Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ryLiwxT7HqNMdEba__wly8CmI54.roa
File:                     ryLiwxT7HqNMdEba__wly8CmI54.roa (raw, json)
Hash identifier:          XkJ5+IGut6+fNFJkJknrQyTPB1bKSOe8ZMaE038oQYY=
Subject key identifier:   AF:22:E2:C3:14:FB:1E:A3:4C:74:46:DA:FF:FC:25:CB:C0:A6:23:9E
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6CE5DA99B5DFA12033CBACFA11E77
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ryLiwxT7HqNMdEba__wly8CmI54.roa
Signing time:             Wed 01 Jan 2025 21:47:47 +0000
ROA not before:           Wed 01 Jan 2025 21:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214572
IP address blocks:        89.40.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ce:5d:a9:9b:5d:fa:12:03:3c:ba:cf:a1:1e:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af22e2c314fb1ea34c7446dafffc25cbc0a6239e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:9d:4a:2f:9a:63:7c:6a:47:92:42:a8:16:b7:
                    1a:3e:91:04:2d:a8:6f:a7:c6:88:19:5b:e0:32:96:
                    5e:2a:2c:ad:72:06:f7:b9:a5:9b:77:26:bd:07:e6:
                    66:bf:52:62:3c:d0:65:40:8f:9d:12:e9:1a:58:73:
                    d9:ad:91:8e:4d:17:c9:60:56:7a:d8:40:f7:f0:b8:
                    c0:53:ea:95:16:ab:6d:0a:54:47:d4:5f:46:27:b6:
                    3b:0c:e8:c5:61:19:ee:0b:95:91:e1:82:18:64:51:
                    8b:b4:91:28:6d:86:d0:8c:31:eb:40:7f:07:f8:e8:
                    a3:9d:d7:18:b3:db:0a:c2:62:e0:62:04:f0:17:ea:
                    f1:f8:2a:64:7e:70:63:9f:5d:fc:11:89:72:2b:ed:
                    e8:7a:5a:97:85:67:76:9d:ec:3b:66:8b:36:bc:fc:
                    db:0e:70:49:a5:82:f0:6b:53:a0:36:ed:9f:0e:af:
                    f7:a4:80:cd:3b:6c:61:04:07:cd:e2:02:60:53:e8:
                    5a:81:5c:ed:f7:ab:94:a7:d1:7b:b3:a9:88:e9:94:
                    d3:e3:3f:15:c1:88:fb:b7:fd:bf:e2:33:fb:c4:ab:
                    43:be:44:ee:b9:aa:3c:ca:15:1c:b7:ed:dd:2d:c3:
                    4c:13:f3:2a:d1:63:b2:5c:b9:9f:0b:aa:c8:ff:f2:
                    89:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:22:E2:C3:14:FB:1E:A3:4C:74:46:DA:FF:FC:25:CB:C0:A6:23:9E
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ryLiwxT7HqNMdEba__wly8CmI54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:00:b8:f0:95:8e:52:08:2e:5d:73:84:b2:bd:1d:f1:d7:5d:
         cf:c5:21:0f:30:ab:71:9e:34:56:f3:75:f3:4b:c8:9d:39:f8:
         29:3b:1b:12:ad:f5:e4:b7:a2:f2:10:31:0f:34:fb:df:65:06:
         21:cf:ff:63:3c:4a:c2:d3:b5:84:e1:30:a0:44:3f:4a:a9:66:
         45:a1:fb:2d:c7:fc:d4:49:a5:3d:6c:e3:d2:aa:16:d5:7f:67:
         3d:4f:73:9a:f3:5d:93:29:17:97:5f:54:75:04:3e:1f:2d:64:
         ee:a9:37:7c:31:4e:28:8c:6e:d3:94:49:22:6d:6b:95:b8:bd:
         22:e3:9e:ef:7a:5c:4e:7f:c9:0a:06:c5:b6:4d:55:1b:77:c9:
         32:ce:e8:da:01:56:7a:19:1b:58:a5:e6:8d:2c:71:3e:ac:56:
         98:91:cf:ee:62:6f:c2:59:0a:9b:61:4f:df:5b:23:ba:b1:6c:
         9e:ad:89:be:a5:db:91:ee:0f:86:4d:98:94:41:09:84:f1:eb:
         9b:c8:42:1b:25:9e:0a:78:04:a3:c0:b4:61:a0:69:5d:ef:3f:
         b3:45:5c:ba:80:83:cb:20:ba:de:e6:27:20:d3:0a:1c:fe:90:
         f6:46:69:09:20:56:d2:f1:c6:e0:83:8a:96:ab:be:83:85:2e:
         9b:be:87:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1s5dqZtd+hIDPLrPoR53MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjIyZTJjMzE0ZmIxZWEzNGM3NDQ2ZGFmZmZjMjVjYmMwYTYyMzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2p1KL5pjfGpHkkKoFrcaPpEELahv
p8aIGVvgMpZeKiytcgb3uaWbdya9B+Zmv1JiPNBlQI+dEukaWHPZrZGOTRfJYFZ6
2ED38LjAU+qVFqttClRH1F9GJ7Y7DOjFYRnuC5WR4YIYZFGLtJEobYbQjDHrQH8H
+OijndcYs9sKwmLgYgTwF+rx+CpkfnBjn138EYlyK+3oelqXhWd2new7Zos2vPzb
DnBJpYLwa1OgNu2fDq/3pIDNO2xhBAfN4gJgU+hagVzt96uUp9F7s6mI6ZTT4z8V
wYj7t/2/4jP7xKtDvkTuuao8yhUct+3dLcNME/Mq0WOyXLmfC6rI//KJcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8i4sMU+x6jTHRG2v/8JcvApiOeMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvcnlMaXd4VDdIcU5NZEViYV9fd2x5OENtSTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWShTMA0G
CSqGSIb3DQEBCwUAA4IBAQATALjwlY5SCC5dc4SyvR3x113PxSEPMKtxnjRW83Xz
S8idOfgpOxsSrfXkt6LyEDEPNPvfZQYhz/9jPErC07WE4TCgRD9KqWZFofstx/zU
SaU9bOPSqhbVf2c9T3Oa812TKReXX1R1BD4fLWTuqTd8MU4ojG7TlEkibWuVuL0i
457velxOf8kKBsW2TVUbd8kyzujaAVZ6GRtYpeaNLHE+rFaYkc/uYm/CWQqbYU/f
WyO6sWyerYm+pduR7g+GTZiUQQmE8eubyEIbJZ4KeASjwLRhoGld7z+zRVy6gIPL
ILre5icg0woc/pD2RmkJIFbS8cbgg4qWq76DhS6bvofU
-----END CERTIFICATE-----