Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8z5SDurHyjPvO8zc1WOkwhI5B8g.roa
File:                     8z5SDurHyjPvO8zc1WOkwhI5B8g.roa (raw, json)
Hash identifier:          ylbvmuSm+zatwOQlfCejuEi+BISpVj7AocPwSISednw=
Subject key identifier:   F3:3E:52:0E:EA:C7:CA:33:EF:3B:CC:DC:D5:63:A4:C2:12:39:07:C8
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6B5B4F440E1F282809EF0E599D21F
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8z5SDurHyjPvO8zc1WOkwhI5B8g.roa
Signing time:             Wed 01 Jan 2025 21:47:41 +0000
ROA not before:           Wed 01 Jan 2025 21:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        93.114.90.0/24 maxlen: 24
                          93.114.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b5:b4:f4:40:e1:f2:82:80:9e:f0:e5:99:d2:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f33e520eeac7ca33ef3bccdcd563a4c2123907c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7c:d3:e8:78:2f:ac:09:dc:eb:fc:d8:73:31:
                    19:39:87:ba:62:95:bf:ab:9c:51:bf:31:b4:88:f6:
                    74:cf:88:26:e2:c1:b5:1d:4d:41:54:69:4a:10:63:
                    c2:10:3c:a4:40:d3:b7:96:d0:5e:f5:1e:b7:e6:d7:
                    78:ed:ec:51:a8:ce:72:8b:f2:74:1d:0e:65:9a:f7:
                    be:e6:2c:dc:ae:7c:0d:c6:6d:a8:9a:47:2c:61:2a:
                    cd:41:96:39:0c:d3:cb:79:60:d0:65:2d:58:98:29:
                    34:bc:88:69:11:57:2e:d1:5e:ae:05:45:f1:c9:20:
                    ec:ca:d4:7b:d5:b0:08:05:28:29:bb:9a:f3:4a:16:
                    d1:2f:d8:b0:cb:1a:6b:0d:41:70:ce:ea:aa:d8:a3:
                    3d:32:55:76:0b:11:d9:76:b1:99:a9:f3:da:03:38:
                    71:1c:39:46:90:5c:0f:15:ff:b6:c2:87:fa:7e:38:
                    ff:88:bc:72:32:7e:35:8c:c1:d5:90:68:dc:d1:a8:
                    79:a0:b5:ab:fd:25:b5:ff:fd:4b:28:64:ea:0c:42:
                    09:0f:5b:98:e0:96:68:37:18:fb:f4:43:14:28:3a:
                    1f:71:69:9f:b4:bc:75:d5:00:07:74:2b:26:56:fb:
                    5f:0b:c6:9a:a1:e6:68:6a:d9:f5:8b:4a:15:6f:74:
                    ba:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:3E:52:0E:EA:C7:CA:33:EF:3B:CC:DC:D5:63:A4:C2:12:39:07:C8
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8z5SDurHyjPvO8zc1WOkwhI5B8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:ad:7b:fb:ec:db:44:94:cb:4d:6b:08:c0:1b:0f:f2:09:3a:
         ce:d3:1a:68:c7:10:90:e4:20:e2:48:75:46:d2:68:6c:56:ad:
         58:30:39:65:9c:06:3c:f3:55:03:70:bd:e9:da:7e:c5:9d:20:
         de:e4:92:31:71:61:93:42:a2:c2:95:4f:fa:dd:93:9f:21:71:
         21:3f:07:d9:0d:73:9e:22:4f:b8:dd:6d:fd:a9:dd:c7:9a:94:
         65:51:34:ea:e4:2a:14:11:f6:5b:c7:de:ba:5b:46:7e:e0:81:
         f4:bb:7d:51:70:a0:ab:04:38:c5:77:de:c6:eb:f4:cf:f1:09:
         69:e5:49:3b:e4:33:73:04:37:51:85:d2:d6:d6:b9:84:94:dc:
         80:07:11:4a:f0:25:dc:71:cb:a4:b8:cc:62:95:0d:68:4b:6f:
         78:2b:17:41:bb:b4:c8:05:20:7b:63:57:ac:de:85:89:7f:c2:
         b4:f5:d8:79:66:92:f0:4b:08:24:16:cb:dd:2a:04:64:89:fa:
         dc:16:b6:e9:e8:e6:75:c9:ce:61:a5:97:0b:d9:57:93:2a:96:
         bf:82:0b:c4:40:82:6b:74:3e:ea:db:bf:c2:ac:53:29:28:0a:
         75:7e:74:5d:53:05:5c:98:2d:ca:95:60:0b:1a:83:02:60:e8:
         71:21:ef:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rW09EDh8oKAnvDlmdIfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzNlNTIwZWVhYzdjYTMzZWYzYmNjZGNkNTYzYTRjMjEyMzkwN2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXzT6HgvrAnc6/zYczEZOYe6YpW/
q5xRvzG0iPZ0z4gm4sG1HU1BVGlKEGPCEDykQNO3ltBe9R635td47exRqM5yi/J0
HQ5lmve+5izcrnwNxm2omkcsYSrNQZY5DNPLeWDQZS1YmCk0vIhpEVcu0V6uBUXx
ySDsytR71bAIBSgpu5rzShbRL9iwyxprDUFwzuqq2KM9MlV2CxHZdrGZqfPaAzhx
HDlGkFwPFf+2wof6fjj/iLxyMn41jMHVkGjc0ah5oLWr/SW1//1LKGTqDEIJD1uY
4JZoNxj79EMUKDofcWmftLx11QAHdCsmVvtfC8aaoeZoatn1i0oVb3S6cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPM+Ug7qx8oz7zvM3NVjpMISOQfIMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvOHo1U0R1ckh5alB2Tzh6YzFXT2t3aEk1QjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXXJaMA0G
CSqGSIb3DQEBCwUAA4IBAQCDrXv77NtElMtNawjAGw/yCTrO0xpoxxCQ5CDiSHVG
0mhsVq1YMDllnAY881UDcL3p2n7FnSDe5JIxcWGTQqLClU/63ZOfIXEhPwfZDXOe
Ik+43W39qd3HmpRlUTTq5CoUEfZbx966W0Z+4IH0u31RcKCrBDjFd97G6/TP8Qlp
5Uk75DNzBDdRhdLW1rmElNyABxFK8CXcccukuMxilQ1oS294KxdBu7TIBSB7Y1es
3oWJf8K09dh5ZpLwSwgkFsvdKgRkifrcFrbp6OZ1yc5hpZcL2VeTKpa/ggvEQIJr
dD7q27/CrFMpKAp1fnRdUwVcmC3KlWALGoMCYOhxIe/6
-----END CERTIFICATE-----