Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mtvknlsePno3wI9QqoEtcD1y9NY.roa
File:                     mtvknlsePno3wI9QqoEtcD1y9NY.roa (raw, json)
Hash identifier:          /0EymuMV1j1gkIDnBb2kEOmzKVOOXtbRZiF+xOluqeM=
Subject key identifier:   9A:DB:E4:9E:5B:1E:3E:7A:37:C0:8F:50:AA:81:2D:70:3D:72:F4:D6
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019F0FF75A3028BE578CD003F3096FCD7ABB
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mtvknlsePno3wI9QqoEtcD1y9NY.roa
Signing time:             Sun 28 Jun 2026 20:41:36 +0000
ROA not before:           Sun 28 Jun 2026 20:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.82.0/23 maxlen: 23
                          93.113.179.0/24 maxlen: 24
                          93.114.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:0f:f7:5a:30:28:be:57:8c:d0:03:f3:09:6f:cd:7a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jun 28 20:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9adbe49e5b1e3e7a37c08f50aa812d703d72f4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a3:5a:92:b4:f7:5f:d8:9d:ff:14:68:00:6a:
                    e5:cd:2d:8b:0c:d8:4a:92:f9:a7:b5:e8:58:c4:87:
                    04:74:5b:1c:8f:1f:a9:23:df:19:34:03:24:68:d1:
                    a6:91:b8:c1:32:36:40:9f:6c:bb:fe:ce:e8:61:7a:
                    e3:f7:f6:08:c3:88:fc:ff:e1:9e:c9:42:34:dd:99:
                    f9:f5:40:6c:ee:cb:7b:b4:29:db:71:0f:03:0b:99:
                    6c:9b:ff:a3:5e:59:e6:b0:b9:89:1d:5a:30:be:7f:
                    b5:0a:3a:92:73:4c:c9:42:a3:5b:6f:5f:8e:04:9e:
                    7b:7d:8d:77:33:07:01:90:b3:7f:7a:fd:75:58:26:
                    80:d7:64:60:e4:b9:3b:a2:9b:05:9d:b3:96:ef:6f:
                    93:3f:42:69:6e:c9:83:9e:b5:7a:98:69:87:15:e3:
                    54:ec:ff:40:dd:6a:e1:fd:1d:6b:83:5a:1a:57:b7:
                    f7:3c:8f:69:11:c0:2e:f9:75:83:31:de:37:bf:29:
                    67:cb:27:3d:8a:b9:aa:52:05:94:38:13:1f:a2:7e:
                    3b:a0:a9:f3:e0:2f:b4:96:03:31:80:f5:46:9d:c7:
                    dd:1f:e3:fc:4d:74:73:6f:ca:71:ed:bf:ef:a7:57:
                    e7:22:fe:60:52:12:df:d3:b0:5b:21:53:97:5e:0c:
                    22:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:DB:E4:9E:5B:1E:3E:7A:37:C0:8F:50:AA:81:2D:70:3D:72:F4:D6
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mtvknlsePno3wI9QqoEtcD1y9NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.82.0/23
                  93.113.179.0/24
                  93.114.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:b3:5a:9e:5f:3f:51:51:a7:ac:4d:42:7d:c1:20:50:1a:c0:
         b5:27:08:6a:dd:21:b7:61:ce:bc:37:4a:f3:8e:bf:b1:68:ed:
         a8:02:b4:e5:84:02:d0:50:ea:f0:eb:ba:89:67:4a:70:ee:9d:
         b8:de:eb:55:ef:68:8b:35:fb:72:8a:f7:9d:db:4e:84:16:99:
         18:83:d3:3a:19:a4:06:52:67:6d:f9:15:df:c1:55:a6:7e:ec:
         ed:d0:ca:96:21:45:f8:54:de:15:a4:99:65:fc:73:ca:19:e6:
         ca:38:d8:17:c8:b4:7c:12:7c:3b:72:b4:f8:6f:9c:09:c5:d0:
         53:4f:6f:4b:b3:e5:39:30:67:d3:a0:20:88:17:c4:d5:35:c7:
         2c:38:c5:3f:74:83:6f:2b:f4:6f:3c:fb:af:84:8b:5c:c0:3f:
         75:6e:31:89:0e:14:60:01:3b:6e:23:1f:99:1a:c9:9b:63:12:
         39:da:0a:95:e9:32:62:7e:d7:f7:d3:b7:fd:02:23:b9:be:b0:
         16:52:0f:73:1a:b2:86:8c:c1:af:75:f7:95:87:a7:6f:ad:98:
         47:a6:74:0c:c3:09:6d:10:61:e5:4f:f1:3b:04:7f:e1:34:fd:
         8e:f0:e1:94:85:31:15:45:80:4f:83:36:e2:30:f6:d4:28:cf:
         a7:b4:cc:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8P91owKL5XjNAD8wlvzXq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNjI4MjA0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWRiZTQ5ZTViMWUzZTdhMzdjMDhmNTBhYTgxMmQ3MDNkNzJmNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKNakrT3X9id/xRoAGrlzS2LDNhK
kvmntehYxIcEdFscjx+pI98ZNAMkaNGmkbjBMjZAn2y7/s7oYXrj9/YIw4j8/+Ge
yUI03Zn59UBs7st7tCnbcQ8DC5lsm/+jXlnmsLmJHVowvn+1CjqSc0zJQqNbb1+O
BJ57fY13MwcBkLN/ev11WCaA12Rg5Lk7opsFnbOW72+TP0JpbsmDnrV6mGmHFeNU
7P9A3Wrh/R1rg1oaV7f3PI9pEcAu+XWDMd43vylnyyc9irmqUgWUOBMfon47oKnz
4C+0lgMxgPVGncfdH+P8TXRzb8px7b/vp1fnIv5gUhLf07BbIVOXXgwiSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJrb5J5bHj56N8CPUKqBLXA9cvTWMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvbXR2a25sc2VQbm8zd0k5UXFvRXRjRDF5OU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBWSpSAwQA
XXGzAwQAXXJZMA0GCSqGSIb3DQEBCwUAA4IBAQA0s1qeXz9RUaesTUJ9wSBQGsC1
Jwhq3SG3Yc68N0rzjr+xaO2oArTlhALQUOrw67qJZ0pw7p243utV72iLNftyived
206EFpkYg9M6GaQGUmdt+RXfwVWmfuzt0MqWIUX4VN4VpJll/HPKGebKONgXyLR8
Enw7crT4b5wJxdBTT29Ls+U5MGfToCCIF8TVNccsOMU/dINvK/RvPPuvhItcwD91
bjGJDhRgATtuIx+ZGsmbYxI52gqV6TJiftf307f9AiO5vrAWUg9zGrKGjMGvdfeV
h6dvrZhHpnQMwwltEGHlT/E7BH/hNP2O8OGUhTEVRYBPgzbiMPbUKM+ntMxO
-----END CERTIFICATE-----