Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/AhnbiMoDTCrgHNvKnkJ5c8xZYQI.roa
File:                     AhnbiMoDTCrgHNvKnkJ5c8xZYQI.roa (raw, json)
Hash identifier:          rfIWIeQYELlBdsKHERs3uZpABNPiDxq2vt6rrbWuyvc=
Subject key identifier:   02:19:DB:88:CA:03:4C:2A:E0:1C:DB:CA:9E:42:79:73:CC:59:61:02
Certificate issuer:       /CN=85d0e763f935c171694f172056eb44209db2e2cd
Certificate serial:       018CC5DBFEA27A63E697A6DFE2232898661B
Authority key identifier: 85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/AhnbiMoDTCrgHNvKnkJ5c8xZYQI.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206487
IP address blocks:        89.39.33.0/24 maxlen: 24
                          89.39.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fe:a2:7a:63:e6:97:a6:df:e2:23:28:98:66:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85d0e763f935c171694f172056eb44209db2e2cd
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0219db88ca034c2ae01cdbca9e427973cc596102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:43:ba:49:25:d5:f2:b9:87:c5:1c:27:b7:0b:
                    28:27:4f:d2:00:c1:79:3c:03:f9:95:b5:18:bb:69:
                    b9:b5:39:29:c4:f7:5e:25:9a:0d:d8:9e:bd:26:42:
                    ef:c9:3d:a9:8d:c5:59:59:4c:5c:8a:3a:92:1b:17:
                    e1:76:93:57:62:49:68:de:8d:a8:4f:e5:79:5b:29:
                    87:93:26:d0:a7:de:9f:4f:0a:58:be:d5:3a:2b:04:
                    db:73:b8:98:a9:95:ca:47:8e:cc:77:75:ad:16:de:
                    63:0a:df:f7:70:ff:38:8b:45:16:6b:fb:08:ba:41:
                    2d:24:a4:52:c8:d1:4b:17:a2:d8:d5:a5:1d:7c:a4:
                    42:11:ab:e5:f5:6a:db:95:b3:26:af:1a:0f:59:6e:
                    46:20:b5:9f:b5:e6:5f:ca:a5:72:fa:4a:fd:dd:5e:
                    e3:b3:57:74:64:1c:5a:4b:e3:09:e7:5d:92:00:b7:
                    9c:63:45:20:0a:29:ae:26:76:67:86:76:c3:42:e7:
                    71:a4:ec:22:bd:b7:82:b0:a8:e6:ad:b9:95:d0:b2:
                    bd:65:3f:2f:67:ea:ad:d5:87:f7:c5:39:56:01:94:
                    72:7c:6d:ef:eb:bc:e0:40:84:2e:5b:e6:1e:16:4e:
                    20:8e:1c:c7:1e:75:1f:93:13:7f:5c:40:c0:64:55:
                    ff:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:19:DB:88:CA:03:4C:2A:E0:1C:DB:CA:9E:42:79:73:CC:59:61:02
            X509v3 Authority Key Identifier:
                keyid:85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/AhnbiMoDTCrgHNvKnkJ5c8xZYQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.33.0-89.39.34.255

    Signature Algorithm: sha256WithRSAEncryption
         18:3c:9b:62:cc:0d:f7:cf:63:7f:bd:c0:35:38:d4:ad:33:4c:
         b0:25:c5:54:b0:56:74:55:b7:b4:10:f0:6a:b2:30:b4:9e:da:
         46:24:8e:43:65:63:54:11:fe:28:fb:93:11:54:f4:a0:61:c0:
         83:41:83:cc:81:32:5d:7f:42:fa:e1:0d:ff:31:d9:d3:40:80:
         68:c5:43:60:84:24:38:3d:4e:9d:d8:19:6f:71:a0:a6:dc:bb:
         f7:8e:2b:9f:fd:0f:f3:2f:ed:6d:53:21:c2:33:2b:7b:aa:1d:
         b1:0e:23:ca:44:ea:5e:61:17:cc:c7:32:b4:42:67:c8:a4:1f:
         ef:cd:f7:80:70:6b:83:9c:a1:93:47:94:58:a0:de:45:a4:70:
         95:40:bd:fa:64:7d:69:2a:cc:f5:f8:e2:4d:8e:98:63:83:ca:
         b9:65:20:4e:35:5d:b4:78:b8:23:55:65:8f:3c:09:11:f3:c1:
         6b:1e:e6:77:c9:31:49:2b:be:b3:83:02:77:d7:4a:b3:ad:42:
         1e:da:0d:8f:51:27:62:8d:26:d9:6d:cd:88:51:90:21:33:2b:
         64:70:69:1b:ec:5d:55:1a:7b:a7:59:91:e3:8a:9c:bd:8e:35:
         49:51:5c:47:1f:9b:4c:53:63:da:01:52:86:db:35:e6:b7:ef:
         52:31:c6:94
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF2/6iemPml6bf4iMomGYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZDBlNzYzZjkzNWMxNzE2OTRmMTcyMDU2ZWI0NDIwOWRi
MmUyY2QwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjE5ZGI4OGNhMDM0YzJhZTAxY2RiY2E5ZTQyNzk3M2NjNTk2MTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEO6SSXV8rmHxRwntwsoJ0/SAMF5
PAP5lbUYu2m5tTkpxPdeJZoN2J69JkLvyT2pjcVZWUxcijqSGxfhdpNXYklo3o2o
T+V5WymHkybQp96fTwpYvtU6KwTbc7iYqZXKR47Md3WtFt5jCt/3cP84i0UWa/sI
ukEtJKRSyNFLF6LY1aUdfKRCEavl9WrblbMmrxoPWW5GILWfteZfyqVy+kr93V7j
s1d0ZBxaS+MJ512SALecY0UgCimuJnZnhnbDQudxpOwivbeCsKjmrbmV0LK9ZT8v
Z+qt1Yf3xTlWAZRyfG3v67zgQIQuW+YeFk4gjhzHHnUfkxN/XEDAZFX/rQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAIZ24jKA0wq4Bzbyp5CeXPMWWECMB8GA1UdIwQY
MBaAFIXQ52P5NcFxaU8XIFbrRCCdsuLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2Qt
ZjEyODM1ZjAyNDdiLzEvQWhuYmlNb0RUQ3JnSE52S25rSjVjOHhaWVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2QtZjEyODM1ZjAyNDdi
LzEvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZJyED
BABZJyIwDQYJKoZIhvcNAQELBQADggEBABg8m2LMDffPY3+9wDU41K0zTLAlxVSw
VnRVt7QQ8GqyMLSe2kYkjkNlY1QR/ij7kxFU9KBhwINBg8yBMl1/QvrhDf8x2dNA
gGjFQ2CEJDg9Tp3YGW9xoKbcu/eOK5/9D/Mv7W1TIcIzK3uqHbEOI8pE6l5hF8zH
MrRCZ8ikH+/N94Bwa4OcoZNHlFig3kWkcJVAvfpkfWkqzPX44k2OmGODyrllIE41
XbR4uCNVZY88CRHzwWse5nfJMUkrvrODAnfXSrOtQh7aDY9RJ2KNJtltzYhRkCEz
K2RwaRvsXVUae6dZkeOKnL2ONUlRXEcfm0xTY9oBUobbNea371IxxpQ=
-----END CERTIFICATE-----