Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/tMvo7YDmip-oGyvLrMhezNiInKk.roa
File:                     tMvo7YDmip-oGyvLrMhezNiInKk.roa (raw, json)
Hash identifier:          1l9x/pu3/PdZtWoOVOvY++OKx5Xuk+k2WiHglQqOirw=
Subject key identifier:   B4:CB:E8:ED:80:E6:8A:9F:A8:1B:2B:CB:AC:C8:5E:CC:D8:88:9C:A9
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0192CE48E6A0A99EE25A784B24B209604E67
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/tMvo7YDmip-oGyvLrMhezNiInKk.roa
Signing time:             Sun 27 Oct 2024 14:02:17 +0000
ROA not before:           Sun 27 Oct 2024 14:02:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ce:48:e6:a0:a9:9e:e2:5a:78:4b:24:b2:09:60:4e:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 27 14:02:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4cbe8ed80e68a9fa81b2bcbacc85eccd8889ca9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:04:06:9c:95:35:84:dc:0b:e1:2c:77:72:3c:
                    3b:2f:7b:51:12:bc:3f:47:fe:41:ff:fb:60:23:1e:
                    c2:2c:48:2e:da:48:a8:9c:16:e7:fb:4c:8c:83:e9:
                    89:71:53:f2:c9:74:bc:36:34:0d:a6:c8:d2:7a:71:
                    fc:5b:22:07:d0:9b:cd:31:54:43:3c:c2:3a:2a:20:
                    26:e5:0a:15:21:30:0c:a7:39:36:7b:76:1e:e9:cc:
                    ce:ea:b9:39:31:09:3d:6e:4a:fe:a5:e8:98:e7:94:
                    76:df:c0:47:33:3d:7b:8c:19:88:42:09:70:b7:c6:
                    39:a7:44:03:85:93:d2:0d:58:df:ff:bb:3c:97:1b:
                    34:ee:8c:2f:d8:f0:43:d8:6e:9d:67:29:e8:8c:58:
                    41:04:10:db:23:ef:83:d1:5e:57:f5:2b:07:ec:08:
                    e8:27:e4:12:a4:cc:9c:b1:27:4c:69:49:c1:7b:a4:
                    73:a1:6a:7d:0d:ef:1a:f1:04:2d:03:66:47:e2:55:
                    b7:76:75:19:6e:3f:a8:61:10:a3:04:26:3a:e9:6f:
                    f3:94:35:47:61:b9:49:5a:4f:bd:d7:e7:b2:57:f9:
                    9d:90:1a:a2:7e:7d:35:2b:99:bd:bc:64:75:b1:bb:
                    54:61:74:ff:08:67:54:11:c2:60:da:00:75:f2:74:
                    e5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:CB:E8:ED:80:E6:8A:9F:A8:1B:2B:CB:AC:C8:5E:CC:D8:88:9C:A9
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/tMvo7YDmip-oGyvLrMhezNiInKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.81.0-89.42.83.255

    Signature Algorithm: sha256WithRSAEncryption
         7c:0a:e3:e6:d6:62:d6:fc:72:2f:41:51:6b:3c:9c:d7:4e:4c:
         f7:f8:d3:fc:b8:e2:c9:f6:34:64:b9:65:c5:2b:c8:2c:e8:13:
         65:a9:e6:41:54:b7:81:31:ff:ed:3b:51:6f:2d:fc:eb:13:c6:
         c6:28:1f:b7:7e:c0:38:ec:0f:29:9b:84:15:24:32:1c:ca:a4:
         1d:ed:46:38:f0:da:e5:ed:44:80:a2:c7:3b:ac:a4:b2:00:25:
         2f:de:ea:09:f5:89:15:90:77:f3:78:0c:95:9b:5a:5f:b0:1e:
         58:7a:0d:02:c9:96:bd:b6:99:d4:d6:43:30:ac:55:3c:25:38:
         e8:70:7a:5d:c1:1f:f3:f8:cb:4c:f6:56:55:c6:05:3d:7d:8a:
         21:fd:35:50:dc:d1:3f:33:c4:9d:20:7e:03:b2:ea:3e:d3:ca:
         3f:40:98:c2:e5:61:da:7d:78:f8:6a:20:31:3a:71:bb:01:f3:
         d0:30:68:4d:40:6f:68:d0:c3:57:ab:4c:29:b3:fa:f9:7c:e3:
         a2:bb:5d:0d:9c:f0:a0:8b:34:70:dd:1b:64:2e:d0:7d:42:51:
         32:cd:c7:87:8f:57:0a:54:de:eb:00:e4:7b:74:07:cc:bf:45:
         e2:5f:f2:cd:38:00:bd:ab:0f:b8:cd:e8:fa:b8:d9:76:6b:37:
         10:ef:40:62
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZLOSOagqZ7iWnhLJLIJYE5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQxMDI3MTQwMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGNiZThlZDgwZTY4YTlmYTgxYjJiY2JhY2M4NWVjY2Q4ODg5Y2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QQGnJU1hNwL4Sx3cjw7L3tRErw/
R/5B//tgIx7CLEgu2kionBbn+0yMg+mJcVPyyXS8NjQNpsjSenH8WyIH0JvNMVRD
PMI6KiAm5QoVITAMpzk2e3Ye6czO6rk5MQk9bkr+peiY55R238BHMz17jBmIQglw
t8Y5p0QDhZPSDVjf/7s8lxs07owv2PBD2G6dZynojFhBBBDbI++D0V5X9SsH7Ajo
J+QSpMycsSdMaUnBe6RzoWp9De8a8QQtA2ZH4lW3dnUZbj+oYRCjBCY66W/zlDVH
YblJWk+91+eyV/mdkBqifn01K5m9vGR1sbtUYXT/CGdUEcJg2gB18nTl6QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLTL6O2A5oqfqBsry6zIXszYiJypMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvdE12bzdZRG1pcC1vR3l2THJNaGV6TmlJbktrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZKlED
BAJZKlAwDQYJKoZIhvcNAQELBQADggEBAHwK4+bWYtb8ci9BUWs8nNdOTPf40/y4
4sn2NGS5ZcUryCzoE2Wp5kFUt4Ex/+07UW8t/OsTxsYoH7d+wDjsDymbhBUkMhzK
pB3tRjjw2uXtRICixzuspLIAJS/e6gn1iRWQd/N4DJWbWl+wHlh6DQLJlr22mdTW
QzCsVTwlOOhwel3BH/P4y0z2VlXGBT19iiH9NVDc0T8zxJ0gfgOy6j7Tyj9AmMLl
Ydp9ePhqIDE6cbsB89AwaE1Ab2jQw1erTCmz+vl846K7XQ2c8KCLNHDdG2Qu0H1C
UTLNx4ePVwpU3usA5Ht0B8y/ReJf8s04AL2rD7jN6Pq42XZrNxDvQGI=
-----END CERTIFICATE-----