Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TANe4BnauVy0WBvApn1ePJBAWJo.roa
File:                     TANe4BnauVy0WBvApn1ePJBAWJo.roa (raw, json)
Hash identifier:          MrmmLKOmpErB7U/EmQsAV7B+jwuXHXWXqavotvCxcIw=
Subject key identifier:   4C:03:5E:E0:19:DA:B9:5C:B4:58:1B:C0:A6:7D:5E:3C:90:40:58:9A
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018DD4B85BBF213FD9D4ECAC60DDAEC92DE7
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TANe4BnauVy0WBvApn1ePJBAWJo.roa
Signing time:             Fri 23 Feb 2024 06:47:48 +0000
ROA not before:           Fri 23 Feb 2024 06:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        89.33.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d4:b8:5b:bf:21:3f:d9:d4:ec:ac:60:dd:ae:c9:2d:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Feb 23 06:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c035ee019dab95cb4581bc0a67d5e3c9040589a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fe:23:c0:e1:4e:96:40:67:51:ba:6e:4d:ba:
                    c7:df:2a:7a:d6:93:52:2a:1d:dd:50:2d:03:ef:75:
                    1f:78:49:fd:ef:79:8d:91:ea:2e:29:3b:48:a5:b1:
                    28:dd:37:b4:1c:1e:7b:4f:e9:61:da:a3:8e:a2:2a:
                    49:db:8a:65:0c:f7:b7:02:97:d4:b0:93:e4:51:e4:
                    8f:f4:9d:30:56:ae:ca:39:a9:1d:ee:24:96:86:e3:
                    6b:41:a6:7c:9b:8a:96:fb:d4:71:9d:5a:0b:e4:78:
                    01:36:97:33:df:c0:bc:fb:50:08:92:33:ea:15:bc:
                    c8:22:2b:52:3c:a9:4e:af:fe:91:4e:a4:08:89:f3:
                    36:f4:6a:67:e0:28:95:92:db:fb:b9:93:85:a6:75:
                    db:85:91:0c:0d:94:c3:94:80:ab:75:14:8c:7d:54:
                    ae:ee:cc:ea:ce:27:1c:42:6c:49:ce:33:e2:d6:ce:
                    d9:c7:68:70:62:3a:1b:40:20:d1:b3:cc:67:b8:83:
                    72:cd:03:73:c7:5a:3f:7a:40:f5:c0:5a:5d:a0:90:
                    2c:b5:89:11:4f:a5:2a:3f:02:17:d8:d2:0c:11:53:
                    31:6b:26:cd:44:0a:d0:d4:95:13:5e:b6:dc:4c:6c:
                    85:11:a0:8d:fd:13:53:96:e5:17:94:8f:5c:eb:d4:
                    de:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:03:5E:E0:19:DA:B9:5C:B4:58:1B:C0:A6:7D:5E:3C:90:40:58:9A
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/TANe4BnauVy0WBvApn1ePJBAWJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:5a:a5:b4:63:6b:bc:f4:1e:05:5e:e3:a5:bf:dc:1b:74:4e:
         b2:fb:a7:46:c7:3e:a3:bd:5c:b4:4c:d0:c1:a1:9d:19:79:51:
         ac:0c:6e:96:8f:71:b2:2b:62:27:82:6b:ac:44:5c:02:56:01:
         a2:83:09:af:74:7e:4a:2a:d5:e5:e1:5b:50:4b:06:29:d3:fe:
         3e:4e:41:43:c3:81:f3:1e:cb:e6:67:e7:2f:d1:5b:c2:3c:49:
         a4:ef:ea:c8:16:35:03:e3:d4:2a:e8:21:a5:04:eb:3d:3b:48:
         fa:0f:5e:af:72:f2:2a:5e:38:66:3d:3b:f3:17:eb:cd:d0:70:
         e1:a1:a7:90:9e:10:74:8c:2b:b6:ba:6f:88:7c:5a:9d:35:68:
         53:52:ec:3a:bc:55:d0:21:81:78:af:c4:02:f1:6e:30:20:2a:
         10:a9:70:ac:81:b2:8c:6a:0c:36:2e:e3:5a:a3:7d:37:d2:49:
         30:d1:67:2b:b1:ef:4c:48:3c:dc:be:1f:33:d1:5b:b0:e3:6f:
         c2:b9:6f:02:6f:32:07:2a:c2:a8:3d:3b:bc:55:52:57:23:92:
         2d:12:5b:32:f5:88:4f:d7:a9:6f:56:09:a1:7c:b0:bc:23:9b:
         d1:b5:9c:c7:76:ba:c1:c6:d9:ab:ca:90:ab:8c:b0:32:bd:4a:
         43:49:0b:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3UuFu/IT/Z1OysYN2uyS3nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMjIzMDY0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzAzNWVlMDE5ZGFiOTVjYjQ1ODFiYzBhNjdkNWUzYzkwNDA1ODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2P4jwOFOlkBnUbpuTbrH3yp61pNS
Kh3dUC0D73UfeEn973mNkeouKTtIpbEo3Te0HB57T+lh2qOOoipJ24plDPe3ApfU
sJPkUeSP9J0wVq7KOakd7iSWhuNrQaZ8m4qW+9RxnVoL5HgBNpcz38C8+1AIkjPq
FbzIIitSPKlOr/6RTqQIifM29Gpn4CiVktv7uZOFpnXbhZEMDZTDlICrdRSMfVSu
7szqziccQmxJzjPi1s7Zx2hwYjobQCDRs8xnuINyzQNzx1o/ekD1wFpdoJAstYkR
T6UqPwIX2NIMEVMxaybNRArQ1JUTXrbcTGyFEaCN/RNTluUXlI9c69TejwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwDXuAZ2rlctFgbwKZ9XjyQQFiaMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvVEFOZTRCbmF1VnkwV0J2QXBuMWVQSkJBV0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHCMA0G
CSqGSIb3DQEBCwUAA4IBAQBkWqW0Y2u89B4FXuOlv9wbdE6y+6dGxz6jvVy0TNDB
oZ0ZeVGsDG6Wj3GyK2IngmusRFwCVgGigwmvdH5KKtXl4VtQSwYp0/4+TkFDw4Hz
HsvmZ+cv0VvCPEmk7+rIFjUD49Qq6CGlBOs9O0j6D16vcvIqXjhmPTvzF+vN0HDh
oaeQnhB0jCu2um+IfFqdNWhTUuw6vFXQIYF4r8QC8W4wICoQqXCsgbKMagw2LuNa
o3030kkw0Wcrse9MSDzcvh8z0Vuw42/CuW8CbzIHKsKoPTu8VVJXI5ItElsy9YhP
16lvVgmhfLC8I5vRtZzHdrrBxtmrypCrjLAyvUpDSQvV
-----END CERTIFICATE-----