Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/cveFRGgjXhKCyd5-CnpulpF4r4A.roa
File:                     cveFRGgjXhKCyd5-CnpulpF4r4A.roa (raw, json)
Hash identifier:          3wCDUnH0TcGvOhLbWZVmuErWkIQ19hw/OwbsiTKS/ik=
Subject key identifier:   72:F7:85:44:68:23:5E:12:82:C9:DE:7E:0A:7A:6E:96:91:78:AF:80
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0190EC55810D13208290DF545EFA2F97D466
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/cveFRGgjXhKCyd5-CnpulpF4r4A.roa
Signing time:             Thu 25 Jul 2024 23:59:04 +0000
ROA not before:           Thu 25 Jul 2024 23:59:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21840
IP address blocks:        89.42.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ec:55:81:0d:13:20:82:90:df:54:5e:fa:2f:97:d4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jul 25 23:59:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72f7854468235e1282c9de7e0a7a6e969178af80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:71:f2:e8:cf:c6:56:d5:fc:55:5b:d3:e6:25:
                    cb:e0:d8:89:2a:90:c6:d7:5a:85:91:08:5d:fc:a8:
                    ad:0f:6d:4b:95:52:29:11:4e:84:84:79:e0:c7:32:
                    3e:a7:c0:c6:22:37:d6:d0:00:d4:95:20:ea:ea:29:
                    fa:84:31:bd:e8:14:b4:47:ee:9a:32:ba:ef:68:91:
                    c5:2a:24:6a:64:8c:f0:3d:75:18:89:77:db:35:52:
                    03:48:15:f0:cd:a6:29:ed:23:33:17:5e:81:4b:9d:
                    46:cb:d4:fd:30:79:ba:05:44:64:f7:80:d9:88:fe:
                    1b:1a:9e:cb:8e:b3:18:c1:75:3e:10:2b:40:84:bd:
                    f2:86:dd:a4:fa:0a:35:85:2d:5c:d5:71:00:86:93:
                    27:ac:96:69:4e:49:ce:b6:75:f5:de:cc:2c:de:34:
                    75:23:e8:79:07:f3:cf:9b:96:64:5b:45:2f:26:c1:
                    48:35:8e:a8:4a:5c:dc:21:42:b1:58:b1:60:22:9b:
                    82:bb:98:a7:eb:b0:db:da:0c:6e:b4:aa:74:a9:ba:
                    84:ca:87:32:8e:2b:3c:2a:22:03:ff:9b:fe:57:f8:
                    83:28:f0:ab:18:e0:41:cc:04:63:ff:39:54:87:43:
                    09:87:36:8a:12:f2:b2:11:33:33:57:70:b6:03:e3:
                    f8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F7:85:44:68:23:5E:12:82:C9:DE:7E:0A:7A:6E:96:91:78:AF:80
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/cveFRGgjXhKCyd5-CnpulpF4r4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:85:1d:22:e8:26:f5:30:5f:81:94:60:15:49:c9:2d:96:f8:
         37:47:4c:f0:ea:4d:76:48:33:2f:3e:b2:3e:99:60:ab:37:47:
         d1:16:41:bd:fd:e4:dc:4f:cf:78:68:45:c7:b1:03:53:43:18:
         06:30:fb:be:ed:d5:bc:dd:24:78:30:a3:77:69:69:e8:77:8f:
         3f:e3:5c:6d:44:bb:37:f5:55:07:a0:e5:c5:24:35:1e:ad:6b:
         30:9b:a1:f1:60:57:ee:e6:d8:c0:7b:c0:ad:db:ab:e6:8f:e9:
         a3:63:94:45:45:2d:35:ca:4d:f1:69:a0:66:7a:92:dd:71:ef:
         6d:6f:ec:a1:6a:ba:48:05:54:d7:65:02:4f:91:0f:ec:f9:4b:
         b9:5f:3e:b7:27:f3:48:25:53:c6:34:ca:36:e3:88:08:d2:4b:
         30:a8:52:1a:3a:5a:ce:4f:ed:6e:5f:44:8d:0b:66:d3:96:65:
         5c:8b:e7:a9:dc:3c:28:06:06:d0:2d:bd:b1:2d:e0:a2:5b:64:
         9a:61:a7:62:73:b5:e5:c0:eb:4d:92:cc:b6:7c:af:61:31:a0:
         eb:cf:d7:6c:1e:e0:cf:34:93:2b:c0:9e:b7:7f:3d:8d:45:fa:
         44:4e:72:52:68:74:f9:a5:50:5d:e0:75:c9:f8:ed:e4:be:ad:
         8d:51:6c:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDsVYENEyCCkN9UXvovl9RmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwNzI1MjM1OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmY3ODU0NDY4MjM1ZTEyODJjOWRlN2UwYTdhNmU5NjkxNzhhZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHHy6M/GVtX8VVvT5iXL4NiJKpDG
11qFkQhd/KitD21LlVIpEU6EhHngxzI+p8DGIjfW0ADUlSDq6in6hDG96BS0R+6a
MrrvaJHFKiRqZIzwPXUYiXfbNVIDSBXwzaYp7SMzF16BS51Gy9T9MHm6BURk94DZ
iP4bGp7LjrMYwXU+ECtAhL3yht2k+go1hS1c1XEAhpMnrJZpTknOtnX13sws3jR1
I+h5B/PPm5ZkW0UvJsFINY6oSlzcIUKxWLFgIpuCu5in67Db2gxutKp0qbqEyocy
jis8KiID/5v+V/iDKPCrGOBBzARj/zlUh0MJhzaKEvKyETMzV3C2A+P4YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHL3hURoI14Sgsnefgp6bpaReK+AMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvY3ZlRlJHZ2pYaEtDeWQ1LUNucHVscEY0cjRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSpTMA0G
CSqGSIb3DQEBCwUAA4IBAQA/hR0i6Cb1MF+BlGAVScktlvg3R0zw6k12SDMvPrI+
mWCrN0fRFkG9/eTcT894aEXHsQNTQxgGMPu+7dW83SR4MKN3aWnod48/41xtRLs3
9VUHoOXFJDUerWswm6HxYFfu5tjAe8Ct26vmj+mjY5RFRS01yk3xaaBmepLdce9t
b+yharpIBVTXZQJPkQ/s+Uu5Xz63J/NIJVPGNMo244gI0kswqFIaOlrOT+1uX0SN
C2bTlmVci+ep3DwoBgbQLb2xLeCiW2SaYadic7XlwOtNksy2fK9hMaDrz9dsHuDP
NJMrwJ63fz2NRfpETnJSaHT5pVBd4HXJ+O3kvq2NUWxb
-----END CERTIFICATE-----