Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/7Jm8Xm5ko1tG5RwgJmj16QbVJF4.roa
File:                     7Jm8Xm5ko1tG5RwgJmj16QbVJF4.roa (raw, json)
Hash identifier:          +IIktQq+M9hdiEFlH3INlLO5ha6xQalVfzfXUW53Vus=
Subject key identifier:   EC:99:BC:5E:6E:64:A3:5B:46:E5:1C:20:26:68:F5:E9:06:D5:24:5E
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018EA34DBF48C0A57C181838BBADE3B5C0F0
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/7Jm8Xm5ko1tG5RwgJmj16QbVJF4.roa
Signing time:             Wed 03 Apr 2024 09:32:45 +0000
ROA not before:           Wed 03 Apr 2024 09:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39345
IP address blocks:        89.34.24.0/23 maxlen: 23
                          188.214.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:4d:bf:48:c0:a5:7c:18:18:38:bb:ad:e3:b5:c0:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr  3 09:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec99bc5e6e64a35b46e51c202668f5e906d5245e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:59:a3:d6:3b:75:20:4c:4d:1a:4c:19:09:78:
                    80:07:0a:a9:12:8b:34:3f:c1:61:e3:44:18:81:46:
                    00:87:ad:f5:1b:53:6e:a0:e5:05:0b:05:36:53:77:
                    f9:47:cc:2f:a7:ea:8a:63:8c:ec:6b:0d:b4:ac:49:
                    bd:ae:f6:1d:c3:66:da:15:fa:75:65:51:ef:4b:b8:
                    8b:ac:7f:90:ff:ae:72:63:96:84:49:f6:13:d2:ac:
                    11:f6:b4:9c:bd:f3:c0:60:65:7c:bd:b3:0b:ed:36:
                    d8:36:e0:4f:0a:de:dd:ce:11:d8:25:85:14:48:06:
                    33:7a:2b:e0:b6:91:6f:55:ba:16:42:0f:a0:54:4d:
                    6f:f8:63:0b:16:e4:0d:58:ea:5b:af:92:95:0e:27:
                    7f:46:4e:51:a8:21:85:64:ed:72:97:9b:c4:c7:ee:
                    a9:b8:17:65:37:76:3c:c8:fa:7d:8f:36:8f:a9:71:
                    69:f9:82:79:d9:a3:af:37:29:d2:01:34:ef:6e:55:
                    88:bc:2d:37:8e:7e:72:04:63:ca:90:2a:39:95:17:
                    18:42:0a:67:6e:8b:e0:a8:b7:5b:8f:06:6c:13:24:
                    1e:12:b4:46:b9:92:49:c2:9b:e2:70:73:53:0f:58:
                    05:36:41:7e:04:eb:44:6e:11:eb:b1:a6:a7:52:ff:
                    f3:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:99:BC:5E:6E:64:A3:5B:46:E5:1C:20:26:68:F5:E9:06:D5:24:5E
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/7Jm8Xm5ko1tG5RwgJmj16QbVJF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.24.0/23
                  188.214.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d6:c5:11:70:f9:ec:ca:9b:a7:8a:ee:09:2c:38:20:91:29:
         14:27:ce:1b:3c:ff:38:55:80:a3:97:c9:b5:06:0f:5a:be:87:
         45:86:2b:b3:bc:d4:5e:bc:57:07:a7:83:dd:83:09:ef:aa:ab:
         05:08:75:1d:01:36:2a:30:8b:de:55:56:94:a0:d3:21:49:90:
         96:4d:bb:15:4a:9b:a9:de:ac:d1:9e:94:b2:d4:8f:36:e1:9f:
         69:f6:0a:fc:4b:62:e9:53:f7:af:8c:3f:8c:5b:8c:0c:41:e7:
         fc:fb:eb:11:87:24:f9:63:69:5e:14:30:de:13:17:e5:8e:f8:
         cd:d7:d8:e3:4b:9b:e4:ce:b1:5e:0b:d3:75:dd:d2:1a:a1:dd:
         e4:a8:5c:e0:86:e8:05:45:00:22:8d:c2:42:f3:83:b5:6e:f4:
         4b:f7:ac:15:7a:8c:86:ab:10:11:fe:06:df:d8:ad:a9:60:35:
         0f:81:f5:cc:35:97:af:9f:67:3c:f5:28:d6:56:f2:6e:20:e2:
         86:3c:63:02:dd:81:1d:8f:84:ba:a9:6c:a5:20:24:4e:9d:52:
         66:18:69:a7:b8:57:1c:a5:67:10:b9:a3:f2:65:73:77:37:79:
         f8:dd:6b:e9:7b:68:c5:83:91:c9:fb:60:d7:70:77:3a:73:8e:
         29:2a:be:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6jTb9IwKV8GBg4u63jtcDwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwNDAzMDkzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzk5YmM1ZTZlNjRhMzViNDZlNTFjMjAyNjY4ZjVlOTA2ZDUyNDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFmj1jt1IExNGkwZCXiABwqpEos0
P8Fh40QYgUYAh631G1NuoOUFCwU2U3f5R8wvp+qKY4zsaw20rEm9rvYdw2baFfp1
ZVHvS7iLrH+Q/65yY5aESfYT0qwR9rScvfPAYGV8vbML7TbYNuBPCt7dzhHYJYUU
SAYzeivgtpFvVboWQg+gVE1v+GMLFuQNWOpbr5KVDid/Rk5RqCGFZO1yl5vEx+6p
uBdlN3Y8yPp9jzaPqXFp+YJ52aOvNynSATTvblWIvC03jn5yBGPKkCo5lRcYQgpn
bovgqLdbjwZsEyQeErRGuZJJwpvicHNTD1gFNkF+BOtEbhHrsaanUv/zrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOyZvF5uZKNbRuUcICZo9ekG1SReMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvN0ptOFhtNWtvMXRHNVJ3Z0ptajE2UWJWSkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWSIYAwQA
vNZYMA0GCSqGSIb3DQEBCwUAA4IBAQA+1sURcPnsypuniu4JLDggkSkUJ84bPP84
VYCjl8m1Bg9avodFhiuzvNRevFcHp4PdgwnvqqsFCHUdATYqMIveVVaUoNMhSZCW
TbsVSpup3qzRnpSy1I824Z9p9gr8S2LpU/evjD+MW4wMQef8++sRhyT5Y2leFDDe
ExfljvjN19jjS5vkzrFeC9N13dIaod3kqFzghugFRQAijcJC84O1bvRL96wVeoyG
qxAR/gbf2K2pYDUPgfXMNZevn2c89SjWVvJuIOKGPGMC3YEdj4S6qWylICROnVJm
GGmnuFccpWcQuaPyZXN3N3n43Wvpe2jFg5HJ+2DXcHc6c44pKr4z
-----END CERTIFICATE-----