Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/IUrMVagmilxCAS_WN8Pf-d5Z50g.roa
File:                     IUrMVagmilxCAS_WN8Pf-d5Z50g.roa (raw, json)
Hash identifier:          Wmip4XpiUnFjyrRaAjoUhpiVRCX51Enc1ewnv/G+Mm8=
Subject key identifier:   21:4A:CC:55:A8:26:8A:5C:42:01:2F:D6:37:C3:DF:F9:DE:59:E7:48
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D1FD0489040A5B1FB48F820E5451F
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/IUrMVagmilxCAS_WN8Pf-d5Z50g.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        89.33.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1f:d0:48:90:40:a5:b1:fb:48:f8:20:e5:45:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=214acc55a8268a5c42012fd637c3dff9de59e748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ca:71:52:4c:3d:9a:df:b5:9f:81:38:7a:85:
                    08:1f:ff:f4:5a:ff:d8:1c:21:77:a5:dd:89:39:81:
                    9f:ac:d1:80:d4:90:ec:af:75:af:af:31:4b:c9:aa:
                    d0:1b:14:ad:6c:e4:e9:d7:ab:db:ab:46:3d:7d:8f:
                    54:00:84:f6:c6:d0:f2:e6:6a:ca:71:fe:8a:36:90:
                    ee:40:d1:dc:37:b2:e3:f4:41:7a:b7:78:1a:87:18:
                    65:e5:d2:4b:30:54:03:45:40:1d:31:77:6e:c6:11:
                    1c:3f:bb:33:5f:e9:38:24:2c:d9:66:21:e2:fa:3b:
                    0b:7c:d2:01:b2:6a:0f:98:ee:6d:de:82:c3:ca:90:
                    19:43:65:e0:18:f0:8b:54:2e:90:3b:a4:9a:c7:dc:
                    ef:1b:a4:ef:c2:7c:01:7b:3c:63:ce:43:b0:6d:ed:
                    d1:e2:6b:91:f6:d1:2e:f0:f0:bc:0a:38:c0:c7:3a:
                    e4:fa:e2:ac:e0:78:2a:3d:f4:14:1f:80:33:b6:7f:
                    ad:ab:4e:2e:05:1d:bf:33:09:e5:a0:6b:a3:f5:b1:
                    95:74:6f:3c:4b:32:0d:b0:b5:46:98:03:48:df:fe:
                    dc:b4:f5:d5:71:77:7c:93:38:8c:68:f4:32:8a:a8:
                    38:10:f7:bc:a1:4d:95:31:91:c1:a3:61:dc:bf:b8:
                    0c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:4A:CC:55:A8:26:8A:5C:42:01:2F:D6:37:C3:DF:F9:DE:59:E7:48
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/IUrMVagmilxCAS_WN8Pf-d5Z50g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:66:6a:03:4b:84:67:82:f9:3c:d6:65:57:c6:c5:72:f0:15:
         af:fe:11:f2:ca:bf:fd:6c:5a:ba:f2:1d:f1:e6:d1:f1:4c:5e:
         a5:fd:73:a1:52:dc:11:4c:04:6c:3b:75:98:d3:45:3e:e1:e3:
         38:9f:60:b7:00:46:7a:8f:eb:96:37:c1:c7:f2:27:43:c5:fb:
         13:a6:f1:e2:7f:00:84:82:54:a5:ca:97:d9:89:0e:4e:3f:49:
         27:52:ac:31:f3:ba:7b:ac:00:77:37:45:3c:89:a1:be:d6:22:
         ad:3f:25:54:d1:0c:4e:c2:fe:10:0a:78:c3:d7:78:04:e0:ef:
         49:00:e7:bc:cc:92:86:d2:d1:6b:5e:e5:48:e8:37:eb:c5:f0:
         7b:4a:8f:2b:99:ec:b5:41:3a:38:30:a2:0b:c0:53:7c:90:0a:
         3a:96:18:8d:54:ed:60:80:6b:47:53:7f:c2:a5:3f:fb:97:16:
         75:f9:58:94:6d:e0:6e:8d:49:2b:01:e2:36:53:57:68:d2:99:
         03:13:18:0f:1e:e0:c2:33:44:7c:48:ce:b8:b4:d8:85:c4:8a:
         6b:ae:86:45:0c:97:3c:5a:55:1f:6e:b8:11:af:d6:ca:74:1d:
         d7:ce:a1:ae:62:f2:4b:ce:c3:f2:18:44:4f:e3:cd:d4:d8:54:
         2b:91:b8:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbR/QSJBApbH7SPgg5UUfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTRhY2M1NWE4MjY4YTVjNDIwMTJmZDYzN2MzZGZmOWRlNTllNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMpxUkw9mt+1n4E4eoUIH//0Wv/Y
HCF3pd2JOYGfrNGA1JDsr3WvrzFLyarQGxStbOTp16vbq0Y9fY9UAIT2xtDy5mrK
cf6KNpDuQNHcN7Lj9EF6t3gahxhl5dJLMFQDRUAdMXduxhEcP7szX+k4JCzZZiHi
+jsLfNIBsmoPmO5t3oLDypAZQ2XgGPCLVC6QO6Sax9zvG6TvwnwBezxjzkOwbe3R
4muR9tEu8PC8CjjAxzrk+uKs4HgqPfQUH4Aztn+tq04uBR2/MwnloGuj9bGVdG88
SzINsLVGmANI3/7ctPXVcXd8kziMaPQyiqg4EPe8oU2VMZHBo2Hcv7gM9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFKzFWoJopcQgEv1jfD3/neWedIMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSVVyTVZhZ21pbHhDQVNfV044UGYtZDVaNTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHAMA0G
CSqGSIb3DQEBCwUAA4IBAQBXZmoDS4Rngvk81mVXxsVy8BWv/hHyyr/9bFq68h3x
5tHxTF6l/XOhUtwRTARsO3WY00U+4eM4n2C3AEZ6j+uWN8HH8idDxfsTpvHifwCE
glSlypfZiQ5OP0knUqwx87p7rAB3N0U8iaG+1iKtPyVU0QxOwv4QCnjD13gE4O9J
AOe8zJKG0tFrXuVI6DfrxfB7So8rmey1QTo4MKILwFN8kAo6lhiNVO1ggGtHU3/C
pT/7lxZ1+ViUbeBujUkrAeI2U1do0pkDExgPHuDCM0R8SM64tNiFxIprroZFDJc8
WlUfbrgRr9bKdB3XzqGuYvJLzsPyGERP483U2FQrkbiO
-----END CERTIFICATE-----