Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/YA0wRSCH_8hZ2rQyKKf9fNvvBfU.roa
File:                     YA0wRSCH_8hZ2rQyKKf9fNvvBfU.roa (raw, json)
Hash identifier:          BTSXKAzAP2y30YMEHGkjTCTo8BloGgn+HgJWAztzGPo=
Subject key identifier:   60:0D:30:45:20:87:FF:C8:59:DA:B4:32:28:A7:FD:7C:DB:EF:05:F5
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6B3427E0F8BC04FFA32A498B27CC8
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/YA0wRSCH_8hZ2rQyKKf9fNvvBfU.roa
Signing time:             Wed 01 Jan 2025 21:47:40 +0000
ROA not before:           Wed 01 Jan 2025 21:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3223
IP address blocks:        89.41.179.0/24 maxlen: 24
                          89.47.233.0/24 maxlen: 24
                          188.240.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b3:42:7e:0f:8b:c0:4f:fa:32:a4:98:b2:7c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=600d30452087ffc859dab43228a7fd7cdbef05f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:64:84:a3:e1:fb:d2:e3:df:27:a8:e6:db:66:
                    b2:71:d5:b7:2b:6d:1c:d0:ac:13:34:ec:0f:d5:13:
                    82:ba:50:82:e6:f7:49:c3:d5:f3:59:93:f2:91:97:
                    af:59:4e:6e:d5:f4:12:2c:ce:59:da:e6:94:3d:e4:
                    6d:4c:b7:30:e7:1c:b7:db:a7:9f:02:bc:43:db:bd:
                    f2:e7:88:f1:51:e9:bc:29:bc:a8:9c:80:0f:96:b5:
                    d4:90:05:13:d3:d4:2a:b6:f5:53:e8:e8:c9:c5:d2:
                    9c:cc:26:8a:7a:79:0f:05:f5:56:24:7a:bd:a6:00:
                    e9:3a:43:ed:1b:65:01:17:63:4f:fb:5e:d3:76:f8:
                    20:3b:a0:15:bf:4e:14:93:cf:59:22:58:f4:f6:43:
                    26:99:2e:b0:a8:b0:78:94:82:c2:84:11:30:70:34:
                    7d:ec:ec:aa:e3:4e:15:eb:8c:08:f1:1d:a8:c0:72:
                    e6:8e:1c:bc:ae:20:b6:61:51:96:90:a3:ad:3a:39:
                    fe:2b:93:de:84:85:41:ca:cb:1e:24:84:c6:a4:73:
                    85:11:99:7a:a7:0b:2c:99:3c:c9:96:0f:73:e7:89:
                    4d:fd:7d:ad:8d:a8:c0:80:2c:e9:82:50:f5:8b:e4:
                    da:7d:90:40:36:b7:d6:05:35:a2:e8:3a:0f:f1:a8:
                    76:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:0D:30:45:20:87:FF:C8:59:DA:B4:32:28:A7:FD:7C:DB:EF:05:F5
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/YA0wRSCH_8hZ2rQyKKf9fNvvBfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.41.179.0/24
                  89.47.233.0/24
                  188.240.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:d7:40:04:4a:5b:19:59:64:b3:db:4a:c6:2c:dc:bc:a4:48:
         8c:59:c8:60:e6:a4:de:14:ae:4e:ba:d5:2d:c7:d7:a3:50:4a:
         9b:f4:a5:0c:89:60:8d:fe:cc:0a:a8:1a:e7:ff:4f:db:ac:be:
         98:b8:44:db:f3:b0:bb:9a:67:99:fd:1f:48:e3:bc:1b:a4:94:
         28:fc:2c:3c:79:e0:47:21:ef:94:26:61:1d:75:c1:ad:63:9e:
         68:91:c8:86:7d:56:f2:3c:3c:1f:9f:f4:21:0a:f5:9b:43:96:
         28:e4:31:3f:20:7f:bf:f0:1d:29:d0:6f:8c:41:d9:d7:ec:b8:
         63:cb:22:3d:57:b9:17:fe:04:03:c5:60:b5:a1:7e:32:03:c3:
         2d:60:8d:4a:e0:46:f1:28:bf:cf:ae:d7:2e:04:2c:11:9a:3e:
         0a:de:bc:66:7a:0c:97:cc:c1:16:78:fc:08:a6:db:f7:1e:8c:
         dc:04:f9:e8:ec:cc:95:9d:79:8b:f2:f4:79:53:a8:62:e0:5e:
         00:c3:fc:73:ac:c3:a0:e1:9c:5e:66:75:24:a5:7d:a0:77:14:
         e5:f7:67:9a:a1:cd:86:09:81:2f:ec:71:ce:30:22:21:c2:4e:
         97:fd:3a:9d:04:60:6f:ea:35:5e:ba:f8:df:a4:32:44:90:52:
         ae:e8:7e:9e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQj1rNCfg+LwE/6MqSYsnzIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDBkMzA0NTIwODdmZmM4NTlkYWI0MzIyOGE3ZmQ3Y2RiZWYwNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymSEo+H70uPfJ6jm22aycdW3K20c
0KwTNOwP1ROCulCC5vdJw9XzWZPykZevWU5u1fQSLM5Z2uaUPeRtTLcw5xy326ef
ArxD273y54jxUem8KbyonIAPlrXUkAUT09QqtvVT6OjJxdKczCaKenkPBfVWJHq9
pgDpOkPtG2UBF2NP+17TdvggO6AVv04Uk89ZIlj09kMmmS6wqLB4lILChBEwcDR9
7Oyq404V64wI8R2owHLmjhy8riC2YVGWkKOtOjn+K5PehIVBysseJITGpHOFEZl6
pwssmTzJlg9z54lN/X2tjajAgCzpglD1i+TafZBANrfWBTWi6DoP8ah2yQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGANMEUgh//IWdq0Miin/Xzb7wX1MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWUEwd1JTQ0hfOGhaMnJReUtLZjlmTnZ2QmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSmzAwQA
WS/pAwQAvPDSMA0GCSqGSIb3DQEBCwUAA4IBAQAG10AESlsZWWSz20rGLNy8pEiM
Wchg5qTeFK5OutUtx9ejUEqb9KUMiWCN/swKqBrn/0/brL6YuETb87C7mmeZ/R9I
47wbpJQo/Cw8eeBHIe+UJmEddcGtY55okciGfVbyPDwfn/QhCvWbQ5Yo5DE/IH+/
8B0p0G+MQdnX7LhjyyI9V7kX/gQDxWC1oX4yA8MtYI1K4EbxKL/PrtcuBCwRmj4K
3rxmegyXzMEWePwIptv3HozcBPno7MyVnXmL8vR5U6hi4F4Aw/xzrMOg4ZxeZnUk
pX2gdxTl92eaoc2GCYEv7HHOMCIhwk6X/TqdBGBv6jVeuvjfpDJEkFKu6H6e
-----END CERTIFICATE-----