Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Iv-V-q5BeiVM3xdJu0QnZVjGhP4.roa
File:                     Iv-V-q5BeiVM3xdJu0QnZVjGhP4.roa (raw, json)
Hash identifier:          8UB/9CpthaVLRDPvIJuhoZgsNRg7XVq7lvKgiJ5UTsU=
Subject key identifier:   22:FF:95:FA:AE:41:7A:25:4C:DF:17:49:BB:44:27:65:58:C6:84:FE
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6BF7FF035F8487AF537AB72948FC4
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Iv-V-q5BeiVM3xdJu0QnZVjGhP4.roa
Signing time:             Wed 01 Jan 2025 21:47:43 +0000
ROA not before:           Wed 01 Jan 2025 21:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53616
IP address blocks:        93.114.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:bf:7f:f0:35:f8:48:7a:f5:37:ab:72:94:8f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22ff95faae417a254cdf1749bb44276558c684fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:71:a3:5c:31:17:44:b3:8b:f3:f9:08:1e:f3:
                    89:5f:9f:a7:fa:1b:80:3e:d0:27:53:1b:13:ac:39:
                    01:40:3b:5f:a9:32:a2:c1:a1:81:9d:7d:d7:83:4a:
                    45:79:ec:82:d4:eb:29:f1:3b:38:80:dd:64:0f:f9:
                    75:f3:52:95:b2:67:ab:87:8f:22:09:72:bf:37:f0:
                    5f:5a:e7:6d:5b:52:6e:6b:b9:e8:20:68:b8:7c:38:
                    26:82:7e:b5:7f:c6:8c:aa:8a:9c:af:06:4c:78:51:
                    fe:19:e3:be:b9:89:58:5b:4d:22:30:60:eb:4e:b0:
                    8a:e2:77:64:33:ac:79:df:9c:6b:33:3a:ac:c7:a4:
                    f2:bb:d7:4b:3f:9e:42:d6:51:5d:1f:3a:a6:c5:48:
                    29:1b:a8:4d:76:70:c1:01:93:f6:1b:34:74:5d:01:
                    45:c0:af:33:0e:c4:ea:7a:0c:54:3f:45:d1:d8:1d:
                    d6:57:54:78:ec:47:25:64:33:a3:ad:02:23:4e:22:
                    e4:59:60:93:8e:52:9a:37:f4:10:ad:03:63:65:76:
                    8b:42:ac:ef:a2:b1:8e:7f:da:9d:35:0b:19:c4:6b:
                    e6:5e:a8:1a:34:28:54:53:2b:ff:b6:0f:38:e6:77:
                    73:dd:d7:d0:2e:43:93:49:7e:e4:96:8c:49:fb:6f:
                    92:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:FF:95:FA:AE:41:7A:25:4C:DF:17:49:BB:44:27:65:58:C6:84:FE
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Iv-V-q5BeiVM3xdJu0QnZVjGhP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:94:0f:bf:8c:9e:ef:a5:e6:40:7a:d1:99:83:d2:86:73:d7:
         57:54:c3:26:ab:7d:d4:eb:19:bb:7d:12:73:9a:9a:ec:e4:72:
         5f:bc:62:c5:7b:61:e6:3f:bb:c1:ec:ed:f3:40:53:cb:97:7d:
         31:e2:0c:3c:51:5b:f1:80:50:19:2b:f7:bb:d0:08:ee:64:23:
         22:bc:c6:54:7a:6d:86:19:55:75:ce:fb:9b:d5:df:a4:4d:97:
         6b:c4:02:c0:87:a1:30:34:34:7e:89:d9:39:e4:69:2f:1f:09:
         5d:a4:07:6c:ed:a4:18:bf:18:27:0b:fc:3d:a8:20:67:7e:fd:
         cf:5f:de:9c:a7:88:40:45:71:6d:08:e2:6c:fc:83:e7:7d:47:
         a8:db:60:b2:ac:63:eb:b5:78:24:fa:ae:db:6f:5d:30:44:47:
         7d:e0:b3:ec:7e:f8:c6:8c:82:35:7e:84:91:7b:d2:87:d1:22:
         f7:0a:95:ee:ed:64:95:b1:7b:91:76:82:1d:e6:95:c7:c5:e9:
         a9:8a:1c:67:a1:20:cf:95:78:28:15:d6:61:a4:7b:3c:dc:e7:
         a9:a5:d1:c2:1f:47:a4:34:a3:0a:9c:b6:e3:4d:f3:4d:1f:df:
         63:76:76:71:73:7f:bc:62:c9:a5:89:1e:bd:6a:3c:a8:b5:2c:
         88:26:97:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1r9/8DX4SHr1N6tylI/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmZmOTVmYWFlNDE3YTI1NGNkZjE3NDliYjQ0Mjc2NTU4YzY4NGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXGjXDEXRLOL8/kIHvOJX5+n+huA
PtAnUxsTrDkBQDtfqTKiwaGBnX3Xg0pFeeyC1Osp8Ts4gN1kD/l181KVsmerh48i
CXK/N/BfWudtW1Jua7noIGi4fDgmgn61f8aMqoqcrwZMeFH+GeO+uYlYW00iMGDr
TrCK4ndkM6x535xrMzqsx6Tyu9dLP55C1lFdHzqmxUgpG6hNdnDBAZP2GzR0XQFF
wK8zDsTqegxUP0XR2B3WV1R47EclZDOjrQIjTiLkWWCTjlKaN/QQrQNjZXaLQqzv
orGOf9qdNQsZxGvmXqgaNChUUyv/tg845ndz3dfQLkOTSX7kloxJ+2+SFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCL/lfquQXolTN8XSbtEJ2VYxoT+MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSXYtVi1xNUJlaVZNM3hkSnUwUW5aVmpHaFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXJZMA0G
CSqGSIb3DQEBCwUAA4IBAQBzlA+/jJ7vpeZAetGZg9KGc9dXVMMmq33U6xm7fRJz
mprs5HJfvGLFe2HmP7vB7O3zQFPLl30x4gw8UVvxgFAZK/e70AjuZCMivMZUem2G
GVV1zvub1d+kTZdrxALAh6EwNDR+idk55GkvHwldpAds7aQYvxgnC/w9qCBnfv3P
X96cp4hARXFtCOJs/IPnfUeo22CyrGPrtXgk+q7bb10wREd94LPsfvjGjII1foSR
e9KH0SL3CpXu7WSVsXuRdoId5pXHxempihxnoSDPlXgoFdZhpHs83OeppdHCH0ek
NKMKnLbjTfNNH99jdnZxc3+8YsmliR69ajyotSyIJpdJ
-----END CERTIFICATE-----