Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/KFkd0FtzN23XG1yz7KIW_sXDSf8.roa
File:                     KFkd0FtzN23XG1yz7KIW_sXDSf8.roa (raw, json)
Hash identifier:          4tAtRuNkaKgtN6XKkX5jAZIJaprfmE9d6BUWk5fm03A=
Subject key identifier:   28:59:1D:D0:5B:73:37:6D:D7:1B:5C:B3:EC:A2:16:FE:C5:C3:49:FF
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D1D475ACBDB50A188575AC678FFF3
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/KFkd0FtzN23XG1yz7KIW_sXDSf8.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        89.37.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1d:47:5a:cb:db:50:a1:88:57:5a:c6:78:ff:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28591dd05b73376dd71b5cb3eca216fec5c349ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c6:9e:14:7f:26:5b:81:be:4d:03:dc:ce:0f:
                    cb:eb:b6:35:38:ad:72:8a:fc:43:b5:7e:f0:f0:59:
                    9f:e5:65:99:6c:5b:7d:4a:82:a9:6c:48:ef:37:6f:
                    f1:e4:7d:14:b2:1f:15:45:65:84:93:5f:5b:46:fb:
                    43:6c:a8:d1:0c:07:dd:df:67:25:52:98:aa:ff:4d:
                    a3:ad:23:c7:d5:f9:f2:f4:b3:1f:ae:23:2c:f7:24:
                    18:b0:d9:67:bc:04:0f:37:55:6f:5c:39:de:db:96:
                    ac:43:ee:3c:89:e0:4f:c1:c0:b2:b1:5e:fd:51:3f:
                    e6:93:2a:27:da:23:51:68:45:45:12:45:fa:ac:fa:
                    8c:1a:fc:62:b9:41:3b:15:13:4b:d6:37:ee:3c:5c:
                    8c:c7:45:7c:cc:6d:ac:89:be:f4:6a:5b:15:f7:04:
                    d2:aa:67:07:c3:77:21:9b:a2:d3:75:f7:c9:23:78:
                    97:51:77:53:30:62:ed:f6:e9:a4:5e:5c:ff:02:5c:
                    c0:fe:ac:a0:a4:a8:24:64:88:f4:30:3f:7e:71:2e:
                    70:80:3b:e3:93:b0:63:d5:49:2f:b5:d3:43:2c:46:
                    59:3f:08:6a:4b:6c:c6:c3:e4:ec:9d:cf:9c:7d:27:
                    2c:f8:66:dd:db:69:f5:39:0c:3e:2a:d6:00:63:d3:
                    15:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:59:1D:D0:5B:73:37:6D:D7:1B:5C:B3:EC:A2:16:FE:C5:C3:49:FF
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/KFkd0FtzN23XG1yz7KIW_sXDSf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:47:dd:0c:48:41:cd:72:d8:15:02:21:f7:2b:5a:7d:54:1d:
         66:57:48:c0:4a:11:d7:f7:f5:57:2f:fc:7f:aa:46:4e:53:ed:
         c8:84:41:88:b9:63:47:6a:41:96:7c:6c:18:17:71:a9:2d:33:
         04:64:8f:e4:1c:10:e0:c9:f7:b6:37:e0:c7:17:5e:0d:59:fc:
         4c:ac:37:af:35:89:50:12:c2:a8:c3:4f:11:6a:6a:bc:3d:34:
         da:07:b4:42:4d:5f:38:1e:00:53:e8:d2:29:ce:e9:d1:c3:58:
         fc:f6:be:36:c0:2a:74:2a:9f:69:4b:a7:82:44:39:32:95:4b:
         b0:81:0b:c5:58:c1:95:21:e0:3d:36:88:f7:f5:af:7d:fd:45:
         02:f6:c8:48:54:bc:d6:3b:c1:69:1c:bf:ce:1f:14:e9:e5:fa:
         43:4b:9f:ce:88:74:19:25:eb:cb:59:34:71:6a:5f:33:d8:97:
         1b:5b:a3:a1:ec:54:ef:48:10:93:ab:0a:71:7a:29:b8:73:1c:
         e2:cb:ad:71:50:05:c2:d6:2f:84:74:b9:24:09:3a:09:09:a5:
         d4:aa:6c:51:b4:cb:40:e0:0f:87:f6:51:95:2d:ee:62:0c:c0:
         90:8a:41:cd:61:8b:f1:42:88:a5:3a:ca:32:d2:c4:7a:b8:30:
         03:fa:46:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbR1HWsvbUKGIV1rGeP/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODU5MWRkMDViNzMzNzZkZDcxYjVjYjNlY2EyMTZmZWM1YzM0OWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8aeFH8mW4G+TQPczg/L67Y1OK1y
ivxDtX7w8Fmf5WWZbFt9SoKpbEjvN2/x5H0Ush8VRWWEk19bRvtDbKjRDAfd32cl
Upiq/02jrSPH1fny9LMfriMs9yQYsNlnvAQPN1VvXDne25asQ+48ieBPwcCysV79
UT/mkyon2iNRaEVFEkX6rPqMGvxiuUE7FRNL1jfuPFyMx0V8zG2sib70alsV9wTS
qmcHw3chm6LTdffJI3iXUXdTMGLt9umkXlz/AlzA/qygpKgkZIj0MD9+cS5wgDvj
k7Bj1UkvtdNDLEZZPwhqS2zGw+Tsnc+cfScs+Gbd22n1OQw+KtYAY9MVcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChZHdBbczdt1xtcs+yiFv7Fw0n/MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvS0ZrZDBGdHpOMjNYRzF5ejdLSVdfc1hEU2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSXFMA0G
CSqGSIb3DQEBCwUAA4IBAQAYR90MSEHNctgVAiH3K1p9VB1mV0jAShHX9/VXL/x/
qkZOU+3IhEGIuWNHakGWfGwYF3GpLTMEZI/kHBDgyfe2N+DHF14NWfxMrDevNYlQ
EsKow08Ramq8PTTaB7RCTV84HgBT6NIpzunRw1j89r42wCp0Kp9pS6eCRDkylUuw
gQvFWMGVIeA9Noj39a99/UUC9shIVLzWO8FpHL/OHxTp5fpDS5/OiHQZJevLWTRx
al8z2JcbW6Oh7FTvSBCTqwpxeim4cxziy61xUAXC1i+EdLkkCToJCaXUqmxRtMtA
4A+H9lGVLe5iDMCQikHNYYvxQoilOsoy0sR6uDAD+kZN
-----END CERTIFICATE-----