:b0:25:da:03:64:2c:55:
                    20:f8:dd:99:a4:c5:40:e4:35:f7:e5:85:d6:39:10:
                    f3:45:39:a4:56:e6:9d:a5:c5:b5:e6:94:18:dc:e6:
                    0e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:12:FE:03:81:47:85:E9:62:1F:62:F7:B0:3C:86:1B:E7:C1:82:71
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/hBL-A4FHheliH2L3sDyGG-fBgnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.100.0/24
                  93.113.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:57:25:8c:3e:95:68:ea:4f:a4:48:67:12:6b:45:72:3c:7d:
         c2:99:02:f7:c8:c1:f7:79:26:60:42:f2:f4:b0:fd:cb:00:77:
         63:21:52:10:19:60:6b:05:15:0f:9d:6a:65:11:ae:22:64:84:
         87:35:d6:f4:9b:50:09:16:f7:47:d9:7e:10:66:41:ee:4c:8a:
         a8:db:44:47:ce:78:b4:aa:19:69:be:93:d6:fd:12:01:b2:95:
         05:95:0b:33:f9:c9:5d:5a:1d:14:45:c4:a3:36:dd:bc:08:aa:
         cb:a0:9e:50:3d:e9:04:25:c6:d1:86:2d:16:bc:2a:5a:c4:ba:
         87:31:4b:bb:8d:c3:65:d2:2d:17:65:bd:02:06:97:ea:fb:6e:
         83:c6:e3:6b:ea:af:d0:b9:94:2b:6d:07:63:a2:40:89:04:f6:
         ba:ac:64:44:97:1d:21:16:2c:bc:b6:82:9a:ed:53:54:f8:88:
         71:ed:ae:51:67:d5:8f:29:3b:c2:59:8b:21:ad:1f:f2:48:5d:
         9f:bc:84:6e:6d:49:7c:87:07:c2:a8:b5:18:12:a6:e6:98:f9:
         b7:05:58:87:f8:94:1e:2e:c2:04:a3:56:eb:4d:2d:ee:27:73:
         0f:ec:16:6a:37:25:5e:e3:a8:6e:8c:75:23:bd:5e:59:22:13:
         6c:83:6e:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiFVljSOn8GKtmL3uhGBycCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwODA3MTYyMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDEyZmUwMzgxNDc4NWU5NjIxZjYyZjdiMDNjODYxYmU3YzE4MjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqwySDPB1NhtVTdnRpBoJQKRXYiI
x1nIuK1kCK3kDoZI6ND51+DqQN63Ey6AhZJYFOaAdWinmEbxrqAHlz53Hxoh9osC
lK8rC2QbSIhQZWA2EZfPqpAxiUueVQVdRBTHuaHJT5Pr8NXyo4ROo9zUvT5XLfsl
9aRPtcuYUzVvRNsZ9zJ8gebocP5FwAQtN1P38bYqzoFiU3P+UAWIf52Bf7BhMgi0
eG7S0Pl22i96LWfx0AiEbVpNiR8vDWUYPXxiFkak6BFvw14i2RcfXe/9wGh9udrI
0xxH+7Al2gNkLFUg+N2ZpMVA5DX35YXWORDzRTmkVuadpcW15pQY3OYOowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIQS/gOBR4XpYh9i97A8hhvnwYJxMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvaEJMLUE0RkhoZWxpSDJMM3NEeUdHLWZCZ25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS9kAwQA
XXGxMA0GCSqGSIb3DQEBCwUAA4IBAQB5VyWMPpVo6k+kSGcSa0VyPH3CmQL3yMH3
eSZgQvL0sP3LAHdjIVIQGWBrBRUPnWplEa4iZISHNdb0m1AJFvdH2X4QZkHuTIqo
20RHzni0qhlpvpPW/RIBspUFlQsz+cldWh0URcSjNt28CKrLoJ5QPekEJcbRhi0W
vCpaxLqHMUu7jcNl0i0XZb0CBpfq+26DxuNr6q/QuZQrbQdjokCJBPa6rGRElx0h
Fiy8toKa7VNU+Ihx7a5RZ9WPKTvCWYshrR/ySF2fvIRubUl8hwfCqLUYEqbmmPm3
BViH+JQeLsIEo1brTS3uJ3MP7BZqNyVe46hujHUjvV5ZIhNsg26Z
-----END CERTIFICATE-----