Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/wt64zAwxxABLKzSeH7CGLQTmJGE.roa
File:                     wt64zAwxxABLKzSeH7CGLQTmJGE.roa (raw, json)
Hash identifier:          c/67sVC+EyGmnCjzuw6j0q05HoMAbIFEgqDvDgMeGUE=
Subject key identifier:   C2:DE:B8:CC:0C:31:C4:00:4B:2B:34:9E:1F:B0:86:2D:04:E6:24:61
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018E7EE98E05554ECE349B3817E34C63F1CE
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/wt64zAwxxABLKzSeH7CGLQTmJGE.roa
Signing time:             Wed 27 Mar 2024 07:56:59 +0000
ROA not before:           Wed 27 Mar 2024 07:56:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        89.37.196.0/24 maxlen: 24
                          89.47.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7e:e9:8e:05:55:4e:ce:34:9b:38:17:e3:4c:63:f1:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar 27 07:56:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2deb8cc0c31c4004b2b349e1fb0862d04e62461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3c:85:77:ac:ef:9f:f9:c9:58:3d:43:30:91:
                    8d:dc:1b:dc:71:7b:7e:3c:42:e3:5b:bb:43:32:76:
                    87:9b:a0:14:32:e4:2b:f8:83:07:c7:b4:4a:6f:cd:
                    c8:56:6f:b0:87:75:45:ff:32:b6:5f:42:f8:f8:1a:
                    33:85:de:a4:7e:d8:6c:7f:1b:1d:f2:cd:d6:ee:39:
                    e2:70:03:1c:a3:08:c4:d0:48:70:c3:79:4f:9f:8b:
                    73:61:46:a6:a0:5b:15:5d:da:92:d7:81:0f:60:14:
                    fa:2e:ac:ff:8c:c4:b9:7b:c6:a1:7f:08:c0:34:46:
                    e6:b9:42:6c:cb:ce:fe:1e:3d:6c:81:9d:dc:28:b1:
                    3d:bb:7b:a8:8a:81:1f:07:1c:a2:d2:f6:82:81:79:
                    1b:c3:ca:aa:02:52:db:65:5d:12:b7:20:bc:91:50:
                    69:37:d6:7c:74:15:36:fe:e2:99:6d:b4:8f:1a:07:
                    d5:74:e2:f1:38:27:aa:f4:0d:b8:74:2f:73:fe:f8:
                    bf:9a:76:c1:58:5c:72:38:81:4e:f4:94:db:19:b4:
                    83:e4:21:d3:07:6c:be:90:bd:c7:3c:e3:63:98:d5:
                    b0:02:48:9e:7d:bd:3d:a8:e6:c9:1d:f4:b2:0f:77:
                    df:37:23:f7:d6:be:5a:3f:20:21:d3:64:2d:9d:fe:
                    80:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:DE:B8:CC:0C:31:C4:00:4B:2B:34:9E:1F:B0:86:2D:04:E6:24:61
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/wt64zAwxxABLKzSeH7CGLQTmJGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.196.0/24
                  89.47.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:3d:0c:a6:14:65:c5:1e:4f:54:2a:73:c7:21:ef:0f:6d:e5:
         b6:c6:4c:e3:af:9b:83:e7:0f:ff:5e:05:45:5d:e6:8c:82:0e:
         01:45:19:f4:b1:ba:a7:14:4b:93:a7:a3:5e:13:09:49:9d:fe:
         af:87:e3:28:99:79:34:94:d0:fc:07:b6:7a:b9:a5:2c:74:34:
         c8:3c:8a:62:d6:4a:6e:e0:97:e5:b8:76:0b:11:77:49:59:22:
         a8:05:76:c0:e1:a0:29:b9:db:e5:b0:ba:96:73:2a:c8:66:e8:
         4b:ea:11:f0:65:eb:18:31:9a:61:a5:0b:78:7f:65:ec:33:71:
         f9:12:07:52:a2:68:24:0b:09:b3:11:a8:9d:73:f5:5c:34:57:
         c6:87:90:b1:c7:a8:3b:6d:1e:08:3f:f1:49:a8:48:09:b8:cb:
         47:a9:fe:7a:1f:cd:0d:19:ce:9a:c1:ab:50:d6:43:d1:b1:c0:
         83:bb:78:cf:71:69:cc:fc:a6:50:2e:24:5c:42:37:18:24:db:
         11:31:c1:d9:97:02:d3:55:55:50:c2:12:ab:74:f1:42:22:d4:
         3f:a3:cc:73:5a:ab:c5:ec:8b:e7:cd:59:f3:5f:c8:ad:d3:6f:
         12:34:74:03:29:f4:af:14:bd:4d:40:12:a4:9e:24:2b:26:1c:
         52:a4:5b:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5+6Y4FVU7ONJs4F+NMY/HOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMzI3MDc1NjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmRlYjhjYzBjMzFjNDAwNGIyYjM0OWUxZmIwODYyZDA0ZTYyNDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjyFd6zvn/nJWD1DMJGN3BvccXt+
PELjW7tDMnaHm6AUMuQr+IMHx7RKb83IVm+wh3VF/zK2X0L4+Bozhd6kfthsfxsd
8s3W7jnicAMcowjE0Ehww3lPn4tzYUamoFsVXdqS14EPYBT6Lqz/jMS5e8ahfwjA
NEbmuUJsy87+Hj1sgZ3cKLE9u3uoioEfBxyi0vaCgXkbw8qqAlLbZV0StyC8kVBp
N9Z8dBU2/uKZbbSPGgfVdOLxOCeq9A24dC9z/vi/mnbBWFxyOIFO9JTbGbSD5CHT
B2y+kL3HPONjmNWwAkiefb09qObJHfSyD3ffNyP31r5aPyAh02Qtnf6AHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMLeuMwMMcQASys0nh+whi0E5iRhMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvd3Q2NHpBd3h4QUJMS3pTZUg3Q0dMUVRtSkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSXEAwQA
WS90MA0GCSqGSIb3DQEBCwUAA4IBAQAbPQymFGXFHk9UKnPHIe8PbeW2xkzjr5uD
5w//XgVFXeaMgg4BRRn0sbqnFEuTp6NeEwlJnf6vh+MomXk0lND8B7Z6uaUsdDTI
PIpi1kpu4JfluHYLEXdJWSKoBXbA4aApudvlsLqWcyrIZuhL6hHwZesYMZphpQt4
f2XsM3H5EgdSomgkCwmzEaidc/VcNFfGh5Cxx6g7bR4IP/FJqEgJuMtHqf56H80N
Gc6awatQ1kPRscCDu3jPcWnM/KZQLiRcQjcYJNsRMcHZlwLTVVVQwhKrdPFCItQ/
o8xzWqvF7IvnzVnzX8it028SNHQDKfSvFL1NQBKkniQrJhxSpFuz
-----END CERTIFICATE-----