Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Rh7hB-5JbH1dvdvaKTCUj80SyzU.roa
File:                     Rh7hB-5JbH1dvdvaKTCUj80SyzU.roa (raw, json)
Hash identifier:          +GUCydoIG+fUAwXxfjUHYZ3l1doqRuBify6AMej/fTc=
Subject key identifier:   46:1E:E1:07:EE:49:6C:7D:5D:BD:DB:DA:29:30:94:8F:CD:12:CB:35
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018F5C2E1D332FEEF6DE79DC659EFD12EBD2
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Rh7hB-5JbH1dvdvaKTCUj80SyzU.roa
Signing time:             Thu 09 May 2024 07:07:57 +0000
ROA not before:           Thu 09 May 2024 07:07:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        89.33.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5c:2e:1d:33:2f:ee:f6:de:79:dc:65:9e:fd:12:eb:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May  9 07:07:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=461ee107ee496c7d5dbddbda2930948fcd12cb35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ae:ea:39:9e:62:cc:87:26:a1:4c:d9:8a:d0:
                    01:07:e7:55:a9:c5:3a:64:45:c3:c1:c2:13:3d:46:
                    a7:70:82:ee:4a:a2:1f:68:33:93:55:1f:42:f4:6b:
                    d0:ec:12:27:c6:d2:66:b2:f8:49:5f:c5:bd:14:d0:
                    25:f0:26:7d:24:0a:81:82:88:92:03:8e:e0:bb:62:
                    b2:00:9d:01:96:cd:1b:07:ab:8a:f5:b9:c2:22:6d:
                    6a:38:82:64:6f:11:13:15:89:82:9f:cf:e1:95:e7:
                    ef:c7:7f:35:29:5c:a0:25:18:db:ae:ae:8c:da:45:
                    0c:e4:e0:81:42:ab:a2:e2:f3:71:8b:87:70:af:eb:
                    c1:29:bd:9e:b0:9d:10:e9:0a:46:82:1c:01:18:ca:
                    18:ed:57:c0:df:8f:31:90:42:39:27:fe:cf:41:a1:
                    98:20:0f:d5:be:45:2d:f1:a0:e6:b4:69:03:6a:13:
                    f6:88:40:55:12:67:4f:68:3a:63:23:a4:1f:5f:52:
                    9f:4a:b4:72:f2:13:32:0c:9f:d6:50:0a:4c:ce:1d:
                    90:c4:3c:3d:9e:e2:09:e9:c4:40:ef:8f:1b:6d:b7:
                    63:68:7c:cc:cd:65:c8:98:79:f2:bd:fb:85:e8:2c:
                    52:b2:27:e4:06:bd:c3:30:62:19:ab:a2:89:53:9c:
                    ad:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:1E:E1:07:EE:49:6C:7D:5D:BD:DB:DA:29:30:94:8F:CD:12:CB:35
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Rh7hB-5JbH1dvdvaKTCUj80SyzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:c3:42:d3:c9:92:5a:08:53:61:67:47:ef:61:27:12:8d:1a:
         b7:59:d7:6e:16:93:e4:1b:01:a3:13:13:94:7b:ff:72:0d:cb:
         82:67:c3:da:42:5d:ca:b3:84:61:cc:4b:c0:64:7a:56:30:76:
         63:3d:af:b7:b8:3a:53:c6:24:53:d1:b2:43:e9:97:49:f7:6b:
         f9:7c:57:81:6d:58:22:5b:e1:53:ed:02:c5:52:7d:e6:3d:2a:
         44:28:4b:e9:7e:e9:26:30:1d:2e:f6:d5:08:f6:aa:75:b1:1e:
         36:7c:b6:b6:63:36:05:d6:37:b0:d3:b2:04:ec:79:51:aa:3d:
         c2:7a:7a:6e:a1:2f:57:24:7d:88:46:88:2e:f9:69:94:34:9b:
         71:3a:a5:51:ca:97:16:d1:b6:9a:7a:4b:3a:b3:49:7c:d7:bc:
         a8:50:f4:31:97:12:c2:c9:e5:d4:c7:37:ce:4e:af:e0:a3:87:
         d3:e7:74:9d:af:d4:19:bf:ad:2d:b3:99:70:8a:eb:2e:67:17:
         d2:c6:2c:84:76:24:3a:f1:42:c9:2b:e1:71:3d:15:63:f5:a8:
         e4:59:f0:dd:90:cf:2d:c0:c0:12:f6:43:8f:b9:ec:6e:56:02:
         9a:bf:eb:af:22:52:77:dc:c8:a0:d6:95:09:d5:ce:87:8b:a3:
         5a:7e:cb:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9cLh0zL+723nncZZ79EuvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwNTA5MDcwNzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjFlZTEwN2VlNDk2YzdkNWRiZGRiZGEyOTMwOTQ4ZmNkMTJjYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnq7qOZ5izIcmoUzZitABB+dVqcU6
ZEXDwcITPUancILuSqIfaDOTVR9C9GvQ7BInxtJmsvhJX8W9FNAl8CZ9JAqBgoiS
A47gu2KyAJ0Bls0bB6uK9bnCIm1qOIJkbxETFYmCn8/hlefvx381KVygJRjbrq6M
2kUM5OCBQqui4vNxi4dwr+vBKb2esJ0Q6QpGghwBGMoY7VfA348xkEI5J/7PQaGY
IA/VvkUt8aDmtGkDahP2iEBVEmdPaDpjI6QfX1KfSrRy8hMyDJ/WUApMzh2QxDw9
nuIJ6cRA748bbbdjaHzMzWXImHnyvfuF6CxSsifkBr3DMGIZq6KJU5ytBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYe4QfuSWx9Xb3b2ikwlI/NEss1MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvUmg3aEItNUpiSDFkdmR2YUtUQ1VqODBTeXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHBMA0G
CSqGSIb3DQEBCwUAA4IBAQAbw0LTyZJaCFNhZ0fvYScSjRq3WdduFpPkGwGjExOU
e/9yDcuCZ8PaQl3Ks4RhzEvAZHpWMHZjPa+3uDpTxiRT0bJD6ZdJ92v5fFeBbVgi
W+FT7QLFUn3mPSpEKEvpfukmMB0u9tUI9qp1sR42fLa2YzYF1jew07IE7HlRqj3C
enpuoS9XJH2IRogu+WmUNJtxOqVRypcW0baaeks6s0l817yoUPQxlxLCyeXUxzfO
Tq/go4fT53Sdr9QZv60ts5lwiusuZxfSxiyEdiQ68ULJK+FxPRVj9ajkWfDdkM8t
wMAS9kOPuexuVgKav+uvIlJ33Mig1pUJ1c6Hi6NafssX
-----END CERTIFICATE-----