Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mEbuFmdX2DMTzg-NbhetnOxgbGQ.roa
File:                     mEbuFmdX2DMTzg-NbhetnOxgbGQ.roa (raw, json)
Hash identifier:          1xhvpy2pp4qYUvTMafxpo+AcElx5tKTYc+bCT3KtBBo=
Subject key identifier:   98:46:EE:16:67:57:D8:33:13:CE:0F:8D:6E:17:AD:9C:EC:60:6C:64
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0196B6590A6A12C5335972BEA6FF3F3FE46A
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mEbuFmdX2DMTzg-NbhetnOxgbGQ.roa
Signing time:             Fri 09 May 2025 18:40:10 +0000
ROA not before:           Fri 09 May 2025 18:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400402
IP address blocks:        89.42.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b6:59:0a:6a:12:c5:33:59:72:be:a6:ff:3f:3f:e4:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May  9 18:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9846ee166757d83313ce0f8d6e17ad9cec606c64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ac:1b:0f:e0:b3:bc:57:d0:fd:d5:df:9e:aa:
                    d7:52:27:aa:cb:2c:de:b9:eb:4b:54:a7:93:de:ab:
                    25:82:3f:3d:cb:6f:e5:9c:38:d2:49:2f:98:56:28:
                    7d:23:0e:2a:47:57:20:74:ef:e3:34:88:4a:92:3d:
                    85:3f:a2:77:f5:63:bc:14:03:f8:0d:e4:9a:95:01:
                    ab:7e:5a:94:00:17:b2:54:ee:80:34:04:0b:46:9e:
                    f1:02:ab:8d:7d:38:8b:a9:99:9a:1b:f3:2c:9e:9a:
                    c5:64:b3:89:66:b4:14:12:b9:07:b0:e3:e8:d8:db:
                    e4:1b:48:a6:3d:f0:90:86:b1:1d:10:25:d8:6c:c0:
                    a5:3f:93:24:a1:bf:81:d1:da:2a:0b:98:b9:21:ea:
                    6f:6e:4f:c5:dc:5f:78:06:26:9f:af:95:84:71:50:
                    0d:d4:0c:a9:98:70:21:92:05:c5:0e:33:68:70:c7:
                    32:42:6a:42:93:47:5e:28:bb:86:69:f5:e2:f9:56:
                    a5:0b:23:6a:7d:de:b2:fe:27:a4:c7:73:91:83:49:
                    7d:50:58:de:b5:aa:4a:f0:23:c7:c4:01:75:f1:06:
                    4f:8d:51:76:1d:d6:5c:cb:c1:6f:a8:1f:6e:d3:e7:
                    44:93:6b:fb:d4:ad:e5:3d:e9:bb:c7:bb:72:03:6d:
                    ae:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:46:EE:16:67:57:D8:33:13:CE:0F:8D:6E:17:AD:9C:EC:60:6C:64
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mEbuFmdX2DMTzg-NbhetnOxgbGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:9e:0e:2b:31:07:31:11:77:01:a6:a0:50:82:01:c9:7b:31:
         96:f6:e3:b3:6a:74:1a:4d:23:37:85:b8:4f:f0:d8:71:37:2a:
         72:9b:be:a5:1a:7e:58:52:ea:2a:8d:a5:68:d5:26:94:1b:42:
         3c:df:b1:bb:13:3a:1b:bd:81:e8:c6:d0:55:c9:7f:5c:21:e4:
         da:ef:8c:4b:36:cb:e2:50:3e:ad:b0:5f:c8:d9:e5:89:28:04:
         82:ca:e1:a0:43:87:2f:20:bf:28:00:67:13:6c:65:c7:a9:cf:
         06:9c:6f:b4:e0:0c:a7:5d:41:4c:51:ab:39:4f:6f:d9:f0:09:
         19:02:b3:4d:b0:ca:db:d0:ce:22:c5:45:ce:71:c5:53:df:32:
         42:7d:6e:c9:6f:80:69:d3:65:8b:3a:e7:30:d3:38:92:c8:92:
         51:40:28:eb:94:b7:e1:03:5b:fa:46:4c:6d:cd:50:f3:cd:fc:
         84:2b:39:06:ca:08:72:0b:09:ee:5d:ee:bb:2b:02:f1:4f:cc:
         ac:26:ee:d4:53:88:c0:58:7c:db:ac:5d:8d:8c:66:6a:e4:01:
         d5:e3:c7:7d:a6:45:37:ad:3e:e2:8f:7f:39:01:08:a7:c6:92:
         3f:c2:44:c6:68:7b:cd:fc:b0:78:27:7f:68:de:41:43:87:11:
         c8:07:5b:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa2WQpqEsUzWXK+pv8/P+RqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwNTA5MTg0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODQ2ZWUxNjY3NTdkODMzMTNjZTBmOGQ2ZTE3YWQ5Y2VjNjA2YzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6wbD+CzvFfQ/dXfnqrXUieqyyze
uetLVKeT3qslgj89y2/lnDjSSS+YVih9Iw4qR1cgdO/jNIhKkj2FP6J39WO8FAP4
DeSalQGrflqUABeyVO6ANAQLRp7xAquNfTiLqZmaG/MsnprFZLOJZrQUErkHsOPo
2NvkG0imPfCQhrEdECXYbMClP5Mkob+B0doqC5i5Iepvbk/F3F94Biafr5WEcVAN
1AypmHAhkgXFDjNocMcyQmpCk0deKLuGafXi+ValCyNqfd6y/iekx3ORg0l9UFje
tapK8CPHxAF18QZPjVF2HdZcy8FvqB9u0+dEk2v71K3lPem7x7tyA22uWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhG7hZnV9gzE84PjW4XrZzsYGxkMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvbUVidUZtZFgyRE1UemctTmJoZXRuT3hnYkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSpXMA0G
CSqGSIb3DQEBCwUAA4IBAQBong4rMQcxEXcBpqBQggHJezGW9uOzanQaTSM3hbhP
8NhxNypym76lGn5YUuoqjaVo1SaUG0I837G7EzobvYHoxtBVyX9cIeTa74xLNsvi
UD6tsF/I2eWJKASCyuGgQ4cvIL8oAGcTbGXHqc8GnG+04AynXUFMUas5T2/Z8AkZ
ArNNsMrb0M4ixUXOccVT3zJCfW7Jb4Bp02WLOucw0ziSyJJRQCjrlLfhA1v6Rkxt
zVDzzfyEKzkGyghyCwnuXe67KwLxT8ysJu7UU4jAWHzbrF2NjGZq5AHV48d9pkU3
rT7ij385AQinxpI/wkTGaHvN/LB4J39o3kFDhxHIB1s8
-----END CERTIFICATE-----