Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/JNcwKOS2Y7abnjaLLSvJV-rtFcQ.roa
File:                     JNcwKOS2Y7abnjaLLSvJV-rtFcQ.roa (raw, json)
Hash identifier:          Gc2BORVZYAuXZdfVZXcftqYu6QQwuFLfvpG5E0oR8vY=
Subject key identifier:   24:D7:30:28:E4:B6:63:B6:9B:9E:36:8B:2D:2B:C9:57:EA:ED:15:C4
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6CD3CFA6C5500D575A280B4642A71
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/JNcwKOS2Y7abnjaLLSvJV-rtFcQ.roa
Signing time:             Wed 01 Jan 2025 21:47:47 +0000
ROA not before:           Wed 01 Jan 2025 21:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212815
IP address blocks:        89.33.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:cd:3c:fa:6c:55:00:d5:75:a2:80:b4:64:2a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24d73028e4b663b69b9e368b2d2bc957eaed15c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:cf:0a:3f:4f:86:a1:8a:39:71:f5:74:28:f0:
                    2b:b7:52:08:dd:e1:35:6d:63:03:16:0c:05:e1:26:
                    d8:f8:c6:c8:cc:58:0b:2f:cb:e2:f7:ae:b3:08:26:
                    c6:0c:a9:18:52:73:fd:89:0c:e3:7a:fa:e7:c9:49:
                    16:67:34:40:0c:a3:3b:e9:72:9e:ab:b4:79:64:05:
                    55:af:a3:5f:3b:1d:c8:df:d3:ff:71:49:10:3e:29:
                    12:3b:71:69:b7:d9:4b:14:d1:2a:09:00:f3:bf:96:
                    b1:8c:bd:58:6c:ca:0a:7f:b4:aa:aa:74:7c:59:ba:
                    3a:88:e5:84:30:0d:dc:4f:d1:e2:2d:83:f2:53:d0:
                    fa:13:0f:84:f9:b6:36:ef:9a:69:ff:79:86:cc:c8:
                    2d:8e:d2:6c:f9:61:21:d3:b4:51:c1:b5:52:c8:b4:
                    75:99:8f:01:b0:97:bf:eb:26:cd:c1:d3:c9:6a:66:
                    71:e0:2f:3e:0d:c2:02:b4:3e:e2:40:18:fa:f8:e7:
                    9f:af:34:4e:b6:71:73:cf:2d:f0:39:5e:3a:eb:1c:
                    ba:a4:a8:c7:2c:f5:23:82:c7:41:da:32:d9:00:8e:
                    ac:72:8f:49:cf:03:fa:31:89:09:f2:a6:12:be:72:
                    17:6e:33:28:76:c1:cb:6a:f8:38:ae:31:8c:eb:df:
                    3b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D7:30:28:E4:B6:63:B6:9B:9E:36:8B:2D:2B:C9:57:EA:ED:15:C4
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/JNcwKOS2Y7abnjaLLSvJV-rtFcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:40:5a:89:47:18:cf:8b:25:cd:d6:f4:aa:3d:bb:86:3a:e8:
         76:d7:a0:92:a7:1d:3d:d7:06:eb:33:77:89:d8:fb:ce:4c:c8:
         3a:5e:8c:23:0b:34:b2:09:0a:f0:b4:1d:aa:2d:67:bf:41:60:
         a9:83:f7:7d:e4:22:0f:df:65:ec:bc:8a:9c:9f:a8:c4:18:df:
         d9:ee:7e:26:e9:0b:cf:d1:73:9b:a4:92:a6:92:fa:a8:c9:58:
         70:61:50:23:3c:b4:34:59:1d:4a:23:2d:ec:eb:0d:6b:35:8c:
         62:16:e9:df:34:07:51:c6:0c:f6:e0:41:cc:2c:63:ba:1c:54:
         e9:a9:de:17:4a:cc:07:ab:d4:2a:47:f3:ce:21:60:94:bf:48:
         7a:e8:21:f2:cd:bd:5e:43:42:42:4f:7b:0f:a3:35:05:af:1b:
         64:f0:1e:75:95:68:97:dd:ce:9c:d3:66:43:2c:4e:9e:c9:fa:
         88:f9:8f:30:3e:f3:87:44:93:87:85:ba:9e:0a:81:b6:f9:67:
         ac:f3:40:72:7c:e5:cf:1c:af:60:62:ce:06:95:10:96:2b:e7:
         76:f1:5a:6d:9d:ef:e1:28:74:f2:00:0a:58:6a:d3:07:02:5a:
         66:72:96:e1:83:f1:71:ab:8c:46:c5:fb:41:95:e2:37:a1:c7:
         b4:c8:73:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1s08+mxVANV1ooC0ZCpxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGQ3MzAyOGU0YjY2M2I2OWI5ZTM2OGIyZDJiYzk1N2VhZWQxNWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc8KP0+GoYo5cfV0KPArt1II3eE1
bWMDFgwF4SbY+MbIzFgLL8vi966zCCbGDKkYUnP9iQzjevrnyUkWZzRADKM76XKe
q7R5ZAVVr6NfOx3I39P/cUkQPikSO3Fpt9lLFNEqCQDzv5axjL1YbMoKf7SqqnR8
Wbo6iOWEMA3cT9HiLYPyU9D6Ew+E+bY275pp/3mGzMgtjtJs+WEh07RRwbVSyLR1
mY8BsJe/6ybNwdPJamZx4C8+DcICtD7iQBj6+OefrzROtnFzzy3wOV466xy6pKjH
LPUjgsdB2jLZAI6sco9JzwP6MYkJ8qYSvnIXbjModsHLavg4rjGM6987HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTXMCjktmO2m542iy0ryVfq7RXEMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSk5jd0tPUzJZN2FibmphTExTdkpWLXJ0RmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHCMA0G
CSqGSIb3DQEBCwUAA4IBAQBjQFqJRxjPiyXN1vSqPbuGOuh216CSpx091wbrM3eJ
2PvOTMg6XowjCzSyCQrwtB2qLWe/QWCpg/d95CIP32XsvIqcn6jEGN/Z7n4m6QvP
0XObpJKmkvqoyVhwYVAjPLQ0WR1KIy3s6w1rNYxiFunfNAdRxgz24EHMLGO6HFTp
qd4XSswHq9QqR/POIWCUv0h66CHyzb1eQ0JCT3sPozUFrxtk8B51lWiX3c6c02ZD
LE6eyfqI+Y8wPvOHRJOHhbqeCoG2+Wes80ByfOXPHK9gYs4GlRCWK+d28Vptne/h
KHTyAApYatMHAlpmcpbhg/Fxq4xGxftBleI3oce0yHM7
-----END CERTIFICATE-----