Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/KDeWOkaF70eqK8IqBq2nU5sdDuM.roa
File:                     KDeWOkaF70eqK8IqBq2nU5sdDuM.roa (raw, json)
Hash identifier:          naYsxWKbD+Ie1K4ypiEVsYFVnvS6dOU46ar9IApbTuQ=
Subject key identifier:   28:37:96:3A:46:85:EF:47:AA:2B:C2:2A:06:AD:A7:53:9B:1D:0E:E3
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019011CF93425A9763E2704443CBC9BE3E9A
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/KDeWOkaF70eqK8IqBq2nU5sdDuM.roa
Signing time:             Thu 13 Jun 2024 13:35:34 +0000
ROA not before:           Thu 13 Jun 2024 13:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214730
IP address blocks:        89.34.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:cf:93:42:5a:97:63:e2:70:44:43:cb:c9:be:3e:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jun 13 13:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2837963a4685ef47aa2bc22a06ada7539b1d0ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:02:32:24:ac:48:3a:c5:54:b8:2f:55:0a:6a:
                    63:dd:c2:fd:ba:b6:af:6b:cc:1c:85:d0:a9:38:70:
                    a9:82:9b:68:a2:4b:28:ae:d1:d8:08:19:c6:96:bc:
                    8e:ec:88:24:c4:57:c3:69:c8:a8:ab:80:a1:8f:3a:
                    7c:9a:aa:c2:16:78:6d:90:a9:af:85:c1:ce:2a:27:
                    d7:96:d5:8a:4e:b7:a4:62:72:4f:c5:fb:01:f4:da:
                    f2:93:56:78:57:f6:24:64:94:09:76:40:d9:ad:c7:
                    6e:0a:a0:92:96:be:ec:b5:6d:a3:f4:e5:28:ad:8d:
                    42:b7:43:c4:db:89:52:25:e0:40:50:43:2e:b1:35:
                    55:8e:44:98:17:77:06:9b:1b:33:3b:3a:6f:b3:af:
                    ce:71:6a:69:36:75:7f:49:5a:d1:a7:5e:f3:bf:59:
                    be:7b:e4:64:6f:df:0e:c0:5f:78:49:7e:e3:c4:ad:
                    03:af:39:94:4d:0c:88:2c:cb:51:a3:1f:f0:22:2b:
                    41:bf:6a:31:c1:4f:15:5a:9a:0e:d3:87:be:cd:7d:
                    39:fb:04:e1:0e:55:52:a7:24:f8:cb:ee:24:24:08:
                    0d:c1:81:3d:76:a4:62:97:96:61:69:40:87:36:86:
                    fa:a9:ad:f5:12:91:f6:19:29:f3:d7:a4:b0:c8:76:
                    c8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:37:96:3A:46:85:EF:47:AA:2B:C2:2A:06:AD:A7:53:9B:1D:0E:E3
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/KDeWOkaF70eqK8IqBq2nU5sdDuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:b5:9d:bc:d2:1e:f6:d8:7b:73:bc:17:11:df:5f:d5:3b:c2:
         af:6c:f0:f9:4e:5e:31:7f:99:f1:72:89:2d:f3:f6:ae:98:47:
         07:e7:e9:49:f7:c6:e1:d5:c7:b8:00:ea:c7:3a:b0:82:84:c2:
         9a:c0:26:92:f4:7d:e1:16:1c:97:ca:07:92:98:4d:30:f9:1a:
         e3:b5:cb:f1:d0:df:69:ac:4f:93:fb:87:af:e1:17:94:c1:d6:
         2e:16:4c:2b:e8:6e:e4:06:3b:0e:d1:18:d1:69:17:b7:6b:e5:
         a6:2e:50:24:ca:bf:c9:61:13:99:88:cb:e8:cd:c6:1a:56:3a:
         21:18:8a:46:f6:ab:92:1d:4f:ea:fe:d0:2b:f3:3e:7f:fd:86:
         64:c9:04:ae:b3:43:6a:7a:3a:5f:86:54:3e:62:7e:d2:ea:a9:
         fa:23:d4:1e:99:89:f7:4d:eb:2c:5b:f7:e7:ab:75:3c:f0:ab:
         c7:68:7f:d3:84:62:e5:f1:4d:d1:79:97:3c:63:be:3e:0f:6f:
         b5:36:42:38:ca:41:d3:a7:8a:2d:91:cd:cc:79:60:57:12:3c:
         e5:56:83:86:d5:32:ee:3d:78:7c:e2:a6:4d:4b:40:72:4a:47:
         e0:f5:71:4e:88:a1:30:b3:fe:7a:b3:a8:c9:98:c5:41:b7:57:
         04:b4:a0:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZARz5NCWpdj4nBEQ8vJvj6aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwNjEzMTMzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODM3OTYzYTQ2ODVlZjQ3YWEyYmMyMmEwNmFkYTc1MzliMWQwZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAIyJKxIOsVUuC9VCmpj3cL9urav
a8wchdCpOHCpgptooksortHYCBnGlryO7IgkxFfDacioq4Chjzp8mqrCFnhtkKmv
hcHOKifXltWKTrekYnJPxfsB9Nryk1Z4V/YkZJQJdkDZrcduCqCSlr7stW2j9OUo
rY1Ct0PE24lSJeBAUEMusTVVjkSYF3cGmxszOzpvs6/OcWppNnV/SVrRp17zv1m+
e+Rkb98OwF94SX7jxK0DrzmUTQyILMtRox/wIitBv2oxwU8VWpoO04e+zX05+wTh
DlVSpyT4y+4kJAgNwYE9dqRil5ZhaUCHNob6qa31EpH2GSnz16SwyHbICwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCg3ljpGhe9HqivCKgatp1ObHQ7jMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvS0RlV09rYUY3MGVxSzhJcUJxMm5VNXNkRHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSLmMA0G
CSqGSIb3DQEBCwUAA4IBAQBgtZ280h722HtzvBcR31/VO8KvbPD5Tl4xf5nxcokt
8/aumEcH5+lJ98bh1ce4AOrHOrCChMKawCaS9H3hFhyXygeSmE0w+Rrjtcvx0N9p
rE+T+4ev4ReUwdYuFkwr6G7kBjsO0RjRaRe3a+WmLlAkyr/JYROZiMvozcYaVjoh
GIpG9quSHU/q/tAr8z5//YZkyQSus0NqejpfhlQ+Yn7S6qn6I9QemYn3TessW/fn
q3U88KvHaH/ThGLl8U3ReZc8Y74+D2+1NkI4ykHTp4otkc3MeWBXEjzlVoOG1TLu
PXh84qZNS0BySkfg9XFOiKEws/56s6jJmMVBt1cEtKAN
-----END CERTIFICATE-----