Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/fInsTNTJbxClD8KNrmOF_gVBOVc.roa
File:                     fInsTNTJbxClD8KNrmOF_gVBOVc.roa (raw, json)
Hash identifier:          oCP6MyJyzhBOsKZgZHOIhl4XkZymgHpRSyZOLBQSi2E=
Subject key identifier:   7C:89:EC:4C:D4:C9:6F:10:A5:0F:C2:8D:AE:63:85:FE:05:41:39:57
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018D45776FBAD0DC25B79D50C501965BC875
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/fInsTNTJbxClD8KNrmOF_gVBOVc.roa
Signing time:             Fri 26 Jan 2024 11:11:11 +0000
ROA not before:           Fri 26 Jan 2024 11:11:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199058
IP address blocks:        89.42.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:77:6f:ba:d0:dc:25:b7:9d:50:c5:01:96:5b:c8:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan 26 11:11:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c89ec4cd4c96f10a50fc28dae6385fe05413957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:62:fe:92:82:2e:64:49:d8:20:ff:cd:a3:93:
                    5c:46:49:10:a6:80:c8:08:98:d3:fd:54:53:50:62:
                    52:6b:c8:d8:5a:0b:23:f6:73:66:ec:f5:03:fd:46:
                    d4:e9:3d:9e:22:e7:6f:b2:da:ab:49:8c:c8:13:6b:
                    eb:1e:08:4e:af:c9:8e:6a:2d:27:4d:1d:ea:ce:49:
                    8e:5d:32:71:a4:c7:4f:23:b6:c1:f6:51:ed:83:0e:
                    e3:9e:a7:4d:a3:ef:87:65:34:ab:32:d1:fb:0e:bd:
                    e7:c5:e7:ae:17:07:3e:47:14:1a:4f:14:43:2e:5f:
                    02:2a:4b:1b:3a:c4:4e:88:d1:a7:ca:95:f6:d1:2e:
                    07:43:e6:48:c1:74:d5:f3:35:35:c0:5c:8b:2f:3b:
                    b3:9c:72:fb:6b:60:0e:b6:00:d2:81:3c:28:02:97:
                    29:e5:26:bb:f6:c7:e0:59:96:77:86:64:a9:5d:f6:
                    38:b3:63:a9:2d:51:93:97:00:83:03:e3:f5:9a:66:
                    b1:bb:da:fa:60:da:3f:1f:6c:d6:84:4f:fc:4c:f1:
                    f0:6d:fe:67:b9:d8:0a:ad:ec:24:4e:fb:1e:11:1e:
                    23:35:8c:2e:ce:02:e8:e0:67:de:08:a8:78:00:26:
                    d5:27:35:a3:3f:be:0e:36:10:81:c8:2b:c7:99:45:
                    fc:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:89:EC:4C:D4:C9:6F:10:A5:0F:C2:8D:AE:63:85:FE:05:41:39:57
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/fInsTNTJbxClD8KNrmOF_gVBOVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:2e:10:da:2e:03:03:b3:50:1f:82:41:90:b7:cb:6a:98:e3:
         09:ba:9b:bd:07:aa:9d:3d:d5:8d:71:55:1d:48:82:9a:04:b8:
         bb:4c:b2:8f:d1:cc:ec:83:f1:3d:a6:2d:11:ab:6d:4c:9b:06:
         a7:85:2d:75:68:08:72:c8:10:19:f1:88:50:81:ba:44:53:e7:
         e7:bb:3f:2f:46:93:64:38:ad:8a:56:bb:80:ab:df:01:92:39:
         61:0e:24:0c:a4:0e:6a:88:40:d6:3c:40:f6:58:3c:35:89:a0:
         5d:8b:c9:3a:d2:2c:35:ca:fd:53:2b:61:43:a2:e5:a9:db:57:
         5a:f4:79:bc:e0:d8:48:c7:46:63:91:47:9a:e8:91:7f:ab:cc:
         23:62:25:58:b4:7c:07:3a:a6:ca:87:36:52:9b:4a:a3:5f:fd:
         c3:92:97:82:b3:22:df:33:95:f3:b9:e6:16:43:ae:07:bf:d4:
         bf:20:23:78:16:4a:fc:da:b7:32:4b:b2:43:d1:73:3a:5a:5c:
         cd:54:07:a9:8c:e5:7e:23:c3:e6:39:a3:26:2a:0b:c4:b2:9e:
         c8:58:f1:57:0c:18:45:23:9c:ff:8f:85:1e:da:57:6f:2a:3b:
         83:04:13:47:7e:35:b9:f6:a9:e1:2d:58:fb:de:77:ce:24:b8:
         a2:c1:d3:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1Fd2+60Nwlt51QxQGWW8h1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTI2MTExMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg5ZWM0Y2Q0Yzk2ZjEwYTUwZmMyOGRhZTYzODVmZTA1NDEzOTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2L+koIuZEnYIP/No5NcRkkQpoDI
CJjT/VRTUGJSa8jYWgsj9nNm7PUD/UbU6T2eIudvstqrSYzIE2vrHghOr8mOai0n
TR3qzkmOXTJxpMdPI7bB9lHtgw7jnqdNo++HZTSrMtH7Dr3nxeeuFwc+RxQaTxRD
Ll8CKksbOsROiNGnypX20S4HQ+ZIwXTV8zU1wFyLLzuznHL7a2AOtgDSgTwoApcp
5Sa79sfgWZZ3hmSpXfY4s2OpLVGTlwCDA+P1mmaxu9r6YNo/H2zWhE/8TPHwbf5n
udgKrewkTvseER4jNYwuzgLo4GfeCKh4ACbVJzWjP74ONhCByCvHmUX8vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyJ7EzUyW8QpQ/Cja5jhf4FQTlXMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvZkluc1ROVEpieENsRDhLTnJtT0ZfZ1ZCT1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSqOMA0G
CSqGSIb3DQEBCwUAA4IBAQAwLhDaLgMDs1AfgkGQt8tqmOMJupu9B6qdPdWNcVUd
SIKaBLi7TLKP0czsg/E9pi0Rq21MmwanhS11aAhyyBAZ8YhQgbpEU+fnuz8vRpNk
OK2KVruAq98BkjlhDiQMpA5qiEDWPED2WDw1iaBdi8k60iw1yv1TK2FDouWp21da
9Hm84NhIx0ZjkUea6JF/q8wjYiVYtHwHOqbKhzZSm0qjX/3DkpeCsyLfM5XzueYW
Q64Hv9S/ICN4Fkr82rcyS7JD0XM6WlzNVAepjOV+I8PmOaMmKgvEsp7IWPFXDBhF
I5z/j4Ue2ldvKjuDBBNHfjW59qnhLVj73nfOJLiiwdOK
-----END CERTIFICATE-----