Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DyL5-6LwrHkQT4hgpCFVu35qiRs.roa
File:                     DyL5-6LwrHkQT4hgpCFVu35qiRs.roa (raw, json)
Hash identifier:          icP9Fm8Td3ub1bk5Ajj11rtTnOIuu8NubUyvJdO7xBo=
Subject key identifier:   0F:22:F9:FB:A2:F0:AC:79:10:4F:88:60:A4:21:55:BB:7E:6A:89:1B
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6B7E1FC440C38CAF0BA0C4521CAAF
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DyL5-6LwrHkQT4hgpCFVu35qiRs.roa
Signing time:             Wed 01 Jan 2025 21:47:41 +0000
ROA not before:           Wed 01 Jan 2025 21:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        89.37.196.0/24 maxlen: 24
                          89.47.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b7:e1:fc:44:0c:38:ca:f0:ba:0c:45:21:ca:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f22f9fba2f0ac79104f8860a42155bb7e6a891b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c0:20:95:91:f7:fa:a5:24:9a:21:1e:97:ca:
                    f1:99:11:6f:c3:9d:9b:3c:48:41:ef:10:94:ac:a4:
                    38:16:6a:ac:b4:87:b3:46:ad:bf:8d:32:3a:38:aa:
                    38:33:49:a5:be:66:87:be:a4:c5:4a:8c:dc:6a:a6:
                    3b:82:8f:a4:06:c0:ab:fa:51:0a:a8:2b:4d:51:99:
                    10:37:b5:f4:2a:55:5b:36:2a:78:af:a0:0b:b8:47:
                    19:9f:3f:16:0a:7b:82:67:8b:13:6d:91:96:64:66:
                    ed:e3:3c:7f:36:66:91:17:75:19:20:27:1d:31:e1:
                    c7:b9:29:c0:a9:83:19:c9:28:af:40:96:60:3e:d0:
                    01:5d:b4:58:85:ae:c4:d9:5a:f4:28:9d:d1:17:de:
                    73:fc:e7:e0:c3:00:76:4c:d0:fb:f1:22:3b:c9:4f:
                    f0:16:8e:b7:1d:42:69:5e:00:9c:a5:20:4d:c6:1a:
                    46:ef:1f:e1:a9:5e:3c:c5:07:6a:bf:6e:5d:c1:c2:
                    0e:b4:45:55:7c:88:a4:a5:8c:47:33:c9:91:8b:b6:
                    5a:d3:96:f4:d3:6d:37:8b:14:74:0c:a8:2d:c2:81:
                    94:cd:3c:fe:83:4b:ca:18:3a:f8:44:ee:61:14:42:
                    6b:a7:d0:3e:d0:5a:db:ca:24:df:56:6b:3c:09:22:
                    0e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:22:F9:FB:A2:F0:AC:79:10:4F:88:60:A4:21:55:BB:7E:6A:89:1B
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DyL5-6LwrHkQT4hgpCFVu35qiRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.196.0/24
                  89.47.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:bd:8e:34:d6:03:b6:b6:2a:7b:3f:a1:32:af:15:e5:e9:dd:
         77:88:bb:e1:b8:42:ac:2c:8e:e7:3a:d6:93:57:fe:d4:c1:95:
         1e:f0:42:67:1a:94:b5:93:ac:3b:8f:07:f9:08:e5:33:de:9b:
         f8:50:a8:b2:a1:0a:c4:bc:e5:9e:3d:8e:b6:92:d0:f6:16:aa:
         e0:37:86:1f:17:2a:2c:7f:c6:4a:fe:41:02:c1:fa:b7:60:36:
         4f:c0:76:f9:22:c9:82:9b:7b:ee:04:73:db:7a:0c:72:44:4f:
         33:75:8e:2a:b5:3c:b3:44:b1:8e:07:b9:c8:36:ad:37:ce:ac:
         5a:d8:bb:ce:25:6f:d5:95:e4:5e:b0:9e:24:18:3c:cb:6f:71:
         8c:85:84:55:a7:87:d2:75:b2:14:75:81:c2:2e:aa:d7:6b:a4:
         c0:6a:94:fc:42:1a:ae:d0:8e:d1:80:65:49:cc:77:c0:63:81:
         33:cd:22:43:30:fa:b9:11:ae:e2:43:ad:19:bc:17:89:dc:53:
         0b:24:1b:29:71:c1:c3:70:3a:52:50:e3:d7:97:5f:60:80:45:
         d8:d0:53:69:9d:c3:d4:b1:4a:61:71:5c:11:4b:1d:a7:04:b2:
         37:f5:df:ef:e7:7a:7b:70:e0:bb:2f:43:5e:39:e4:ab:75:99:
         da:eb:29:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1rfh/EQMOMrwugxFIcqvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIyZjlmYmEyZjBhYzc5MTA0Zjg4NjBhNDIxNTViYjdlNmE4OTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcAglZH3+qUkmiEel8rxmRFvw52b
PEhB7xCUrKQ4FmqstIezRq2/jTI6OKo4M0mlvmaHvqTFSozcaqY7go+kBsCr+lEK
qCtNUZkQN7X0KlVbNip4r6ALuEcZnz8WCnuCZ4sTbZGWZGbt4zx/NmaRF3UZICcd
MeHHuSnAqYMZySivQJZgPtABXbRYha7E2Vr0KJ3RF95z/OfgwwB2TND78SI7yU/w
Fo63HUJpXgCcpSBNxhpG7x/hqV48xQdqv25dwcIOtEVVfIikpYxHM8mRi7Za05b0
0203ixR0DKgtwoGUzTz+g0vKGDr4RO5hFEJrp9A+0FrbyiTfVms8CSIOYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA8i+fui8Kx5EE+IYKQhVbt+aokbMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvRHlMNS02THdySGtRVDRoZ3BDRlZ1MzVxaVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSXEAwQA
WS90MA0GCSqGSIb3DQEBCwUAA4IBAQBrvY401gO2tip7P6EyrxXl6d13iLvhuEKs
LI7nOtaTV/7UwZUe8EJnGpS1k6w7jwf5COUz3pv4UKiyoQrEvOWePY62ktD2Fqrg
N4YfFyosf8ZK/kECwfq3YDZPwHb5IsmCm3vuBHPbegxyRE8zdY4qtTyzRLGOB7nI
Nq03zqxa2LvOJW/VleResJ4kGDzLb3GMhYRVp4fSdbIUdYHCLqrXa6TAapT8Qhqu
0I7RgGVJzHfAY4EzzSJDMPq5Ea7iQ60ZvBeJ3FMLJBspccHDcDpSUOPXl19ggEXY
0FNpncPUsUphcVwRSx2nBLI39d/v53p7cOC7L0NeOeSrdZna6ykx
-----END CERTIFICATE-----