Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/y7InySaek19a7bBmO6QqrzZ5mPM.roa
File:                     y7InySaek19a7bBmO6QqrzZ5mPM.roa (raw, json)
Hash identifier:          6Lw1IVC96jOw5rEK+NvH0+nvFwJl6Owj/xPu/sP/aJY=
Subject key identifier:   CB:B2:27:C9:26:9E:93:5F:5A:ED:B0:66:3B:A4:2A:AF:36:79:98:F3
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018DA8697DE220CD401DFF9E017A66B57B5C
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/y7InySaek19a7bBmO6QqrzZ5mPM.roa
Signing time:             Wed 14 Feb 2024 16:18:22 +0000
ROA not before:           Wed 14 Feb 2024 16:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        89.34.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:69:7d:e2:20:cd:40:1d:ff:9e:01:7a:66:b5:7b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Feb 14 16:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbb227c9269e935f5aedb0663ba42aaf367998f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:0a:0f:22:14:bd:a9:90:b1:04:4e:5f:51:59:
                    2b:ab:99:81:cc:71:a9:f6:5c:55:41:e7:4e:06:42:
                    9d:36:72:22:69:d3:80:a0:1f:7e:41:4f:57:01:63:
                    01:25:de:71:21:11:27:f6:27:d5:46:ee:3b:94:1a:
                    2d:85:c1:52:f9:c6:0c:3b:63:86:ef:7c:07:00:cd:
                    0e:ad:54:97:f6:98:19:47:ef:53:b1:81:2d:3f:59:
                    f5:fb:29:98:20:e4:72:0a:8a:ef:15:6a:df:14:d4:
                    4b:c4:32:31:a4:4a:14:92:ad:35:2c:89:9d:ca:7d:
                    f5:c3:1d:b5:50:47:e0:7a:87:17:42:2e:d3:9f:c1:
                    9f:00:91:b2:98:58:3a:34:aa:af:21:26:d9:ae:52:
                    31:f4:c5:e6:d8:6e:03:62:2d:2c:7f:ea:cd:da:d5:
                    51:75:65:d4:f2:50:5d:f2:5f:b5:33:c8:a7:01:2a:
                    80:b1:3c:5f:f2:dd:c4:5b:5a:8e:39:05:cb:38:02:
                    5e:7e:23:19:d9:5f:ba:78:a9:43:b0:20:fd:80:14:
                    bf:cd:16:55:34:06:f4:9d:ad:c5:1a:6a:62:df:70:
                    1a:4e:9d:91:45:41:3e:61:21:f2:6c:8e:a6:12:58:
                    0b:0f:0d:07:20:f0:88:69:53:1e:64:b4:df:68:c3:
                    6f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B2:27:C9:26:9E:93:5F:5A:ED:B0:66:3B:A4:2A:AF:36:79:98:F3
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/y7InySaek19a7bBmO6QqrzZ5mPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:cf:54:bc:f4:e6:fe:3e:70:82:97:72:17:a4:82:27:95:18:
         e9:fa:fc:47:f0:07:15:3f:2d:cb:3e:9a:05:8b:3e:e7:ee:bc:
         15:89:1d:e4:ed:e3:c1:c6:9f:8e:62:65:d9:91:76:ce:d8:00:
         86:ca:d3:12:b0:99:94:24:b1:1d:5f:32:65:af:36:bf:9d:09:
         26:96:40:ef:de:20:d7:8a:0a:47:a2:d0:d6:d8:25:7b:d8:eb:
         b0:cd:99:b7:6a:4e:c4:86:d3:c3:f9:d1:e3:9b:95:3f:5f:a3:
         42:d5:88:c9:7b:a5:1c:87:43:fc:eb:c9:b3:49:da:bf:b8:cb:
         66:8d:d9:e0:02:2e:24:50:98:7a:39:a0:40:44:ec:13:0b:02:
         d8:4b:29:67:2a:bd:09:32:65:e0:02:24:d7:00:ab:eb:16:02:
         96:f6:f8:f9:37:4b:f8:97:d9:cf:75:1a:1f:2f:ff:c1:24:7e:
         94:a2:1c:dc:99:3f:0b:02:2f:09:76:3b:58:72:28:4f:36:17:
         c7:e0:1a:84:11:94:5e:e3:84:5a:a7:74:35:a6:7f:77:b4:28:
         e8:4b:25:c0:57:47:c8:cc:ca:bb:3f:eb:17:fb:e9:c4:69:56:
         e7:63:c7:93:0f:89:de:37:dc:ea:b5:6f:ae:8b:ac:e9:58:39:
         f0:e1:1d:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2oaX3iIM1AHf+eAXpmtXtcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMjE0MTYxODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmIyMjdjOTI2OWU5MzVmNWFlZGIwNjYzYmE0MmFhZjM2Nzk5OGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAoPIhS9qZCxBE5fUVkrq5mBzHGp
9lxVQedOBkKdNnIiadOAoB9+QU9XAWMBJd5xIREn9ifVRu47lBothcFS+cYMO2OG
73wHAM0OrVSX9pgZR+9TsYEtP1n1+ymYIORyCorvFWrfFNRLxDIxpEoUkq01LImd
yn31wx21UEfgeocXQi7Tn8GfAJGymFg6NKqvISbZrlIx9MXm2G4DYi0sf+rN2tVR
dWXU8lBd8l+1M8inASqAsTxf8t3EW1qOOQXLOAJefiMZ2V+6eKlDsCD9gBS/zRZV
NAb0na3FGmpi33AaTp2RRUE+YSHybI6mElgLDw0HIPCIaVMeZLTfaMNvawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuyJ8kmnpNfWu2wZjukKq82eZjzMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEveTdJbnlTYWVrMTlhN2JCbU82UXFyelo1bVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSLmMA0G
CSqGSIb3DQEBCwUAA4IBAQBdz1S89Ob+PnCCl3IXpIInlRjp+vxH8AcVPy3LPpoF
iz7n7rwViR3k7ePBxp+OYmXZkXbO2ACGytMSsJmUJLEdXzJlrza/nQkmlkDv3iDX
igpHotDW2CV72OuwzZm3ak7EhtPD+dHjm5U/X6NC1YjJe6Uch0P868mzSdq/uMtm
jdngAi4kUJh6OaBAROwTCwLYSylnKr0JMmXgAiTXAKvrFgKW9vj5N0v4l9nPdRof
L//BJH6UohzcmT8LAi8JdjtYcihPNhfH4BqEEZRe44Rap3Q1pn93tCjoSyXAV0fI
zMq7P+sX++nEaVbnY8eTD4neN9zqtW+ui6zpWDnw4R0A
-----END CERTIFICATE-----