Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/HiLjB6OaVDw7LUHpR9wEpHx3bu4.roa
File:                     HiLjB6OaVDw7LUHpR9wEpHx3bu4.roa (raw, json)
Hash identifier:          wKHFriwbiYN8ISAR/hcEGfbHyJkXuvHG69NMB5R/k80=
Subject key identifier:   1E:22:E3:07:A3:9A:54:3C:3B:2D:41:E9:47:DC:04:A4:7C:77:6E:EE
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01952735A9A1BB3637853E5DBFC758C102CB
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/HiLjB6OaVDw7LUHpR9wEpHx3bu4.roa
Signing time:             Fri 21 Feb 2025 06:33:02 +0000
ROA not before:           Fri 21 Feb 2025 06:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        89.47.114.0/24 maxlen: 24
                          93.114.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:27:35:a9:a1:bb:36:37:85:3e:5d:bf:c7:58:c1:02:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Feb 21 06:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e22e307a39a543c3b2d41e947dc04a47c776eee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:44:aa:2a:92:59:e5:0f:c8:3f:e9:4f:13:91:
                    06:c5:6b:98:1b:c5:66:55:62:0c:d7:f5:00:17:eb:
                    76:1b:fd:99:14:35:c7:b0:77:99:e9:0c:32:d0:ae:
                    ca:5f:0e:0d:43:47:fb:30:9d:4c:cb:cf:a9:1b:52:
                    6d:85:1e:ac:e3:04:c4:e7:7b:1a:5f:b0:fb:2e:5a:
                    c3:3a:f3:b5:b5:5e:2a:df:e0:1a:35:23:7d:47:d1:
                    8f:75:88:e7:c8:d5:95:ad:3f:c4:5f:1b:08:69:82:
                    ee:2a:f1:51:5f:10:6e:a0:67:fa:77:3e:5b:24:55:
                    5d:fa:26:22:78:78:c8:7e:05:12:4a:c6:de:3a:d2:
                    eb:70:df:12:f1:67:d2:ac:ee:bb:ba:c2:f6:29:25:
                    17:bd:69:e5:20:3c:35:24:b2:10:fb:2d:14:52:dd:
                    b0:08:d1:a2:f1:30:e0:ca:4d:a8:d5:a0:83:dc:1a:
                    77:f4:1d:20:b7:de:61:32:57:3b:90:c6:52:29:03:
                    79:63:4b:08:a2:91:dc:66:fe:74:76:a8:49:7b:17:
                    d1:72:c7:51:56:da:8a:92:27:41:c2:b0:e3:76:f5:
                    73:ed:6e:bf:92:bd:dc:c8:c2:5e:bf:89:5d:f7:83:
                    e3:21:82:db:d6:00:0f:88:c2:d5:bf:ad:72:4e:c4:
                    0e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:22:E3:07:A3:9A:54:3C:3B:2D:41:E9:47:DC:04:A4:7C:77:6E:EE
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/HiLjB6OaVDw7LUHpR9wEpHx3bu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.114.0/24
                  93.114.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:b5:b8:f5:d5:43:29:3f:a5:1b:6a:af:82:73:d5:8d:dd:39:
         70:d0:8a:ac:10:cf:a3:d4:c5:bd:e2:c7:a7:ec:f3:47:76:1c:
         08:8e:76:95:20:12:6c:e2:30:39:39:9e:31:e2:83:75:56:9a:
         4f:4f:be:c1:c7:12:8b:e6:fe:06:8b:fd:22:70:75:aa:c4:ad:
         f6:1d:7d:f2:b1:0d:0b:8f:5d:f6:dd:bf:07:9c:f9:9c:e5:67:
         6e:9b:b3:3a:03:08:1a:14:2a:4f:67:08:36:48:c8:7c:0e:b2:
         b2:32:63:ce:56:7a:22:9e:fe:04:4a:53:c3:9e:19:9f:9c:2a:
         94:ba:09:1b:f6:c2:2a:0e:03:4d:37:4a:f9:ea:87:78:80:fc:
         11:74:b5:83:3d:ef:8d:6a:ee:69:01:ce:ef:06:62:4e:70:a6:
         58:1b:7d:a7:2c:b8:11:b1:9e:2f:27:94:44:e7:1b:23:b3:c0:
         98:63:64:7e:a7:af:9a:ed:d4:e0:65:29:95:4b:91:f8:b3:0c:
         97:3f:77:d4:e9:85:02:31:b6:f5:4a:70:b7:4b:01:07:7e:6d:
         d9:6f:fd:9b:3c:cb:87:e1:90:bd:4a:06:67:d7:dc:0c:4d:1e:
         fe:5e:a3:10:9a:02:b0:e1:f8:b4:2a:89:71:02:ae:6f:ed:6e:
         67:dd:ff:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUnNamhuzY3hT5dv8dYwQLLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMjIxMDYzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTIyZTMwN2EzOWE1NDNjM2IyZDQxZTk0N2RjMDRhNDdjNzc2ZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7kSqKpJZ5Q/IP+lPE5EGxWuYG8Vm
VWIM1/UAF+t2G/2ZFDXHsHeZ6Qwy0K7KXw4NQ0f7MJ1My8+pG1JthR6s4wTE53sa
X7D7LlrDOvO1tV4q3+AaNSN9R9GPdYjnyNWVrT/EXxsIaYLuKvFRXxBuoGf6dz5b
JFVd+iYieHjIfgUSSsbeOtLrcN8S8WfSrO67usL2KSUXvWnlIDw1JLIQ+y0UUt2w
CNGi8TDgyk2o1aCD3Bp39B0gt95hMlc7kMZSKQN5Y0sIopHcZv50dqhJexfRcsdR
VtqKkidBwrDjdvVz7W6/kr3cyMJev4ld94PjIYLb1gAPiMLVv61yTsQOKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB4i4wejmlQ8Oy1B6UfcBKR8d27uMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSGlMakI2T2FWRHc3TFVIcFI5d0VwSHgzYnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS9yAwQA
XXJJMA0GCSqGSIb3DQEBCwUAA4IBAQA6tbj11UMpP6Ubaq+Cc9WN3Tlw0IqsEM+j
1MW94sen7PNHdhwIjnaVIBJs4jA5OZ4x4oN1VppPT77BxxKL5v4Gi/0icHWqxK32
HX3ysQ0Lj1323b8HnPmc5Wdum7M6AwgaFCpPZwg2SMh8DrKyMmPOVnoinv4ESlPD
nhmfnCqUugkb9sIqDgNNN0r56od4gPwRdLWDPe+Nau5pAc7vBmJOcKZYG32nLLgR
sZ4vJ5RE5xsjs8CYY2R+p6+a7dTgZSmVS5H4swyXP3fU6YUCMbb1SnC3SwEHfm3Z
b/2bPMuH4ZC9SgZn19wMTR7+XqMQmgKw4fi0KolxAq5v7W5n3f+Y
-----END CERTIFICATE-----