Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/65JLiYO08FMT3FmuIpAGE6sZfCE.roa
File:                     65JLiYO08FMT3FmuIpAGE6sZfCE.roa (raw, json)
Hash identifier:          o79LV/aILuc8/47kuM0Y0Z47xYmIty21psgeq0iw3oM=
Subject key identifier:   EB:92:4B:89:83:B4:F0:53:13:DC:59:AE:22:90:06:13:AB:19:7C:21
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D23A8BE9B65C0C1FD8F159F87E8F3
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/65JLiYO08FMT3FmuIpAGE6sZfCE.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41672
IP address blocks:        89.38.228.0/24 maxlen: 24
                          89.38.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:23:a8:be:9b:65:c0:c1:fd:8f:15:9f:87:e8:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb924b8983b4f05313dc59ae22900613ab197c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:18:df:7d:c0:58:69:68:5f:33:8f:16:4b:2a:
                    8d:d1:fc:93:ef:da:51:06:d4:bb:b0:3f:76:50:c4:
                    57:5c:e5:01:ac:5e:0b:e8:7c:0d:4b:9d:af:32:4a:
                    d8:c9:e6:5e:e5:23:35:74:3d:cd:62:50:20:e7:a7:
                    20:9d:6c:d7:80:d4:bd:3b:83:6f:25:08:b3:55:0d:
                    29:5d:a9:1e:96:e2:91:86:d5:a1:7f:dd:a2:51:45:
                    e0:c6:a5:38:14:56:5c:14:23:37:34:d4:e0:4b:04:
                    85:f2:d3:03:4f:23:24:4f:d2:29:9e:f1:06:32:a3:
                    9e:d8:76:04:df:5e:ff:55:f4:80:c9:df:0b:88:3d:
                    29:5d:8d:be:28:dd:6a:2c:4b:4d:8b:49:e3:06:f4:
                    3e:78:42:19:47:05:8d:08:48:1a:9a:bc:6b:94:4d:
                    fa:a6:2f:de:a5:57:fa:d9:0a:7d:bb:ea:f4:f5:c2:
                    1b:c9:5e:79:67:94:db:20:ea:e0:e5:20:26:28:84:
                    ee:13:b4:7a:80:8c:af:04:c3:f6:43:d0:0d:e5:3f:
                    5a:c1:b2:06:e6:cc:11:9f:a1:92:a4:74:82:98:9a:
                    5a:44:39:f8:45:11:51:3d:5c:a8:5f:85:e9:32:b6:
                    36:ba:13:38:a9:95:b2:21:1a:24:94:61:a6:95:85:
                    92:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:92:4B:89:83:B4:F0:53:13:DC:59:AE:22:90:06:13:AB:19:7C:21
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/65JLiYO08FMT3FmuIpAGE6sZfCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:22:3e:44:80:6e:22:1b:3e:a2:07:38:fa:59:73:72:d5:99:
         c5:ee:7e:85:93:90:37:7d:71:fe:13:0a:4a:4b:76:38:2b:a2:
         52:c8:ba:ca:b7:05:b4:a2:83:4f:31:a7:49:8c:50:9b:a1:47:
         ed:dc:3c:b8:8f:01:a0:d7:d7:54:1d:c4:02:a4:97:bd:5f:0f:
         89:12:13:eb:71:c0:52:48:48:92:a4:3f:da:34:b5:0e:db:9b:
         54:47:e6:d3:a3:fa:09:a9:ee:cc:1b:bc:79:29:81:18:d2:51:
         f5:1c:03:66:ef:29:b4:75:5a:46:5f:94:77:0a:cc:ad:b9:8e:
         2a:38:11:6d:03:6c:b4:7a:2d:44:93:c8:98:16:7f:6b:48:a6:
         71:d4:15:ec:df:46:b8:1c:3f:6b:17:1e:c1:11:d0:f4:9d:9f:
         6f:9b:08:e0:fa:f3:38:fc:c5:e7:47:78:44:d0:af:88:15:24:
         53:e3:5b:a3:9e:d2:be:8e:32:4f:d5:c6:05:2a:95:14:8a:e1:
         1f:e9:00:cc:87:bd:76:28:f2:7f:ca:4f:29:8a:4f:6a:b2:4a:
         c7:ea:65:3d:30:5c:96:00:7f:84:02:e2:f4:3d:e0:c7:d3:3e:
         6c:68:70:d7:0f:84:1b:10:c1:b2:08:28:e5:fa:db:12:57:ed:
         b0:49:f1:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSOovptlwMH9jxWfh+jzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjkyNGI4OTgzYjRmMDUzMTNkYzU5YWUyMjkwMDYxM2FiMTk3YzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBjffcBYaWhfM48WSyqN0fyT79pR
BtS7sD92UMRXXOUBrF4L6HwNS52vMkrYyeZe5SM1dD3NYlAg56cgnWzXgNS9O4Nv
JQizVQ0pXakeluKRhtWhf92iUUXgxqU4FFZcFCM3NNTgSwSF8tMDTyMkT9IpnvEG
MqOe2HYE317/VfSAyd8LiD0pXY2+KN1qLEtNi0njBvQ+eEIZRwWNCEgamrxrlE36
pi/epVf62Qp9u+r09cIbyV55Z5TbIOrg5SAmKITuE7R6gIyvBMP2Q9AN5T9awbIG
5swRn6GSpHSCmJpaRDn4RRFRPVyoX4XpMrY2uhM4qZWyIRoklGGmlYWSJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuSS4mDtPBTE9xZriKQBhOrGXwhMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvNjVKTGlZTzA4Rk1UM0ZtdUlwQUdFNnNaZkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSbkMA0G
CSqGSIb3DQEBCwUAA4IBAQAiIj5EgG4iGz6iBzj6WXNy1ZnF7n6Fk5A3fXH+EwpK
S3Y4K6JSyLrKtwW0ooNPMadJjFCboUft3Dy4jwGg19dUHcQCpJe9Xw+JEhPrccBS
SEiSpD/aNLUO25tUR+bTo/oJqe7MG7x5KYEY0lH1HANm7ym0dVpGX5R3CsytuY4q
OBFtA2y0ei1Ek8iYFn9rSKZx1BXs30a4HD9rFx7BEdD0nZ9vmwjg+vM4/MXnR3hE
0K+IFSRT41ujntK+jjJP1cYFKpUUiuEf6QDMh712KPJ/yk8pik9qskrH6mU9MFyW
AH+EAuL0PeDH0z5saHDXD4QbEMGyCCjl+tsSV+2wSfEL
-----END CERTIFICATE-----