Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/W05FCsQZSvkbSiQeU1-I4MyafKo.roa
File:                     W05FCsQZSvkbSiQeU1-I4MyafKo.roa (raw, json)
Hash identifier:          fQ78fgDVxT2mdwX1khPD3F7B7VQ//jrbsKCfe+vw63Q=
Subject key identifier:   5B:4E:45:0A:C4:19:4A:F9:1B:4A:24:1E:53:5F:88:E0:CC:9A:7C:AA
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D302671A45C93BD23CDAEECFEAB6E
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/W05FCsQZSvkbSiQeU1-I4MyafKo.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213250
IP address blocks:        89.42.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:30:26:71:a4:5c:93:bd:23:cd:ae:ec:fe:ab:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b4e450ac4194af91b4a241e535f88e0cc9a7caa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:39:96:1f:b4:1c:5b:5e:e3:84:9d:64:13:3c:
                    24:e5:19:6f:dc:cf:c7:73:db:35:3a:bd:82:b7:47:
                    6a:bb:63:60:b3:00:bb:f1:09:c1:59:53:a9:29:14:
                    57:52:d0:e0:2f:7b:bf:7b:ee:2f:54:a1:7a:ad:e5:
                    1d:6d:ce:7d:16:b5:6b:93:1d:ad:71:1e:a1:84:ef:
                    73:f1:cd:0a:90:a1:12:95:f7:e8:c5:20:bb:07:a1:
                    1b:e3:fc:14:65:e4:8c:14:44:2f:6b:2d:6a:df:67:
                    f8:47:47:13:6b:9d:dc:50:81:3d:7c:ad:ea:93:52:
                    e5:63:8e:b1:27:1d:61:e4:62:d6:5d:c6:ab:f2:9e:
                    94:84:95:62:e2:e8:fa:55:fc:48:f8:5f:37:06:81:
                    b0:ea:dc:a9:ab:3f:24:32:e5:d2:14:22:ba:80:47:
                    67:0c:11:64:db:ca:e9:81:51:20:52:81:a8:f6:db:
                    96:08:3c:25:c4:92:6c:55:61:87:4f:41:5c:af:52:
                    1b:a7:8f:a4:9a:1e:62:9c:29:7e:38:c3:09:00:df:
                    37:37:94:97:b8:91:56:62:71:f1:c1:17:f6:f0:db:
                    2a:e7:7d:c6:47:f3:c4:79:fb:6f:5d:c2:fc:a8:ca:
                    ba:2b:74:a0:63:46:6b:c4:ac:c5:cc:5f:10:1a:41:
                    a7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:4E:45:0A:C4:19:4A:F9:1B:4A:24:1E:53:5F:88:E0:CC:9A:7C:AA
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/W05FCsQZSvkbSiQeU1-I4MyafKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:06:ca:94:1f:58:1a:1f:b0:9b:ac:e0:a2:84:b8:2f:03:d7:
         12:f0:46:2f:72:eb:74:8f:6d:05:2e:2b:6c:e4:3e:43:d8:0e:
         be:f6:17:f3:b8:55:2c:c4:3f:78:65:46:c1:6e:b6:9c:c4:a9:
         82:f1:9b:48:c9:df:f6:7d:3c:14:9a:77:4b:20:49:0b:cb:b6:
         f8:df:bc:29:4a:fc:8f:ee:f9:ba:5e:86:1d:7d:62:30:d5:c8:
         9c:6e:7b:b3:c6:14:59:a8:63:d5:63:22:c1:9a:f9:1a:d5:29:
         6d:87:b1:b4:55:48:61:dc:6d:c9:5c:e3:9f:1d:1b:58:b8:d8:
         97:25:08:d2:bf:e4:e2:7b:73:21:64:cf:1e:4e:48:8a:5b:2e:
         a9:74:ee:b5:90:fc:01:3a:6c:6d:e5:9e:d7:c3:2d:41:6b:e8:
         e1:a9:1a:74:2c:66:54:75:3f:1e:a6:bb:74:c1:0b:34:48:a5:
         a7:75:9e:ac:f3:ac:e3:6d:0b:e4:e9:6e:ef:76:97:73:68:8d:
         7f:c5:66:17:98:db:e0:3d:00:a7:3e:34:29:c7:dc:3e:3d:81:
         43:43:b4:aa:30:58:b8:e9:b7:d7:b4:f9:b6:9f:b8:8d:47:ff:
         3c:f5:3b:3e:0e:54:c7:57:10:93:f4:6f:cc:08:e0:ce:2f:19:
         b5:2e:0e:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTAmcaRck70jza7s/qtuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjRlNDUwYWM0MTk0YWY5MWI0YTI0MWU1MzVmODhlMGNjOWE3Y2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjmWH7QcW17jhJ1kEzwk5Rlv3M/H
c9s1Or2Ct0dqu2NgswC78QnBWVOpKRRXUtDgL3u/e+4vVKF6reUdbc59FrVrkx2t
cR6hhO9z8c0KkKESlffoxSC7B6Eb4/wUZeSMFEQvay1q32f4R0cTa53cUIE9fK3q
k1LlY46xJx1h5GLWXcar8p6UhJVi4uj6VfxI+F83BoGw6typqz8kMuXSFCK6gEdn
DBFk28rpgVEgUoGo9tuWCDwlxJJsVWGHT0Fcr1Ibp4+kmh5inCl+OMMJAN83N5SX
uJFWYnHxwRf28Nsq533GR/PEeftvXcL8qMq6K3SgY0ZrxKzFzF8QGkGnKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtORQrEGUr5G0okHlNfiODMmnyqMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvVzA1RkNzUVpTdmtiU2lRZVUxLUk0TXlhZktvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSpYMA0G
CSqGSIb3DQEBCwUAA4IBAQALBsqUH1gaH7CbrOCihLgvA9cS8EYvcut0j20FLits
5D5D2A6+9hfzuFUsxD94ZUbBbracxKmC8ZtIyd/2fTwUmndLIEkLy7b437wpSvyP
7vm6XoYdfWIw1cicbnuzxhRZqGPVYyLBmvka1Slth7G0VUhh3G3JXOOfHRtYuNiX
JQjSv+Tie3MhZM8eTkiKWy6pdO61kPwBOmxt5Z7Xwy1Ba+jhqRp0LGZUdT8eprt0
wQs0SKWndZ6s86zjbQvk6W7vdpdzaI1/xWYXmNvgPQCnPjQpx9w+PYFDQ7SqMFi4
6bfXtPm2n7iNR/889Ts+DlTHVxCT9G/MCODOLxm1Lg74
-----END CERTIFICATE-----