Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/6R31yde8HAbRHSLHvnm21sGruVM.roa
File:                     6R31yde8HAbRHSLHvnm21sGruVM.roa (raw, json)
Hash identifier:          CFmBzbz5OS7bZVbJrGSpX7EAPi8YnVX2SUsA3s9ItRY=
Subject key identifier:   E9:1D:F5:C9:D7:BC:1C:06:D1:1D:22:C7:BE:79:B6:D6:C1:AB:B9:53
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6C3EBACFC5AE2A7A332DFC1A95A24
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/6R31yde8HAbRHSLHvnm21sGruVM.roa
Signing time:             Wed 01 Jan 2025 21:47:44 +0000
ROA not before:           Wed 01 Jan 2025 21:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        89.42.90.0/24 maxlen: 24
                          89.42.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c3:eb:ac:fc:5a:e2:a7:a3:32:df:c1:a9:5a:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e91df5c9d7bc1c06d11d22c7be79b6d6c1abb953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4a:2c:84:11:9a:38:57:10:18:58:27:b7:36:
                    7f:f7:0a:0d:6a:0e:40:d9:79:82:eb:53:b7:e0:40:
                    e6:ee:02:a1:6e:ee:a6:1f:14:ea:46:6e:a3:cb:e5:
                    c1:4e:a0:e0:aa:6f:13:87:22:ce:5e:ce:c4:86:29:
                    c1:8e:9e:1d:72:50:7a:e6:2f:ef:23:e0:ca:9a:4e:
                    42:93:93:f4:0c:e8:21:33:13:4c:6f:fa:ee:4a:21:
                    75:6e:35:3b:ae:8d:eb:d1:ef:ee:5d:64:42:4d:48:
                    5d:84:2a:46:ac:e6:d3:16:c0:cd:d0:b1:ce:20:6b:
                    cd:36:b2:53:ae:1b:96:7f:ae:76:5f:03:dd:8d:6a:
                    c6:80:27:31:eb:58:f2:9b:94:47:a3:cf:74:31:57:
                    cb:21:5c:fa:64:02:60:b6:f7:cf:a9:e9:11:a8:e9:
                    44:21:28:89:b6:3c:d5:9a:e5:44:fa:d1:69:25:cd:
                    7a:dd:10:f7:6f:1f:58:25:9c:ea:f1:1e:0f:2a:ac:
                    08:88:b0:8d:ed:76:10:13:32:7e:dc:8a:a0:2b:0e:
                    ee:3c:ae:d1:c2:66:85:ce:23:d0:ad:f1:75:c9:10:
                    bb:32:ca:ef:32:23:d0:05:60:a0:ef:80:12:88:d4:
                    38:c5:4b:bc:27:4c:c5:f4:f4:45:c4:d7:1d:72:be:
                    4e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:1D:F5:C9:D7:BC:1C:06:D1:1D:22:C7:BE:79:B6:D6:C1:AB:B9:53
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/6R31yde8HAbRHSLHvnm21sGruVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:78:43:3a:6f:05:a4:41:62:48:26:ed:45:17:6e:3f:13:86:
         21:11:f7:ff:95:29:9d:ed:4b:32:6d:06:65:fb:d9:a1:d5:26:
         38:a1:54:d5:f1:b0:91:73:c4:4b:cf:87:af:be:d1:8a:db:6b:
         ca:6e:81:ba:f0:b4:aa:c9:59:71:3a:d5:ae:2c:74:ba:af:0a:
         a5:3b:37:1b:80:6e:bd:6c:19:5f:49:8a:48:d2:38:57:22:04:
         75:6e:3b:f0:d3:ad:fa:03:6c:91:ed:f3:44:21:a8:20:21:84:
         33:96:16:31:79:d5:3e:ba:43:10:63:b4:d8:3b:50:9f:14:e2:
         0e:c6:63:30:1d:53:8e:7c:03:6e:cd:27:d8:6d:aa:8a:f3:75:
         4d:0c:24:a2:79:10:bb:8f:54:97:21:b3:3a:8c:c6:5d:d0:70:
         0e:71:62:ad:dd:98:c9:50:24:43:62:6d:17:d4:22:29:15:71:
         bf:11:8d:1e:2b:09:02:85:99:8a:a2:92:1d:6c:77:2c:7c:0d:
         70:f0:4d:79:e0:70:30:f8:d3:c6:2c:1d:3f:4e:e8:5c:5c:fd:
         29:25:bd:2b:3a:bb:59:32:ef:06:f2:8d:2c:ac:64:6d:2b:83:
         0c:81:36:74:b6:22:e9:b1:db:ca:a2:4e:6c:4e:c2:9d:54:56:
         b6:de:71:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1sPrrPxa4qejMt/BqVokMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTFkZjVjOWQ3YmMxYzA2ZDExZDIyYzdiZTc5YjZkNmMxYWJiOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskoshBGaOFcQGFgntzZ/9woNag5A
2XmC61O34EDm7gKhbu6mHxTqRm6jy+XBTqDgqm8ThyLOXs7EhinBjp4dclB65i/v
I+DKmk5Ck5P0DOghMxNMb/ruSiF1bjU7ro3r0e/uXWRCTUhdhCpGrObTFsDN0LHO
IGvNNrJTrhuWf652XwPdjWrGgCcx61jym5RHo890MVfLIVz6ZAJgtvfPqekRqOlE
ISiJtjzVmuVE+tFpJc163RD3bx9YJZzq8R4PKqwIiLCN7XYQEzJ+3IqgKw7uPK7R
wmaFziPQrfF1yRC7MsrvMiPQBWCg74ASiNQ4xUu8J0zF9PRFxNcdcr5OdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkd9cnXvBwG0R0ix755ttbBq7lTMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvNlIzMXlkZThIQWJSSFNMSHZubTIxc0dydVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSpaMA0G
CSqGSIb3DQEBCwUAA4IBAQA2eEM6bwWkQWJIJu1FF24/E4YhEff/lSmd7UsybQZl
+9mh1SY4oVTV8bCRc8RLz4evvtGK22vKboG68LSqyVlxOtWuLHS6rwqlOzcbgG69
bBlfSYpI0jhXIgR1bjvw0636A2yR7fNEIaggIYQzlhYxedU+ukMQY7TYO1CfFOIO
xmMwHVOOfANuzSfYbaqK83VNDCSieRC7j1SXIbM6jMZd0HAOcWKt3ZjJUCRDYm0X
1CIpFXG/EY0eKwkChZmKopIdbHcsfA1w8E154HAw+NPGLB0/TuhcXP0pJb0rOrtZ
Mu8G8o0srGRtK4MMgTZ0tiLpsdvKok5sTsKdVFa23nFI
-----END CERTIFICATE-----