Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/o-dDEKiSu7_0pUwNc4XEG4G2ylI.roa
File:                     o-dDEKiSu7_0pUwNc4XEG4G2ylI.roa (raw, json)
Hash identifier:          br+2tbjvY32GU4ya2T5lDN+mS+Pd9QOda8urMruvd5k=
Subject key identifier:   A3:E7:43:10:A8:92:BB:BF:F4:A5:4C:0D:73:85:C4:1B:81:B6:CA:52
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019CB2C7D739021FACFB1F1332BDA1782C16
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/o-dDEKiSu7_0pUwNc4XEG4G2ylI.roa
Signing time:             Tue 03 Mar 2026 08:19:27 +0000
ROA not before:           Tue 03 Mar 2026 08:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215059
IP address blocks:        89.33.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b2:c7:d7:39:02:1f:ac:fb:1f:13:32:bd:a1:78:2c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar  3 08:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3e74310a892bbbff4a54c0d7385c41b81b6ca52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9b:79:2e:c1:c5:b4:a1:00:6d:e0:fa:a3:dc:
                    b8:1e:ec:57:9c:a4:f8:98:f8:50:04:cf:88:d7:04:
                    c4:43:71:b9:f0:f6:e0:89:90:e5:ae:3d:92:71:df:
                    b2:b4:ef:24:31:c9:2a:08:5e:4f:36:39:78:69:46:
                    c7:c2:8c:f9:0d:12:98:2c:1d:db:b2:a6:3d:e5:bd:
                    44:50:65:86:14:6e:4e:b7:9b:35:6e:a5:2e:74:c3:
                    99:a1:4d:6a:cc:91:3b:11:d9:97:a3:a7:bd:2a:eb:
                    c0:43:83:71:6d:f4:2b:31:eb:ac:02:c0:e5:bf:c4:
                    81:d9:dd:de:e8:68:58:c4:36:27:5f:e7:2e:e8:5c:
                    d3:b0:cf:37:d0:07:0d:0d:6b:1e:52:8c:18:cc:d9:
                    28:d4:5d:78:98:0a:2a:9e:95:21:4d:87:f8:d3:a1:
                    56:0d:55:e6:4d:9a:7c:e3:56:76:bf:18:5c:9b:95:
                    54:a3:75:a7:bd:be:bf:ae:2c:1b:fe:2b:34:e0:ac:
                    7b:83:61:a5:b6:62:ad:08:25:73:85:29:57:47:b0:
                    13:5f:87:58:a8:35:f4:53:7d:69:da:d2:5e:c5:b5:
                    21:91:88:15:f3:7b:67:b8:f0:8c:f2:97:56:da:a1:
                    c9:e5:04:a6:c5:0d:89:27:20:e3:e4:d3:07:fe:3e:
                    83:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E7:43:10:A8:92:BB:BF:F4:A5:4C:0D:73:85:C4:1B:81:B6:CA:52
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/o-dDEKiSu7_0pUwNc4XEG4G2ylI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:d8:39:bd:e1:ce:4b:41:5b:59:ad:50:ec:7f:01:f4:94:87:
         16:01:7d:af:0f:df:a8:e5:6b:00:1c:12:88:1f:ec:9e:4a:3c:
         e8:4a:f9:8d:a3:89:2d:89:8f:8b:39:56:98:67:c9:99:0c:9e:
         1e:4a:3d:3c:0b:48:be:6d:27:11:20:84:d8:47:86:51:c9:2a:
         00:17:b2:a1:45:e8:af:61:d2:6d:af:50:0a:19:a5:b8:59:bf:
         ec:9f:ae:d7:50:8f:ab:9b:f3:97:dd:ee:58:0d:94:fe:8c:cd:
         45:8d:8d:80:00:2b:ae:ca:95:83:c8:ea:5f:73:38:bd:69:a8:
         fd:3a:b2:95:89:7a:57:35:80:38:6d:f6:4a:db:8c:a3:4e:a2:
         2b:72:18:a6:04:07:e9:31:99:6f:7e:ea:14:20:ff:20:b2:3e:
         69:f4:06:d1:50:42:c2:02:57:22:ea:7d:8d:84:ee:6a:ea:82:
         4c:79:12:6b:12:0d:74:55:ca:3e:c1:07:f1:1b:b7:fd:98:72:
         ff:d7:4a:13:e9:04:a5:60:14:9f:97:28:c7:ea:e1:5b:9c:fa:
         35:d2:f4:76:05:5f:b4:06:f7:18:15:00:ad:4b:be:d7:f6:fd:
         32:82:8b:4f:3b:b3:22:7c:5b:c5:6b:e9:40:fa:46:f9:19:4a:
         27:ed:4a:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyyx9c5Ah+s+x8TMr2heCwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMzAzMDgxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2U3NDMxMGE4OTJiYmJmZjRhNTRjMGQ3Mzg1YzQxYjgxYjZjYTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJt5LsHFtKEAbeD6o9y4HuxXnKT4
mPhQBM+I1wTEQ3G58PbgiZDlrj2Scd+ytO8kMckqCF5PNjl4aUbHwoz5DRKYLB3b
sqY95b1EUGWGFG5Ot5s1bqUudMOZoU1qzJE7EdmXo6e9KuvAQ4NxbfQrMeusAsDl
v8SB2d3e6GhYxDYnX+cu6FzTsM830AcNDWseUowYzNko1F14mAoqnpUhTYf406FW
DVXmTZp841Z2vxhcm5VUo3Wnvb6/riwb/is04Kx7g2GltmKtCCVzhSlXR7ATX4dY
qDX0U31p2tJexbUhkYgV83tnuPCM8pdW2qHJ5QSmxQ2JJyDj5NMH/j6D5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPnQxCokru/9KVMDXOFxBuBtspSMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvby1kREVLaVN1N18wcFV3TmM0WEVHNEcyeWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHBMA0G
CSqGSIb3DQEBCwUAA4IBAQBM2Dm94c5LQVtZrVDsfwH0lIcWAX2vD9+o5WsAHBKI
H+yeSjzoSvmNo4ktiY+LOVaYZ8mZDJ4eSj08C0i+bScRIITYR4ZRySoAF7KhReiv
YdJtr1AKGaW4Wb/sn67XUI+rm/OX3e5YDZT+jM1FjY2AACuuypWDyOpfczi9aaj9
OrKViXpXNYA4bfZK24yjTqIrchimBAfpMZlvfuoUIP8gsj5p9AbRUELCAlci6n2N
hO5q6oJMeRJrEg10Vco+wQfxG7f9mHL/10oT6QSlYBSflyjH6uFbnPo10vR2BV+0
BvcYFQCtS77X9v0ygotPO7MifFvFa+lA+kb5GUon7Upf
-----END CERTIFICATE-----