Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ILWBqclUxLz7e0YJw_tEKCOaOIw.roa
File:                     ILWBqclUxLz7e0YJw_tEKCOaOIw.roa (raw, json)
Hash identifier:          /KTJ4nDxrwFVyLf8ZUHtVzV35feK5zLL75D6hUHpLOA=
Subject key identifier:   20:B5:81:A9:C9:54:C4:BC:FB:7B:46:09:C3:FB:44:28:23:9A:38:8C
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01927AA8235564BC9A4F00C6E88A6206E800
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ILWBqclUxLz7e0YJw_tEKCOaOIw.roa
Signing time:             Fri 11 Oct 2024 08:18:12 +0000
ROA not before:           Fri 11 Oct 2024 08:18:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        93.114.90.0/24 maxlen: 24
                          93.114.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:a8:23:55:64:bc:9a:4f:00:c6:e8:8a:62:06:e8:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 11 08:18:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20b581a9c954c4bcfb7b4609c3fb4428239a388c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:12:11:ee:d3:77:08:65:c5:96:e0:65:ba:62:
                    9a:5f:03:91:12:2e:45:e4:3d:3d:aa:9a:c9:a3:f7:
                    f1:79:3c:49:5d:40:4d:ee:54:6f:98:7a:f9:86:0e:
                    7b:e9:72:63:86:e4:38:24:c6:4c:56:05:fd:3e:fa:
                    4d:4c:3b:83:59:05:10:18:a7:13:f4:45:aa:88:df:
                    4b:4b:f6:b8:b2:1a:57:2b:0e:3c:d1:be:ee:e3:0b:
                    02:2d:c4:a4:e3:b4:d0:ac:cc:5c:7a:42:8a:ad:dc:
                    c2:5c:aa:24:4b:0d:ad:40:8c:d4:c5:f9:c5:8d:b1:
                    3a:39:76:b9:e3:32:e2:18:d1:8f:5d:81:b2:d0:02:
                    cd:75:e7:5b:ec:79:07:ac:31:04:7e:2f:7b:e0:fb:
                    93:f6:c3:8b:29:29:25:3b:0e:86:1e:c8:2b:e8:e0:
                    ac:f1:a2:d6:df:ca:d3:b5:3b:ce:d9:e2:9d:ff:18:
                    e4:18:e8:90:83:59:f9:77:28:ce:6c:26:9c:a0:0b:
                    b4:db:6d:52:9b:d5:09:86:8b:35:94:2d:e0:b1:32:
                    19:69:0e:b3:f5:17:28:b0:31:be:5f:61:d6:31:26:
                    d4:4b:7b:c6:9b:be:05:ac:ee:f5:9a:45:0a:73:c2:
                    a2:f8:6b:3e:c6:69:e9:53:bc:e6:ce:5d:d1:0d:e9:
                    eb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B5:81:A9:C9:54:C4:BC:FB:7B:46:09:C3:FB:44:28:23:9A:38:8C
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ILWBqclUxLz7e0YJw_tEKCOaOIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:98:40:96:5b:b8:86:a9:8e:de:68:4c:e6:c4:e8:21:c3:5c:
         78:bb:ed:71:24:0a:70:bc:b7:d6:a2:aa:c3:e9:af:e4:1c:fe:
         54:6d:01:01:3a:e9:90:07:00:96:7e:0f:0f:14:54:b3:f5:50:
         9a:40:77:cf:ea:49:1b:72:ce:38:17:68:63:e3:be:9d:69:ef:
         a7:01:98:86:bc:fb:40:2f:ef:6d:14:87:ec:3a:dd:42:c9:b5:
         50:dd:28:3e:63:72:43:0b:df:66:11:a6:76:8b:19:00:83:99:
         e6:a8:74:3e:a2:2b:dd:83:89:ca:ff:e0:3a:b8:5d:30:d8:5c:
         25:15:31:e0:19:60:87:14:60:42:9d:68:e5:bd:c4:ac:28:6f:
         9c:9d:d2:b6:08:e7:19:58:82:bd:1a:61:2f:3f:07:61:df:89:
         a2:1d:c8:d4:25:74:ee:77:f0:9c:e1:73:e6:91:49:1b:c2:a1:
         70:09:92:9b:ce:7b:04:b3:4e:62:a7:74:43:98:53:81:a2:c1:
         16:2a:72:2b:1f:d0:9f:a0:2e:58:b6:ed:a0:93:7c:e2:fc:19:
         c6:cd:dd:f2:a7:d9:de:61:c6:36:d5:d4:e1:85:03:86:c5:90:
         0d:99:45:2d:77:9b:d2:b9:1c:be:f3:8c:c7:6f:cf:8d:cc:e3:
         f7:a2:af:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ6qCNVZLyaTwDG6IpiBugAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQxMDExMDgxODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGI1ODFhOWM5NTRjNGJjZmI3YjQ2MDljM2ZiNDQyODIzOWEzODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BIR7tN3CGXFluBlumKaXwOREi5F
5D09qprJo/fxeTxJXUBN7lRvmHr5hg576XJjhuQ4JMZMVgX9PvpNTDuDWQUQGKcT
9EWqiN9LS/a4shpXKw480b7u4wsCLcSk47TQrMxcekKKrdzCXKokSw2tQIzUxfnF
jbE6OXa54zLiGNGPXYGy0ALNdedb7HkHrDEEfi974PuT9sOLKSklOw6GHsgr6OCs
8aLW38rTtTvO2eKd/xjkGOiQg1n5dyjObCacoAu0221Sm9UJhos1lC3gsTIZaQ6z
9RcosDG+X2HWMSbUS3vGm74FrO71mkUKc8Ki+Gs+xmnpU7zmzl3RDenrswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC1ganJVMS8+3tGCcP7RCgjmjiMMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSUxXQnFjbFV4THo3ZTBZSndfdEVLQ09hT0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXXJaMA0G
CSqGSIb3DQEBCwUAA4IBAQCFmECWW7iGqY7eaEzmxOghw1x4u+1xJApwvLfWoqrD
6a/kHP5UbQEBOumQBwCWfg8PFFSz9VCaQHfP6kkbcs44F2hj476dae+nAZiGvPtA
L+9tFIfsOt1CybVQ3Sg+Y3JDC99mEaZ2ixkAg5nmqHQ+oivdg4nK/+A6uF0w2Fwl
FTHgGWCHFGBCnWjlvcSsKG+cndK2COcZWIK9GmEvPwdh34miHcjUJXTud/Cc4XPm
kUkbwqFwCZKbznsEs05ip3RDmFOBosEWKnIrH9CfoC5Ytu2gk3zi/BnGzd3yp9ne
YcY21dThhQOGxZANmUUtd5vSuRy+84zHb8+NzOP3oq91
-----END CERTIFICATE-----