Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/yK_-fuEGFm-h6d0pyy6g8qV7alc.roa
File:                     yK_-fuEGFm-h6d0pyy6g8qV7alc.roa (raw, json)
Hash identifier:          KAxbhrFdjeSdLF+IQeQiQv5r7fGeODcg43gm3jsVI4U=
Subject key identifier:   C8:AF:FE:7E:E1:06:16:6F:A1:E9:DD:29:CB:2E:A0:F2:A5:7B:6A:57
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0194CB0198FBE260A6CD1986C6B69490BD21
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/yK_-fuEGFm-h6d0pyy6g8qV7alc.roa
Signing time:             Mon 03 Feb 2025 08:51:07 +0000
ROA not before:           Mon 03 Feb 2025 08:51:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8100
IP address blocks:        89.33.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cb:01:98:fb:e2:60:a6:cd:19:86:c6:b6:94:90:bd:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Feb  3 08:51:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8affe7ee106166fa1e9dd29cb2ea0f2a57b6a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c0:7c:43:80:ff:db:13:6b:80:ec:09:16:44:
                    b1:08:15:3f:43:6b:fb:65:4b:89:bb:1d:2f:32:ac:
                    00:0d:71:65:66:cc:47:23:e5:fc:be:39:28:1b:cb:
                    26:57:7d:53:fb:06:bc:77:55:ff:d7:5a:d9:c7:20:
                    0b:0a:eb:5e:5b:6a:db:25:2f:a5:7b:c5:0c:57:b1:
                    a8:e2:02:ec:01:99:40:12:69:96:3b:b1:bf:95:f9:
                    02:a2:e2:20:e3:fb:e3:36:62:2e:c0:f6:56:29:b4:
                    71:ae:39:d7:43:61:ee:05:a7:93:b6:90:15:d9:ae:
                    af:17:d1:2e:7b:c8:1d:ad:f1:ae:73:2c:c2:08:2d:
                    3c:8a:14:4c:90:9c:73:37:ea:4e:dc:a1:f0:d6:68:
                    66:8a:9c:9a:98:a7:e2:6e:98:a1:3c:59:96:d0:05:
                    94:4e:7e:79:3d:00:4c:29:d8:dd:34:42:99:d3:f7:
                    34:42:e9:77:96:ac:0f:3e:c2:b9:7e:d8:d3:e6:7f:
                    96:86:e0:bf:14:c4:62:5c:f6:4c:1d:5f:11:8c:24:
                    9e:34:a5:62:7b:02:a7:89:2c:28:c9:03:eb:8d:e2:
                    2e:7c:81:a9:4e:36:d2:4b:bb:2a:6b:8e:fe:7d:c2:
                    9d:15:59:5c:a3:4d:4b:83:35:d8:13:8b:f7:95:9d:
                    12:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:AF:FE:7E:E1:06:16:6F:A1:E9:DD:29:CB:2E:A0:F2:A5:7B:6A:57
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/yK_-fuEGFm-h6d0pyy6g8qV7alc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a4:c2:54:4e:6c:17:d8:05:9b:af:f0:21:ae:b8:b7:60:51:
         34:38:65:51:59:eb:f6:62:eb:98:7d:91:7e:0c:83:df:95:1c:
         0c:ec:6b:99:34:11:20:25:08:da:9b:a5:a9:75:de:a1:06:04:
         dd:c7:6c:39:7b:3f:00:5e:2b:18:f5:53:e7:f1:8e:f7:b7:29:
         60:a3:fe:87:0f:3d:9b:29:1a:41:fe:06:a3:25:0f:5f:4f:a4:
         fb:10:82:d2:67:5f:90:a7:01:2c:a4:05:13:91:a4:a6:51:99:
         76:cf:0a:7b:dd:7c:90:dd:52:89:a7:fd:ec:25:a9:ea:41:8d:
         46:7e:ba:56:e4:f3:25:91:f0:48:84:a3:25:fd:77:0d:ff:70:
         02:70:24:87:c1:9c:e3:93:96:9b:b2:ed:8a:be:a0:82:39:4c:
         e6:33:89:bb:3a:70:cd:ef:25:75:e8:38:e7:3d:a7:5b:4f:4b:
         e2:93:55:a3:e2:8b:b5:2c:d5:98:07:01:0b:b4:75:af:36:32:
         c5:a7:3e:9f:ca:50:09:92:b0:7e:84:26:cd:6e:50:f8:f6:b6:
         5f:48:51:03:24:a4:c5:c8:6e:13:34:f0:f6:2d:59:59:a7:49:
         5f:41:5c:16:ac:c4:e5:76:79:21:58:c9:f2:b0:94:d4:a5:c5:
         f9:c0:2e:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTLAZj74mCmzRmGxraUkL0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMjAzMDg1MTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGFmZmU3ZWUxMDYxNjZmYTFlOWRkMjljYjJlYTBmMmE1N2I2YTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsB8Q4D/2xNrgOwJFkSxCBU/Q2v7
ZUuJux0vMqwADXFlZsxHI+X8vjkoG8smV31T+wa8d1X/11rZxyALCuteW2rbJS+l
e8UMV7Go4gLsAZlAEmmWO7G/lfkCouIg4/vjNmIuwPZWKbRxrjnXQ2HuBaeTtpAV
2a6vF9Eue8gdrfGucyzCCC08ihRMkJxzN+pO3KHw1mhmipyamKfibpihPFmW0AWU
Tn55PQBMKdjdNEKZ0/c0Qul3lqwPPsK5ftjT5n+WhuC/FMRiXPZMHV8RjCSeNKVi
ewKniSwoyQPrjeIufIGpTjbSS7sqa47+fcKdFVlco01LgzXYE4v3lZ0SCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiv/n7hBhZvoendKcsuoPKle2pXMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEveUtfLWZ1RUdGbS1oNmQwcHl5Nmc4cVY3YWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSHAMA0G
CSqGSIb3DQEBCwUAA4IBAQBspMJUTmwX2AWbr/Ahrri3YFE0OGVRWev2YuuYfZF+
DIPflRwM7GuZNBEgJQjam6Wpdd6hBgTdx2w5ez8AXisY9VPn8Y73tylgo/6HDz2b
KRpB/gajJQ9fT6T7EILSZ1+QpwEspAUTkaSmUZl2zwp73XyQ3VKJp/3sJanqQY1G
frpW5PMlkfBIhKMl/XcN/3ACcCSHwZzjk5absu2KvqCCOUzmM4m7OnDN7yV16Djn
PadbT0vik1Wj4ou1LNWYBwELtHWvNjLFpz6fylAJkrB+hCbNblD49rZfSFEDJKTF
yG4TNPD2LVlZp0lfQVwWrMTldnkhWMnysJTUpcX5wC5B
-----END CERTIFICATE-----