Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/zjOMjgho5KEWjhQ4CUL4nG5juI8.roa
File:                     zjOMjgho5KEWjhQ4CUL4nG5juI8.roa (raw, json)
Hash identifier:          pM1M7A4UibM1yqpIiTn1KNL4pS+4Ozu3WUL8FTDTgVM=
Subject key identifier:   CE:33:8C:8E:08:68:E4:A1:16:8E:14:38:09:42:F8:9C:6E:63:B8:8F
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01924BB1FDC76551B280D3BFF49DFD9ABF61
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/zjOMjgho5KEWjhQ4CUL4nG5juI8.roa
Signing time:             Wed 02 Oct 2024 05:26:48 +0000
ROA not before:           Wed 02 Oct 2024 05:26:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214136
IP address blocks:        93.114.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4b:b1:fd:c7:65:51:b2:80:d3:bf:f4:9d:fd:9a:bf:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct  2 05:26:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce338c8e0868e4a1168e14380942f89c6e63b88f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ad:ed:fc:75:5a:a4:84:58:a3:93:b2:1e:da:
                    ea:a4:8c:64:c7:97:62:c9:f8:3f:ae:f8:48:17:8c:
                    d9:ce:14:4b:4b:8f:40:76:7e:10:c5:80:28:30:52:
                    3d:6f:15:36:4d:5a:f5:10:fc:13:69:81:ef:d6:b2:
                    58:40:4e:e1:55:5c:a9:57:0c:a4:bb:0f:73:9f:26:
                    e8:14:30:b7:6d:3c:cc:81:ee:15:64:82:c7:27:ff:
                    94:0c:5c:bc:82:72:f0:a4:03:44:41:bc:d1:71:48:
                    2d:f0:0d:bd:8a:7d:7a:b1:d9:0f:57:ed:41:e6:0f:
                    68:0b:29:c6:e0:b1:67:f2:0d:67:2d:45:00:a1:58:
                    57:17:74:9c:59:df:48:34:8f:95:da:2c:d1:34:8f:
                    da:41:ac:1b:64:47:61:47:b9:2b:20:32:1f:86:c8:
                    e7:5d:ad:2d:26:75:8c:c3:78:d9:e3:af:66:8e:e6:
                    88:5f:96:be:29:58:a8:44:75:90:d8:32:07:d2:14:
                    05:e6:9a:fc:9e:06:e4:7e:51:cd:33:2e:9b:5d:8b:
                    32:05:7a:9b:3b:92:2c:50:92:a5:10:50:5d:0e:cc:
                    cd:8e:3c:cb:cd:aa:21:7c:d7:0e:19:50:ea:96:6e:
                    c1:4d:d7:6a:2b:e3:54:1a:a0:17:09:cd:93:29:1a:
                    ea:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:33:8C:8E:08:68:E4:A1:16:8E:14:38:09:42:F8:9C:6E:63:B8:8F
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/zjOMjgho5KEWjhQ4CUL4nG5juI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d4:3d:d7:61:d7:b2:c3:bc:79:83:77:ed:8b:f7:5f:b2:d6:
         26:29:b3:99:ad:aa:fe:80:b4:63:c6:2c:ae:49:d5:47:f6:60:
         20:72:9b:30:35:af:bd:0e:f9:1a:35:ea:b2:f5:bb:db:3a:7e:
         13:6b:df:77:1f:65:dd:33:76:2c:3b:56:77:ae:92:3f:7c:58:
         1c:a7:4e:e2:5e:ed:03:bd:10:e9:e9:fb:48:3f:15:ba:6a:0f:
         4a:44:af:fa:90:e4:09:0a:b0:59:96:83:7c:65:ba:6c:2c:d6:
         32:81:a9:10:99:ff:48:27:ef:45:44:b7:65:d6:2c:5a:1d:67:
         a2:05:61:ae:3d:8c:1f:7e:c2:3e:25:c3:27:6c:f0:2f:15:e9:
         0c:8e:ed:b8:9f:16:8d:5a:55:47:f9:a9:65:00:69:7e:fe:63:
         f1:90:88:70:9f:2e:d4:2e:bc:73:96:09:94:ee:b9:91:30:ff:
         42:44:b2:c5:84:66:6f:2c:41:0e:3d:4f:a1:16:7d:1e:34:eb:
         05:de:ec:0c:b4:34:59:11:77:dc:f5:fe:bb:3b:4f:06:e9:bd:
         2a:f4:f5:9e:87:fd:79:e0:8a:6e:f6:cb:84:c0:6b:f9:e9:d3:
         2a:6b:4b:a1:e1:84:bd:ec:68:57:14:8e:a2:6b:c6:d2:9a:23:
         c4:51:43:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJLsf3HZVGygNO/9J39mr9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQxMDAyMDUyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTMzOGM4ZTA4NjhlNGExMTY4ZTE0MzgwOTQyZjg5YzZlNjNiODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr63t/HVapIRYo5OyHtrqpIxkx5di
yfg/rvhIF4zZzhRLS49Adn4QxYAoMFI9bxU2TVr1EPwTaYHv1rJYQE7hVVypVwyk
uw9znyboFDC3bTzMge4VZILHJ/+UDFy8gnLwpANEQbzRcUgt8A29in16sdkPV+1B
5g9oCynG4LFn8g1nLUUAoVhXF3ScWd9INI+V2izRNI/aQawbZEdhR7krIDIfhsjn
Xa0tJnWMw3jZ469mjuaIX5a+KVioRHWQ2DIH0hQF5pr8ngbkflHNMy6bXYsyBXqb
O5IsUJKlEFBdDszNjjzLzaohfNcOGVDqlm7BTddqK+NUGqAXCc2TKRrqDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4zjI4IaOShFo4UOAlC+JxuY7iPMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvempPTWpnaG81S0VXamhRNENVTDRuRzVqdUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXJYMA0G
CSqGSIb3DQEBCwUAA4IBAQAz1D3XYdeyw7x5g3fti/dfstYmKbOZrar+gLRjxiyu
SdVH9mAgcpswNa+9DvkaNeqy9bvbOn4Ta993H2XdM3YsO1Z3rpI/fFgcp07iXu0D
vRDp6ftIPxW6ag9KRK/6kOQJCrBZloN8ZbpsLNYygakQmf9IJ+9FRLdl1ixaHWei
BWGuPYwffsI+JcMnbPAvFekMju24nxaNWlVH+allAGl+/mPxkIhwny7ULrxzlgmU
7rmRMP9CRLLFhGZvLEEOPU+hFn0eNOsF3uwMtDRZEXfc9f67O08G6b0q9PWeh/15
4Ipu9suEwGv56dMqa0uh4YS97GhXFI6ia8bSmiPEUUPc
-----END CERTIFICATE-----