Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/5oai0rCE1iZkMqYXdo-Nf9fD9PY.roa
File:                     5oai0rCE1iZkMqYXdo-Nf9fD9PY.roa (raw, json)
Hash identifier:          +s12dqN6NqhDyaQ76tsqBhM1FWupW4o4xAHM1Dmvp3w=
Subject key identifier:   E6:86:A2:D2:B0:84:D6:26:64:32:A6:17:76:8F:8D:7F:D7:C3:F4:F6
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D204C23FB967303FA1F70FC5E94A0
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/5oai0rCE1iZkMqYXdo-Nf9fD9PY.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30890
IP address blocks:        195.28.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:20:4c:23:fb:96:73:03:fa:1f:70:fc:5e:94:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e686a2d2b084d6266432a617768f8d7fd7c3f4f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e6:34:9d:b9:12:20:55:68:dc:a7:70:01:db:
                    a1:d0:c3:44:ba:24:80:49:3b:86:64:af:41:31:5f:
                    6d:1b:86:82:47:51:b1:94:86:c7:fe:08:34:82:59:
                    e6:19:e6:38:1b:fa:b7:49:42:b3:48:49:61:5b:3c:
                    1b:db:e2:78:39:b2:c4:68:c0:75:c3:6b:2f:39:93:
                    47:fe:94:bb:2f:12:0d:5c:15:8e:de:e2:88:9e:d5:
                    24:b2:44:c7:23:7c:56:34:60:e6:2f:f7:86:11:83:
                    3a:cf:f7:ec:04:2a:9e:f2:eb:fb:65:e9:25:8f:77:
                    1d:4a:7f:ff:5a:e6:49:8e:a1:5f:23:9b:76:cb:d4:
                    2e:f6:48:04:0e:af:eb:c5:07:f5:f7:d5:4f:d5:7f:
                    e2:b4:56:47:c7:9b:24:ab:85:c1:b8:b0:7d:c5:f4:
                    eb:9a:18:80:ed:70:a9:55:08:ca:56:c0:92:89:37:
                    51:6b:9f:c4:51:c3:35:19:92:0a:72:52:ce:ec:dc:
                    6f:95:69:bf:9e:ea:e3:45:36:0f:6a:94:61:7d:d3:
                    e5:66:4c:dc:73:79:00:06:ea:55:8a:bd:b4:4e:d6:
                    2d:35:41:53:15:9a:f9:ca:24:08:8f:f0:b0:e9:31:
                    f3:98:76:43:54:ed:7b:28:af:f0:7b:5c:00:f6:35:
                    b3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:86:A2:D2:B0:84:D6:26:64:32:A6:17:76:8F:8D:7F:D7:C3:F4:F6
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/5oai0rCE1iZkMqYXdo-Nf9fD9PY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.28.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:1d:86:c9:4a:6d:aa:5f:5e:7d:a1:87:74:53:b2:b1:33:2c:
         e5:97:fd:2e:65:64:8d:ea:de:67:eb:b5:7f:70:5a:03:b5:2f:
         8f:1f:a3:f3:3f:30:20:4e:e9:d7:7b:42:66:71:8c:c7:28:46:
         fc:44:c0:aa:72:3c:f1:53:bc:42:a7:10:d5:b7:06:db:3d:73:
         9b:8d:d9:e8:94:16:fe:a8:09:65:5c:61:0f:46:5a:6b:96:ec:
         4b:6b:87:a0:b4:bc:4d:f2:be:53:93:d3:fa:2b:67:43:c3:29:
         b0:6e:d1:c3:f4:1f:5b:9b:06:19:a8:41:a8:1d:d8:46:74:b5:
         80:f4:87:e6:b0:11:be:8f:e6:06:8e:f2:c8:a7:4d:dc:3b:6d:
         3a:10:23:26:a2:55:65:d0:56:23:4f:f0:ca:4f:02:aa:69:dc:
         31:61:68:7c:4c:44:92:d7:09:ba:63:7d:d9:1a:ef:e9:1a:89:
         1f:fc:0c:8e:11:5c:2c:08:8e:59:a4:db:d5:1a:5b:48:b1:b5:
         6e:76:6f:31:90:ad:5b:70:f6:e6:16:2f:c8:14:c5:9b:63:c0:
         4e:a6:fb:1e:cb:33:74:1c:9f:c1:6f:57:a0:22:cf:28:54:48:
         73:a6:d1:d2:5d:b4:50:02:dc:97:a1:bd:14:2e:28:f0:7b:9d:
         b3:40:81:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSBMI/uWcwP6H3D8XpSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjg2YTJkMmIwODRkNjI2NjQzMmE2MTc3NjhmOGQ3ZmQ3YzNmNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuY0nbkSIFVo3KdwAduh0MNEuiSA
STuGZK9BMV9tG4aCR1GxlIbH/gg0glnmGeY4G/q3SUKzSElhWzwb2+J4ObLEaMB1
w2svOZNH/pS7LxINXBWO3uKIntUkskTHI3xWNGDmL/eGEYM6z/fsBCqe8uv7Zekl
j3cdSn//WuZJjqFfI5t2y9Qu9kgEDq/rxQf199VP1X/itFZHx5skq4XBuLB9xfTr
mhiA7XCpVQjKVsCSiTdRa5/EUcM1GZIKclLO7NxvlWm/nurjRTYPapRhfdPlZkzc
c3kABupVir20TtYtNUFTFZr5yiQIj/Cw6THzmHZDVO17KK/we1wA9jWzUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaGotKwhNYmZDKmF3aPjX/Xw/T2MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvNW9haTByQ0UxaVprTXFZWGRvLU5mOWZEOVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxwCMA0G
CSqGSIb3DQEBCwUAA4IBAQA1HYbJSm2qX159oYd0U7KxMyzll/0uZWSN6t5n67V/
cFoDtS+PH6PzPzAgTunXe0JmcYzHKEb8RMCqcjzxU7xCpxDVtwbbPXObjdnolBb+
qAllXGEPRlprluxLa4egtLxN8r5Tk9P6K2dDwymwbtHD9B9bmwYZqEGoHdhGdLWA
9IfmsBG+j+YGjvLIp03cO206ECMmolVl0FYjT/DKTwKqadwxYWh8TESS1wm6Y33Z
Gu/pGokf/AyOEVwsCI5ZpNvVGltIsbVudm8xkK1bcPbmFi/IFMWbY8BOpvseyzN0
HJ/Bb1egIs8oVEhzptHSXbRQAtyXob0ULijwe52zQIF5
-----END CERTIFICATE-----