Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Asv1P8xaWFpI7fk9UPFIc2vlN8o.roa
File:                     Asv1P8xaWFpI7fk9UPFIc2vlN8o.roa (raw, json)
Hash identifier:          3rDTQvf0PyoSoH+PbkhfiEP3UJeX6nF7J3kZDEm9WtM=
Subject key identifier:   02:CB:F5:3F:CC:5A:58:5A:48:ED:F9:3D:50:F1:48:73:6B:E5:37:CA
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018E7EE98D27A2C7C650795F0097CD5DA846
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Asv1P8xaWFpI7fk9UPFIc2vlN8o.roa
Signing time:             Wed 27 Mar 2024 07:56:59 +0000
ROA not before:           Wed 27 Mar 2024 07:56:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        89.37.196.0/24 maxlen: 24
                          89.47.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7e:e9:8d:27:a2:c7:c6:50:79:5f:00:97:cd:5d:a8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar 27 07:56:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02cbf53fcc5a585a48edf93d50f148736be537ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f8:87:83:c3:d8:40:98:63:3a:8b:2f:25:3b:
                    38:f8:27:21:46:e1:04:28:4e:2b:9c:00:34:ab:25:
                    a3:07:1f:e4:c0:a2:5d:65:b7:04:ac:b0:49:f2:b7:
                    05:8e:72:36:d1:51:2b:cd:c0:2f:b1:90:9b:94:03:
                    e7:37:f6:b9:21:49:b6:92:e7:38:3c:29:85:24:da:
                    39:7f:13:f9:41:54:d6:3f:26:59:0e:df:be:13:8c:
                    bb:cf:09:42:9f:1a:43:e9:c0:21:79:ba:32:54:c9:
                    a9:41:ff:9f:0e:33:73:f7:d7:a5:f2:52:38:a6:c6:
                    44:73:2f:62:fe:0d:b2:e7:2a:11:5e:74:44:7a:b9:
                    de:4d:7b:60:79:76:5d:59:bb:bb:cc:79:85:1f:c2:
                    83:0a:e6:d5:07:4b:8c:37:fd:40:93:a8:7e:81:20:
                    c3:df:ca:08:e0:6c:0b:37:f5:74:7d:c9:5e:10:5d:
                    db:65:da:e8:70:87:39:16:4a:79:ae:db:14:91:60:
                    7f:d1:2c:8a:1a:bb:18:c2:62:ab:15:4b:d4:70:e1:
                    50:ac:32:f1:60:cc:87:44:1d:51:89:ed:b7:17:86:
                    13:02:5b:3f:f5:dd:e5:82:0b:0b:d2:f8:5a:74:6b:
                    97:02:3c:92:2f:0d:b2:2f:6d:f9:a4:18:bb:9d:2f:
                    54:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:CB:F5:3F:CC:5A:58:5A:48:ED:F9:3D:50:F1:48:73:6B:E5:37:CA
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Asv1P8xaWFpI7fk9UPFIc2vlN8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.196.0/24
                  89.47.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:85:ac:72:1f:7f:6f:3e:4f:a8:b5:de:d4:5d:f5:7a:24:2d:
         b7:d1:92:f5:61:d2:0a:af:79:2b:f5:1b:7a:f7:7e:54:1e:d6:
         3a:bf:84:a3:20:35:dc:85:d2:17:38:00:7e:bc:98:41:c0:b4:
         53:4c:c5:79:ec:c6:ca:5f:ea:73:93:70:31:3d:8d:b5:f2:f9:
         d1:c9:36:f1:31:45:6d:9f:8c:74:44:87:9f:db:ad:16:92:51:
         c4:ea:a5:e7:3c:d2:50:02:b1:1e:ae:30:2f:cb:2f:02:b9:ce:
         f2:40:26:53:b0:02:c2:4d:e6:b7:1f:95:d9:b4:9f:14:78:d8:
         14:82:aa:23:c6:a0:7d:12:80:a6:8b:aa:d2:e5:ed:f2:9d:24:
         98:69:43:ec:51:a9:23:fb:a6:49:9a:b4:1f:2e:45:bc:b0:0f:
         5c:6c:23:c3:ae:94:6c:b7:e9:46:e9:e6:37:e1:a1:57:cf:49:
         10:ff:ac:a9:e9:91:32:82:04:69:a6:30:01:51:d9:a8:77:53:
         df:6f:5f:6e:95:a4:68:d7:76:5f:83:f2:0c:12:ad:5c:7c:82:
         ab:c4:9f:85:08:47:70:42:ec:a2:a1:2c:88:fc:df:b6:db:d0:
         2b:b1:be:20:84:75:c1:d0:dd:8c:83:cf:b6:84:87:8a:7e:28:
         74:ae:90:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5+6Y0nosfGUHlfAJfNXahGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMzI3MDc1NjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmNiZjUzZmNjNWE1ODVhNDhlZGY5M2Q1MGYxNDg3MzZiZTUzN2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPiHg8PYQJhjOosvJTs4+CchRuEE
KE4rnAA0qyWjBx/kwKJdZbcErLBJ8rcFjnI20VErzcAvsZCblAPnN/a5IUm2kuc4
PCmFJNo5fxP5QVTWPyZZDt++E4y7zwlCnxpD6cAheboyVMmpQf+fDjNz99el8lI4
psZEcy9i/g2y5yoRXnREerneTXtgeXZdWbu7zHmFH8KDCubVB0uMN/1Ak6h+gSDD
38oI4GwLN/V0fcleEF3bZdrocIc5Fkp5rtsUkWB/0SyKGrsYwmKrFUvUcOFQrDLx
YMyHRB1Rie23F4YTAls/9d3lggsL0vhadGuXAjySLw2yL235pBi7nS9U1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFALL9T/MWlhaSO35PVDxSHNr5TfKMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvQXN2MVA4eGFXRnBJN2ZrOVVQRkljMnZsTjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSXEAwQA
WS90MA0GCSqGSIb3DQEBCwUAA4IBAQCBhaxyH39vPk+otd7UXfV6JC230ZL1YdIK
r3kr9Rt6935UHtY6v4SjIDXchdIXOAB+vJhBwLRTTMV57MbKX+pzk3AxPY218vnR
yTbxMUVtn4x0RIef260WklHE6qXnPNJQArEerjAvyy8Cuc7yQCZTsALCTea3H5XZ
tJ8UeNgUgqojxqB9EoCmi6rS5e3ynSSYaUPsUakj+6ZJmrQfLkW8sA9cbCPDrpRs
t+lG6eY34aFXz0kQ/6yp6ZEyggRppjABUdmod1Pfb19ulaRo13Zfg/IMEq1cfIKr
xJ+FCEdwQuyioSyI/N+229Arsb4ghHXB0N2Mg8+2hIeKfih0rpAH
-----END CERTIFICATE-----