Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/sxEjaAKzX8LwpSKw2OXWVoZsqXY.roa
File:                     sxEjaAKzX8LwpSKw2OXWVoZsqXY.roa (raw, json)
Hash identifier:          aZ6/8EJ333qDuQOMSpTkO+a37m+6JNhTYMwJhAlPyCY=
Subject key identifier:   B3:11:23:68:02:B3:5F:C2:F0:A5:22:B0:D8:E5:D6:56:86:6C:A9:76
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0197C462FADB4DDACD0FC1B8CC4EFECF6110
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/sxEjaAKzX8LwpSKw2OXWVoZsqXY.roa
Signing time:             Tue 01 Jul 2025 05:08:30 +0000
ROA not before:           Tue 01 Jul 2025 05:08:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:62:fa:db:4d:da:cd:0f:c1:b8:cc:4e:fe:cf:61:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jul  1 05:08:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b311236802b35fc2f0a522b0d8e5d656866ca976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8a:b3:6f:42:8f:55:05:19:d6:5a:a6:cd:dc:
                    f1:85:0a:bb:78:86:c0:51:89:a1:24:a1:db:5b:b9:
                    37:e7:cc:d1:ce:9b:12:1f:55:e1:23:30:91:ce:f5:
                    ac:8b:13:2a:3b:7c:2a:3b:85:42:b2:de:57:07:05:
                    00:77:b6:44:d6:b8:25:cb:c2:7d:27:f4:f2:2b:ae:
                    47:7c:1d:e2:9b:8f:92:39:de:95:9c:7f:9a:dd:5c:
                    99:de:b8:f4:3e:57:25:6b:f4:0f:e7:6f:40:ed:36:
                    64:b4:9a:82:84:6e:db:69:fa:de:a1:ee:4f:9a:74:
                    89:f5:63:1d:3c:64:f8:21:ce:78:3b:f0:45:a5:73:
                    b3:b4:56:97:0d:5f:19:12:8b:91:d6:81:d7:b8:4c:
                    b2:e8:f2:e8:99:ba:25:e5:53:82:3a:2c:aa:9c:8f:
                    e8:be:9a:c1:28:0a:56:75:0b:3a:a3:a4:eb:49:83:
                    72:65:42:44:87:15:c7:ca:f1:c2:9d:20:1e:ae:f5:
                    a2:8b:db:d8:c1:46:4a:a7:99:ed:2f:68:62:db:7c:
                    cd:f9:df:73:a2:22:74:82:2d:49:ea:16:e3:97:4a:
                    a9:bc:34:ea:1f:a8:3f:75:59:55:0d:0a:87:59:a4:
                    46:b8:75:63:4f:1f:7f:ae:4c:ab:82:35:08:4b:1a:
                    15:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:11:23:68:02:B3:5F:C2:F0:A5:22:B0:D8:E5:D6:56:86:6C:A9:76
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/sxEjaAKzX8LwpSKw2OXWVoZsqXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.81.0-89.42.83.255

    Signature Algorithm: sha256WithRSAEncryption
         57:fb:af:9d:8a:05:bc:dd:08:8d:1a:31:7b:9a:0d:ea:d7:25:
         1c:c8:24:39:9f:a3:1f:b9:ed:91:5a:3f:bc:75:3d:f2:de:67:
         d7:5b:87:28:c8:0d:7b:35:e6:ba:99:b0:b6:ab:1a:13:a5:45:
         11:f1:b7:7f:3b:b4:6e:f1:df:dd:5e:be:f1:1a:bf:91:89:24:
         41:48:04:61:99:11:13:92:ff:4a:4c:24:0b:90:f7:15:57:f5:
         85:5c:4b:56:cc:6f:66:67:37:33:f6:7c:ea:0a:12:98:89:87:
         22:88:1f:2f:7a:57:7a:3b:8f:2a:22:5d:a3:c2:ff:ea:68:59:
         f8:26:7d:52:12:fe:59:3b:36:b4:35:0d:e9:df:48:5b:34:64:
         86:7a:3f:c3:0b:19:fa:32:69:a1:94:d7:7c:e8:eb:7e:2c:c9:
         a3:92:36:f8:b4:2c:29:cf:47:f4:00:e0:02:8c:56:4d:75:ad:
         c9:8d:ee:52:91:bb:1e:e0:7f:c2:0e:d4:b3:c1:20:8d:30:82:
         b4:7e:13:16:df:9a:ad:28:90:72:24:28:41:69:39:96:23:17:
         aa:ce:5d:a7:b4:33:db:99:3e:06:4e:f3:63:d2:7c:1f:1c:21:
         45:85:f8:c1:c6:3c:55:fd:e9:a6:04:0d:96:13:71:2f:44:d3:
         f9:7e:58:55
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZfEYvrbTdrND8G4zE7+z2EQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwNzAxMDUwODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzExMjM2ODAyYjM1ZmMyZjBhNTIyYjBkOGU1ZDY1Njg2NmNhOTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoqzb0KPVQUZ1lqmzdzxhQq7eIbA
UYmhJKHbW7k358zRzpsSH1XhIzCRzvWsixMqO3wqO4VCst5XBwUAd7ZE1rgly8J9
J/TyK65HfB3im4+SOd6VnH+a3VyZ3rj0Plcla/QP529A7TZktJqChG7bafreoe5P
mnSJ9WMdPGT4Ic54O/BFpXOztFaXDV8ZEouR1oHXuEyy6PLombol5VOCOiyqnI/o
vprBKApWdQs6o6TrSYNyZUJEhxXHyvHCnSAervWii9vYwUZKp5ntL2hi23zN+d9z
oiJ0gi1J6hbjl0qpvDTqH6g/dVlVDQqHWaRGuHVjTx9/rkyrgjUISxoV2QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLMRI2gCs1/C8KUisNjl1laGbKl2MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvc3hFamFBS3pYOEx3cFNLdzJPWFdWb1pzcVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZKlED
BAJZKlAwDQYJKoZIhvcNAQELBQADggEBAFf7r52KBbzdCI0aMXuaDerXJRzIJDmf
ox+57ZFaP7x1PfLeZ9dbhyjIDXs15rqZsLarGhOlRRHxt387tG7x391evvEav5GJ
JEFIBGGZEROS/0pMJAuQ9xVX9YVcS1bMb2ZnNzP2fOoKEpiJhyKIHy96V3o7jyoi
XaPC/+poWfgmfVIS/lk7NrQ1DenfSFs0ZIZ6P8MLGfoyaaGU13zo634syaOSNvi0
LCnPR/QA4AKMVk11rcmN7lKRux7gf8IO1LPBII0wgrR+Exbfmq0okHIkKEFpOZYj
F6rOXae0M9uZPgZO82PSfB8cIUWF+MHGPFX96aYEDZYTcS9E0/l+WFU=
-----END CERTIFICATE-----