Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3JCKR735bfAZHzn0fzjCMga5eLM.roa
File:                     3JCKR735bfAZHzn0fzjCMga5eLM.roa (raw, json)
Hash identifier:          dfJHw/yzcdQzLGENGWGMl+oqaZt7RQCF5ygn/nxTqSQ=
Subject key identifier:   DC:90:8A:47:BD:F9:6D:F0:19:1F:39:F4:7F:38:C2:32:06:B9:78:B3
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D2C49947AD0D6FA5B7A128C179217
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3JCKR735bfAZHzn0fzjCMga5eLM.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199414
IP address blocks:        89.33.12.0/24 maxlen: 24
                          89.46.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2c:49:94:7a:d0:d6:fa:5b:7a:12:8c:17:92:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc908a47bdf96df0191f39f47f38c23206b978b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:25:30:86:43:e2:35:43:6d:89:3f:31:f2:1d:
                    62:00:50:b2:2a:fe:1a:92:fb:36:f7:6e:54:90:37:
                    b1:e0:63:ea:3b:8d:77:d8:53:2b:e1:74:ab:1a:53:
                    f7:43:13:f1:1a:23:e1:c5:22:d2:9e:2f:d1:20:30:
                    e5:5c:0d:41:2d:8a:55:a8:ad:58:65:68:c3:37:f5:
                    27:cd:fe:c4:e9:6b:ac:d2:2c:54:26:c8:08:9a:d0:
                    a9:e4:5e:af:d5:13:44:32:a2:f2:29:20:b1:51:0f:
                    97:bc:44:6f:a6:d4:67:81:07:11:bd:7d:17:5c:24:
                    cb:02:06:62:10:a4:ae:84:40:53:9a:12:0c:da:f2:
                    72:b0:96:90:40:0a:5b:01:54:67:6d:18:4a:c7:9e:
                    af:cc:f0:09:5d:bf:95:09:95:75:00:ca:81:74:5f:
                    26:84:23:b4:20:0b:85:0c:b9:e0:71:15:9b:b1:68:
                    b9:19:92:2a:98:9c:93:5c:13:60:5c:36:87:de:7a:
                    57:17:a3:a0:7b:92:05:47:99:df:ea:ba:3a:9a:12:
                    b6:c4:99:f0:52:57:da:ba:75:12:53:92:58:08:d5:
                    66:30:19:4a:53:ec:cb:c1:70:fe:9b:72:8d:c6:03:
                    54:8b:28:08:8b:15:69:ff:c9:d9:3d:82:83:bd:0b:
                    ea:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:90:8A:47:BD:F9:6D:F0:19:1F:39:F4:7F:38:C2:32:06:B9:78:B3
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3JCKR735bfAZHzn0fzjCMga5eLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.12.0/24
                  89.46.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:73:2a:ea:49:68:3f:1f:3d:bf:b8:70:fc:24:bd:b0:e3:00:
         31:a6:e2:c7:a3:cc:f3:f1:f4:d2:cf:07:7b:5f:7d:d3:84:87:
         ef:7a:f7:74:23:39:53:ec:93:d1:2a:dd:b0:61:f2:8e:b5:18:
         25:a3:a3:7c:2d:2f:a8:4f:cd:cf:c1:cf:e1:71:99:54:8c:29:
         44:79:6b:e8:5f:ad:8f:3e:b6:f0:f2:a0:f0:a9:e5:e0:d7:33:
         aa:ed:f7:a8:6c:ce:27:6d:37:70:45:c2:b2:63:2b:07:98:73:
         0f:d8:48:88:16:1a:98:a4:84:55:18:48:1d:8b:06:0f:76:05:
         4e:25:c8:b3:ad:72:1f:0d:86:0a:13:7a:4b:ce:7f:ad:6d:3b:
         83:ff:15:94:1d:ee:ab:83:26:5f:72:d2:aa:0a:38:44:28:7a:
         b9:76:6e:88:7b:70:90:21:c3:6e:7a:36:e1:1f:4c:4c:2f:a0:
         24:c0:e3:20:42:61:45:3f:d7:19:1c:a7:7b:6f:56:ea:b2:18:
         bd:2e:11:51:d2:c1:82:c5:94:24:44:56:94:26:5a:1f:66:65:
         3c:1e:56:81:cb:0e:49:18:a4:a5:0f:1b:a0:ce:4e:55:d8:51:
         3b:82:82:08:18:74:7c:5b:94:9a:34:70:3a:3d:fe:a2:47:6b:
         64:c1:20:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbSxJlHrQ1vpbehKMF5IXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzkwOGE0N2JkZjk2ZGYwMTkxZjM5ZjQ3ZjM4YzIzMjA2Yjk3OGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSUwhkPiNUNtiT8x8h1iAFCyKv4a
kvs2925UkDex4GPqO4132FMr4XSrGlP3QxPxGiPhxSLSni/RIDDlXA1BLYpVqK1Y
ZWjDN/Unzf7E6Wus0ixUJsgImtCp5F6v1RNEMqLyKSCxUQ+XvERvptRngQcRvX0X
XCTLAgZiEKSuhEBTmhIM2vJysJaQQApbAVRnbRhKx56vzPAJXb+VCZV1AMqBdF8m
hCO0IAuFDLngcRWbsWi5GZIqmJyTXBNgXDaH3npXF6Oge5IFR5nf6ro6mhK2xJnw
UlfaunUSU5JYCNVmMBlKU+zLwXD+m3KNxgNUiygIixVp/8nZPYKDvQvq2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNyQike9+W3wGR859H84wjIGuXizMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvM0pDS1I3MzViZkFaSHpuMGZ6akNNZ2E1ZUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSEMAwQA
WS4BMA0GCSqGSIb3DQEBCwUAA4IBAQAEcyrqSWg/Hz2/uHD8JL2w4wAxpuLHo8zz
8fTSzwd7X33ThIfvevd0IzlT7JPRKt2wYfKOtRglo6N8LS+oT83Pwc/hcZlUjClE
eWvoX62PPrbw8qDwqeXg1zOq7feobM4nbTdwRcKyYysHmHMP2EiIFhqYpIRVGEgd
iwYPdgVOJcizrXIfDYYKE3pLzn+tbTuD/xWUHe6rgyZfctKqCjhEKHq5dm6Ie3CQ
IcNuejbhH0xML6AkwOMgQmFFP9cZHKd7b1bqshi9LhFR0sGCxZQkRFaUJlofZmU8
HlaByw5JGKSlDxugzk5V2FE7goIIGHR8W5SaNHA6Pf6iR2tkwSDU
-----END CERTIFICATE-----