Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/fggv8rDz7Tlize6_Ns0BwlS3yQQ.roa
File:                     fggv8rDz7Tlize6_Ns0BwlS3yQQ.roa (raw, json)
Hash identifier:          y3vIL9Wv6po0YzvdwBlJA80iAq4p2eHnlz2oxO+gnak=
Subject key identifier:   7E:08:2F:F2:B0:F3:ED:39:62:CD:EE:BF:36:CD:01:C2:54:B7:C9:04
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D2F2BA60D1F7FCFE4EFB6A9346934
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/fggv8rDz7Tlize6_Ns0BwlS3yQQ.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        93.113.180.0/24 maxlen: 24
                          89.43.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2f:2b:a6:0d:1f:7f:cf:e4:ef:b6:a9:34:69:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e082ff2b0f3ed3962cdeebf36cd01c254b7c904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:39:bf:e6:6c:e7:bf:2f:10:11:81:2f:1e:ba:
                    d6:d0:0a:84:08:d3:59:c9:98:cc:fd:fb:1b:b0:5e:
                    52:9a:89:9d:4d:cf:04:e4:8c:74:cf:3d:23:1e:9f:
                    f9:4a:a0:9f:e5:25:4c:e7:2d:f2:37:b6:51:cc:15:
                    19:fc:18:47:7f:3f:ec:79:be:3f:1d:c3:de:ec:d9:
                    9c:30:79:a1:5e:07:80:05:2a:12:99:41:79:7e:0c:
                    8f:04:0e:43:8e:59:f3:0d:ec:68:e3:c2:92:c3:8a:
                    1f:61:14:ee:44:6b:4b:41:4b:e2:80:e0:f1:06:94:
                    51:7c:04:ec:db:9c:fa:8c:9d:42:fc:00:9b:47:eb:
                    8d:ff:13:e3:77:96:68:54:58:70:86:8c:e4:3c:39:
                    2d:78:5f:4e:d2:0c:18:0f:cd:a1:fa:cc:9b:9c:6d:
                    ca:51:d1:de:d4:ee:6b:6c:2a:59:d2:af:15:65:6f:
                    7e:57:1f:94:5b:b5:91:d7:03:87:af:43:12:b6:90:
                    6a:f8:58:25:71:89:57:5c:4b:36:f6:d3:93:fd:fc:
                    66:e0:87:29:aa:b7:4c:ec:77:bc:cb:d7:6e:41:79:
                    d0:53:97:7d:2b:ad:e5:66:6b:bf:78:41:52:0e:f4:
                    22:bc:15:28:3e:fb:70:73:b9:ac:e3:8d:d2:b9:6a:
                    e8:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:08:2F:F2:B0:F3:ED:39:62:CD:EE:BF:36:CD:01:C2:54:B7:C9:04
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/fggv8rDz7Tlize6_Ns0BwlS3yQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.141.0/24
                  93.113.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:02:43:85:19:94:29:d7:d2:f4:d8:9d:1f:52:79:c4:48:3c:
         ec:e3:c8:23:bb:d6:d3:41:ac:2f:19:3f:ea:07:93:2b:9c:3b:
         39:a1:1e:52:ad:9b:da:41:c8:84:96:1a:8c:00:1c:ba:10:54:
         be:64:6a:23:18:cf:3f:21:8b:42:12:52:a6:2f:65:02:24:06:
         04:bd:5a:e9:de:a7:2b:b4:c3:49:30:34:0d:db:bc:2c:d7:b0:
         4d:6f:35:5c:0b:6d:0f:39:dc:e3:43:bb:87:81:45:bd:7e:5f:
         31:72:ed:ac:dc:57:fb:d5:33:c2:db:7a:a1:3b:0b:6c:8d:91:
         b1:72:6e:bd:ed:bb:5b:eb:df:29:86:cb:9c:b8:fb:8d:99:69:
         d7:87:14:6f:de:d8:3f:3b:66:90:4b:7d:9d:4a:f8:c8:e9:8c:
         39:84:43:70:e6:a5:01:cc:08:0e:ca:ac:93:70:45:be:91:15:
         ae:e7:bf:0c:69:49:a9:2a:0e:7f:c7:a3:b0:c4:78:3b:0c:52:
         77:30:7e:a7:57:fb:0d:9c:ad:e1:34:ae:d8:94:ea:18:6c:ce:
         1b:f4:7b:a5:9c:60:b3:52:9d:6c:20:fa:a5:58:2d:02:a1:37:
         9c:2a:b9:18:87:4c:8e:2d:7d:c5:13:2a:5f:22:aa:45:d5:c1:
         25:61:85:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbS8rpg0ff8/k77apNGk0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTA4MmZmMmIwZjNlZDM5NjJjZGVlYmYzNmNkMDFjMjU0YjdjOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDm/5mznvy8QEYEvHrrW0AqECNNZ
yZjM/fsbsF5SmomdTc8E5Ix0zz0jHp/5SqCf5SVM5y3yN7ZRzBUZ/BhHfz/seb4/
HcPe7NmcMHmhXgeABSoSmUF5fgyPBA5DjlnzDexo48KSw4ofYRTuRGtLQUvigODx
BpRRfATs25z6jJ1C/ACbR+uN/xPjd5ZoVFhwhozkPDkteF9O0gwYD82h+sybnG3K
UdHe1O5rbCpZ0q8VZW9+Vx+UW7WR1wOHr0MStpBq+FglcYlXXEs29tOT/fxm4Icp
qrdM7He8y9duQXnQU5d9K63lZmu/eEFSDvQivBUoPvtwc7ms443SuWroRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH4IL/Kw8+05Ys3uvzbNAcJUt8kEMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvZmdndjhyRHo3VGxpemU2X05zMEJ3bFMzeVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSuNAwQA
XXG0MA0GCSqGSIb3DQEBCwUAA4IBAQAPAkOFGZQp19L02J0fUnnESDzs48gju9bT
QawvGT/qB5MrnDs5oR5SrZvaQciElhqMABy6EFS+ZGojGM8/IYtCElKmL2UCJAYE
vVrp3qcrtMNJMDQN27ws17BNbzVcC20POdzjQ7uHgUW9fl8xcu2s3Ff71TPC23qh
OwtsjZGxcm697btb698phsucuPuNmWnXhxRv3tg/O2aQS32dSvjI6Yw5hENw5qUB
zAgOyqyTcEW+kRWu578MaUmpKg5/x6OwxHg7DFJ3MH6nV/sNnK3hNK7YlOoYbM4b
9HulnGCzUp1sIPqlWC0CoTecKrkYh0yOLX3FEypfIqpF1cElYYU4
-----END CERTIFICATE-----