Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Mh-PprZp6nzOYoR8Pnx3UGToeis.roa
File:                     Mh-PprZp6nzOYoR8Pnx3UGToeis.roa (raw, json)
Hash identifier:          ziLvlsY8C35jD0sy9xAolLCBLpApLP5S3mvOKBk8W8I=
Subject key identifier:   32:1F:8F:A6:B6:69:EA:7C:CE:62:84:7C:3E:7C:77:50:64:E8:7A:2B
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D1BA283C993F2264ED8669643412C
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Mh-PprZp6nzOYoR8Pnx3UGToeis.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        89.47.233.0/24 maxlen: 24
                          188.240.210.0/24 maxlen: 24
                          89.41.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1b:a2:83:c9:93:f2:26:4e:d8:66:96:43:41:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=321f8fa6b669ea7cce62847c3e7c775064e87a2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c1:af:06:39:93:0b:e7:ad:ce:c0:4e:da:84:
                    6c:ab:5f:45:1e:fe:45:dc:db:4b:d2:3b:8f:9d:43:
                    1f:64:cd:9c:c2:0b:dd:4f:82:2d:87:52:ba:b9:4b:
                    7f:f3:d9:3f:01:e2:50:5a:99:60:72:f6:c5:fe:20:
                    da:1d:10:b5:23:8d:27:3e:9b:1c:1d:55:6f:6f:cb:
                    59:a6:f4:13:03:b9:7d:74:49:2c:d0:01:74:39:a8:
                    12:0c:7b:c6:4f:76:07:f1:00:27:52:30:f7:a6:e5:
                    7c:be:8e:0a:f7:27:a9:4d:22:f6:78:18:c7:59:48:
                    e4:e2:bb:2f:2c:52:e3:8a:eb:4b:af:7e:9e:d1:e2:
                    b2:6d:4a:cb:a0:37:d7:a4:8f:66:c7:e7:17:bb:28:
                    95:1d:3f:01:43:a3:5e:98:68:cb:30:47:cd:f4:27:
                    7f:a8:56:75:70:44:85:76:4e:54:42:9c:4c:82:c0:
                    8a:92:46:e5:66:d3:5b:1b:cc:d9:21:6f:15:e6:43:
                    d8:bb:56:3a:3f:bd:71:c5:35:9a:38:78:1d:22:88:
                    03:bd:a3:4a:e9:cc:78:60:9f:5d:9a:56:6c:c0:0d:
                    9d:50:01:68:38:d8:a8:72:3c:3c:cf:4d:aa:44:e6:
                    fd:da:45:92:7e:14:db:8c:cf:1e:a3:b6:c4:d7:a7:
                    13:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1F:8F:A6:B6:69:EA:7C:CE:62:84:7C:3E:7C:77:50:64:E8:7A:2B
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Mh-PprZp6nzOYoR8Pnx3UGToeis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.41.179.0/24
                  89.47.233.0/24
                  188.240.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:3e:5c:07:82:bb:e8:21:13:ec:9c:5f:9e:d4:65:77:d7:27:
         da:3b:25:28:d0:1b:c9:79:d1:3c:e6:94:0e:95:b1:c2:aa:38:
         e2:9d:9f:7d:7a:07:74:ed:e7:bc:c6:2f:bc:c9:6e:43:95:87:
         67:e6:02:42:88:66:2d:62:0e:13:8b:e7:41:84:29:5c:c9:bb:
         63:2d:13:79:52:21:54:41:9b:9f:23:d8:91:13:d6:86:1d:c0:
         19:92:e4:14:b9:9d:d1:c3:ad:a3:d7:0c:f7:9f:db:e6:1a:12:
         e2:3f:a3:92:35:c9:b4:6d:55:97:43:ba:4f:1c:73:e2:40:bc:
         80:8f:fe:18:82:30:0e:55:7e:c0:f3:f1:87:f7:1a:3d:5f:e6:
         dd:60:65:b9:0d:cc:94:20:bd:19:96:c7:3e:fc:b1:eb:17:c8:
         ad:fc:b5:87:cb:cd:e5:f2:02:0a:07:4e:1c:62:e1:cf:de:cf:
         65:f4:c2:9e:bb:c4:ba:48:65:75:4e:6b:7d:c9:5d:1b:3c:9c:
         f7:8c:97:51:8d:71:56:15:7e:aa:3a:aa:1b:82:c1:77:0e:64:
         1b:87:b3:87:65:7e:6f:e5:2c:ed:a3:71:52:f4:4b:19:1d:31:
         9c:7a:7d:02:c0:89:20:93:c3:c5:b8:49:18:e8:00:d8:3d:16:
         08:74:fe:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbRuig8mT8iZO2GaWQ0EsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjFmOGZhNmI2NjllYTdjY2U2Mjg0N2MzZTdjNzc1MDY0ZTg3YTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMGvBjmTC+etzsBO2oRsq19FHv5F
3NtL0juPnUMfZM2cwgvdT4Ith1K6uUt/89k/AeJQWplgcvbF/iDaHRC1I40nPpsc
HVVvb8tZpvQTA7l9dEks0AF0OagSDHvGT3YH8QAnUjD3puV8vo4K9yepTSL2eBjH
WUjk4rsvLFLjiutLr36e0eKybUrLoDfXpI9mx+cXuyiVHT8BQ6NemGjLMEfN9Cd/
qFZ1cESFdk5UQpxMgsCKkkblZtNbG8zZIW8V5kPYu1Y6P71xxTWaOHgdIogDvaNK
6cx4YJ9dmlZswA2dUAFoONiocjw8z02qROb92kWSfhTbjM8eo7bE16cTNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDIfj6a2aep8zmKEfD58d1Bk6HorMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvTWgtUHByWnA2bnpPWW9SOFBueDNVR1RvZWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSmzAwQA
WS/pAwQAvPDSMA0GCSqGSIb3DQEBCwUAA4IBAQBaPlwHgrvoIRPsnF+e1GV31yfa
OyUo0BvJedE85pQOlbHCqjjinZ99egd07ee8xi+8yW5DlYdn5gJCiGYtYg4Ti+dB
hClcybtjLRN5UiFUQZufI9iRE9aGHcAZkuQUuZ3Rw62j1wz3n9vmGhLiP6OSNcm0
bVWXQ7pPHHPiQLyAj/4YgjAOVX7A8/GH9xo9X+bdYGW5DcyUIL0Zlsc+/LHrF8it
/LWHy83l8gIKB04cYuHP3s9l9MKeu8S6SGV1Tmt9yV0bPJz3jJdRjXFWFX6qOqob
gsF3DmQbh7OHZX5v5Szto3FS9EsZHTGcen0CwIkgk8PFuEkY6ADYPRYIdP5l
-----END CERTIFICATE-----