Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/naJUwG6_uo19QOgSU4l-P7Z0mXg.roa
File:                     naJUwG6_uo19QOgSU4l-P7Z0mXg.roa (raw, json)
Hash identifier:          UCxggc1KE75CIle0nZfnFtfDcWXbFYMsCCZRa1IYu1o=
Subject key identifier:   9D:A2:54:C0:6E:BF:BA:8D:7D:40:E8:12:53:89:7E:3F:B6:74:99:78
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0192CDA8AF2FE685C2EF54A531E43B33F823
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/naJUwG6_uo19QOgSU4l-P7Z0mXg.roa
Signing time:             Sun 27 Oct 2024 11:07:17 +0000
ROA not before:           Sun 27 Oct 2024 11:07:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53616
IP address blocks:        93.114.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:cd:a8:af:2f:e6:85:c2:ef:54:a5:31:e4:3b:33:f8:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 27 11:07:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9da254c06ebfba8d7d40e81253897e3fb6749978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2c:5b:46:e8:02:2b:64:0e:b2:f3:d8:ba:dd:
                    79:bb:97:c9:db:7e:26:8f:61:29:36:42:35:1f:80:
                    80:b6:18:e1:12:b9:ca:8e:5a:36:ce:29:88:79:30:
                    8b:44:e1:1e:83:4f:ce:01:4a:fa:d5:5e:9e:e6:5d:
                    31:50:e0:70:2d:49:d6:69:de:e2:60:ea:05:5c:2e:
                    17:6d:d5:35:9b:1a:f5:8d:34:64:6a:69:b4:3a:72:
                    e3:bb:cc:5b:fd:3a:50:4a:f7:90:c5:03:2c:fe:c9:
                    3d:82:2d:ca:b6:22:66:41:06:91:e2:14:49:fe:57:
                    d2:6e:65:46:3e:f5:81:c9:67:7c:2d:78:46:0d:bd:
                    22:d0:a2:e4:5b:f6:44:a3:42:0a:ed:bd:ff:25:cf:
                    d8:e2:39:1b:7c:7d:03:a5:bb:f7:45:c0:f6:e8:13:
                    03:10:00:34:67:95:8a:78:e7:6a:37:97:b5:79:db:
                    5f:fd:11:5d:d7:fd:c0:af:2d:d3:3c:b3:10:85:cb:
                    5f:9d:9c:5c:f9:37:2a:99:fb:cb:7f:41:96:21:aa:
                    9d:35:ae:32:5b:7e:c8:ba:a6:5f:48:68:a0:88:7b:
                    08:d9:8e:7c:87:2b:df:7e:83:44:6a:d1:06:8a:bb:
                    40:57:98:c0:80:e4:1f:99:03:b8:9f:09:b4:f0:f1:
                    68:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:A2:54:C0:6E:BF:BA:8D:7D:40:E8:12:53:89:7E:3F:B6:74:99:78
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/naJUwG6_uo19QOgSU4l-P7Z0mXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:de:19:61:21:b6:56:41:b6:81:ad:7a:6a:34:a2:8f:a3:86:
         f4:2b:c7:07:cd:1e:e6:0f:c1:0a:e5:7d:43:8c:3b:52:bc:f8:
         01:b9:65:a1:2e:bb:0e:5c:f5:29:5f:be:5d:39:32:64:a1:66:
         21:da:d4:51:69:79:e6:b1:aa:64:45:0e:e1:cf:cc:4e:65:26:
         39:40:40:2c:73:2e:86:01:02:7e:76:26:74:6d:62:9a:cf:91:
         9e:d9:e1:33:9d:72:ea:1c:1c:17:3e:37:b0:6d:31:23:48:28:
         36:93:db:c8:91:2c:e5:90:18:97:85:c0:6c:4f:f0:a3:0a:1e:
         dc:10:09:da:38:c8:50:a7:c5:82:82:fd:eb:f1:84:4c:f5:b1:
         4d:a1:42:53:77:7b:8f:65:cc:32:ea:45:6c:3f:97:00:a1:2b:
         e3:b6:83:96:74:74:07:23:c7:c0:98:81:64:1d:22:e1:6a:7d:
         7e:99:bf:14:32:02:60:2b:3a:a5:3a:f9:19:92:52:99:84:1b:
         55:b7:64:c6:51:c7:d2:39:36:b0:03:17:88:4c:1c:9a:56:e8:
         bc:a1:8b:a1:64:c7:31:5a:60:7e:86:fd:d3:34:69:46:86:a4:
         6a:ad:f2:a6:f2:de:59:e4:77:d2:d7:d2:48:3b:b4:92:dd:2a:
         c3:7d:00:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLNqK8v5oXC71SlMeQ7M/gjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQxMDI3MTEwNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGEyNTRjMDZlYmZiYThkN2Q0MGU4MTI1Mzg5N2UzZmI2NzQ5OTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCxbRugCK2QOsvPYut15u5fJ234m
j2EpNkI1H4CAthjhErnKjlo2zimIeTCLROEeg0/OAUr61V6e5l0xUOBwLUnWad7i
YOoFXC4XbdU1mxr1jTRkamm0OnLju8xb/TpQSveQxQMs/sk9gi3KtiJmQQaR4hRJ
/lfSbmVGPvWByWd8LXhGDb0i0KLkW/ZEo0IK7b3/Jc/Y4jkbfH0Dpbv3RcD26BMD
EAA0Z5WKeOdqN5e1edtf/RFd1/3Ary3TPLMQhctfnZxc+TcqmfvLf0GWIaqdNa4y
W37IuqZfSGigiHsI2Y58hyvffoNEatEGirtAV5jAgOQfmQO4nwm08PFoyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2iVMBuv7qNfUDoElOJfj+2dJl4MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvbmFKVXdHNl91bzE5UU9nU1U0bC1QN1owbVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXJZMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ3hlhIbZWQbaBrXpqNKKPo4b0K8cHzR7mD8EK5X1D
jDtSvPgBuWWhLrsOXPUpX75dOTJkoWYh2tRRaXnmsapkRQ7hz8xOZSY5QEAscy6G
AQJ+diZ0bWKaz5Ge2eEznXLqHBwXPjewbTEjSCg2k9vIkSzlkBiXhcBsT/CjCh7c
EAnaOMhQp8WCgv3r8YRM9bFNoUJTd3uPZcwy6kVsP5cAoSvjtoOWdHQHI8fAmIFk
HSLhan1+mb8UMgJgKzqlOvkZklKZhBtVt2TGUcfSOTawAxeITByaVui8oYuhZMcx
WmB+hv3TNGlGhqRqrfKm8t5Z5HfS19JIO7SS3SrDfQBx
-----END CERTIFICATE-----