Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/K2a12euHFJ9RkgmIS5SqVCM0wB4.roa
File:                     K2a12euHFJ9RkgmIS5SqVCM0wB4.roa (raw, json)
Hash identifier:          xDRkukqjK/fLCiJIoBR8WP7ekoz61ACm3a2Tkw9gIB4=
Subject key identifier:   2B:66:B5:D9:EB:87:14:9F:51:92:09:88:4B:94:AA:54:23:34:C0:1E
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01901007A365A4F98919A22701698CC60465
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/K2a12euHFJ9RkgmIS5SqVCM0wB4.roa
Signing time:             Thu 13 Jun 2024 05:17:34 +0000
ROA not before:           Thu 13 Jun 2024 05:17:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        89.34.230.0/24 maxlen: 24
                          89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:07:a3:65:a4:f9:89:19:a2:27:01:69:8c:c6:04:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jun 13 05:17:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b66b5d9eb87149f519209884b94aa542334c01e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:10:24:4a:28:e6:6f:f0:97:8c:e5:13:42:6b:
                    f1:0f:94:71:9e:1e:08:5b:f7:6e:c0:80:21:a6:e1:
                    ef:7d:d6:90:ae:70:47:ef:1e:9c:ea:7a:6a:63:33:
                    dc:44:4c:cd:7e:49:f1:0c:77:f8:19:58:83:85:2d:
                    f0:51:78:77:0e:34:10:cc:07:f0:bd:78:c4:e1:e4:
                    4d:e9:fb:c5:af:12:47:db:72:ac:56:5f:f8:74:6b:
                    2c:4c:dc:19:da:88:e9:36:a8:d2:87:5b:20:97:2d:
                    de:b3:6d:76:da:a2:31:ff:3e:59:2e:a8:4a:a5:7e:
                    23:c6:c2:d3:db:64:d0:53:7a:15:a0:be:9f:ed:45:
                    d6:d6:9f:cf:18:30:3a:ef:32:fb:58:e2:d6:1f:f7:
                    fb:2d:d9:ec:05:6d:fb:06:42:4e:31:c3:42:2c:11:
                    68:47:e6:00:86:7c:44:bf:08:d3:e1:b3:69:82:d3:
                    56:5c:9a:db:e9:0f:e4:3c:69:90:fc:86:f3:69:88:
                    76:a3:d1:5c:5b:f6:77:97:52:3c:de:45:1b:81:81:
                    63:66:7b:84:9c:0c:34:ef:e2:3c:17:ee:13:1b:d8:
                    1d:9d:7d:af:9a:50:9b:52:94:7f:05:32:47:b4:f1:
                    37:95:37:af:ea:c6:b3:03:20:7e:aa:b6:4c:c2:ff:
                    dc:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:66:B5:D9:EB:87:14:9F:51:92:09:88:4B:94:AA:54:23:34:C0:1E
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/K2a12euHFJ9RkgmIS5SqVCM0wB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.230.0/24
                  89.42.81.0-89.42.83.255

    Signature Algorithm: sha256WithRSAEncryption
         5a:94:28:6a:23:6d:3e:1e:cb:01:2d:26:9d:f6:dd:91:84:f2:
         f9:38:e7:87:b3:f9:07:cf:e9:32:0d:c8:aa:1a:97:bb:41:33:
         c8:ad:6c:9e:90:ac:44:91:e6:a7:b4:2c:1a:5e:81:7d:0d:8b:
         24:13:af:bf:1d:46:45:a3:2e:a8:77:b0:79:24:85:10:76:d7:
         a7:86:22:a6:53:56:f8:39:97:45:ab:e2:78:f8:f4:03:dc:9f:
         ba:3c:67:7b:d3:ef:5f:95:89:1f:e1:7e:44:8b:30:e1:c5:a7:
         32:02:fa:ba:31:ba:5e:31:75:40:98:3f:e1:1a:88:1a:9e:05:
         2b:0e:30:06:b4:3f:b8:80:02:df:a1:7b:b1:82:86:7b:8a:40:
         72:53:c9:79:c6:4f:0a:d8:0d:d5:66:ad:e2:0f:b8:9f:77:c1:
         34:6a:d3:3e:0b:99:c3:53:32:9c:6d:76:88:dc:82:fc:eb:ee:
         c2:b9:a2:1d:70:da:fc:4e:97:56:8f:eb:ce:c6:a4:3d:7f:20:
         70:ca:61:f4:a0:67:7b:b8:d2:5e:8e:f2:fc:9e:48:c1:ea:1c:
         0c:c8:4b:89:89:d2:89:2d:5f:99:0d:d8:fd:ae:7e:3c:97:9a:
         c8:41:23:16:14:38:04:88:1f:21:90:28:72:ac:98:71:a0:37:
         c7:6d:eb:da
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZAQB6NlpPmJGaInAWmMxgRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwNjEzMDUxNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjY2YjVkOWViODcxNDlmNTE5MjA5ODg0Yjk0YWE1NDIzMzRjMDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxAkSijmb/CXjOUTQmvxD5Rxnh4I
W/duwIAhpuHvfdaQrnBH7x6c6npqYzPcREzNfknxDHf4GViDhS3wUXh3DjQQzAfw
vXjE4eRN6fvFrxJH23KsVl/4dGssTNwZ2ojpNqjSh1sgly3es2122qIx/z5ZLqhK
pX4jxsLT22TQU3oVoL6f7UXW1p/PGDA67zL7WOLWH/f7LdnsBW37BkJOMcNCLBFo
R+YAhnxEvwjT4bNpgtNWXJrb6Q/kPGmQ/IbzaYh2o9FcW/Z3l1I83kUbgYFjZnuE
nAw07+I8F+4TG9gdnX2vmlCbUpR/BTJHtPE3lTev6sazAyB+qrZMwv/cpQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCtmtdnrhxSfUZIJiEuUqlQjNMAeMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSzJhMTJldUhGSjlSa2dtSVM1U3FWQ00wd0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAWSLmMAwD
BABZKlEDBAJZKlAwDQYJKoZIhvcNAQELBQADggEBAFqUKGojbT4eywEtJp323ZGE
8vk454ez+QfP6TINyKoal7tBM8itbJ6QrESR5qe0LBpegX0NiyQTr78dRkWjLqh3
sHkkhRB216eGIqZTVvg5l0Wr4nj49APcn7o8Z3vT71+ViR/hfkSLMOHFpzIC+rox
ul4xdUCYP+EaiBqeBSsOMAa0P7iAAt+he7GChnuKQHJTyXnGTwrYDdVmreIPuJ93
wTRq0z4LmcNTMpxtdojcgvzr7sK5oh1w2vxOl1aP687GpD1/IHDKYfSgZ3u40l6O
8vyeSMHqHAzIS4mJ0oktX5kN2P2ufjyXmshBIxYUOASIHyGQKHKsmHGgN8dt69o=
-----END CERTIFICATE-----