Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7D95PjlEemj2KDfCwGQCT2kYOM0.roa
File:                     7D95PjlEemj2KDfCwGQCT2kYOM0.roa (raw, json)
Hash identifier:          1B3OK9AVCTIw0UDRiJzjmroNwtAXTqIkqI8ZtWrFDDA=
Subject key identifier:   EC:3F:79:3E:39:44:7A:68:F6:28:37:C2:C0:64:02:4F:69:18:38:CD
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D56266E827E87A2A1A7F18D23F5C3
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7D95PjlEemj2KDfCwGQCT2kYOM0.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35183
IP address blocks:        62.176.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:56:26:6e:82:7e:87:a2:a1:a7:f1:8d:23:f5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec3f793e39447a68f62837c2c064024f691838cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5d:e7:94:b6:b9:d2:96:af:74:94:d7:31:11:
                    26:46:a2:b9:fd:6f:4f:b7:0c:0a:31:87:88:f8:c7:
                    3b:30:e4:ed:2d:1f:7e:8b:c1:61:e5:ad:fd:8a:5b:
                    fd:00:02:f5:ea:9f:8d:1d:ba:6d:f7:67:01:33:59:
                    f4:93:7d:18:ec:70:1e:da:58:68:9f:93:2a:a1:d4:
                    ce:e0:80:17:f8:d3:51:5f:bf:5a:7e:45:92:0a:fb:
                    03:a2:11:4e:c3:28:86:29:03:ae:4a:30:6a:f6:00:
                    9d:8e:0a:f5:9a:45:fb:39:1b:e4:be:a0:27:33:bd:
                    af:5f:84:77:fc:06:d5:ff:72:d1:9a:06:15:db:d3:
                    5d:9d:24:fd:88:26:13:d8:c7:ef:79:ef:a4:40:76:
                    4f:ee:41:0b:8f:9b:69:c9:11:e6:09:f5:38:81:da:
                    11:97:9d:d2:6f:62:c8:11:3e:89:e5:c5:1c:02:a3:
                    74:7f:82:09:7e:7a:d2:c3:b7:6a:da:6c:8a:d9:82:
                    0c:8e:f4:81:e9:e7:15:dd:aa:70:85:ce:d1:42:49:
                    2a:76:ae:18:ae:2c:46:f4:d6:7b:87:9b:59:fa:b6:
                    13:e1:19:b6:f9:51:ee:79:9d:d4:d2:0b:b2:31:8b:
                    2c:0f:e5:4f:d0:eb:b1:d0:d5:87:48:f5:05:6f:fb:
                    89:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:3F:79:3E:39:44:7A:68:F6:28:37:C2:C0:64:02:4F:69:18:38:CD
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7D95PjlEemj2KDfCwGQCT2kYOM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:f3:49:51:1a:08:10:90:4b:54:5a:58:1b:d9:4d:ad:90:58:
         ab:5a:a2:a7:37:62:33:ff:db:7d:28:d1:ab:7c:7c:bd:77:f3:
         42:af:66:3d:7a:df:c8:fa:8c:ba:c1:bb:0c:e4:1a:73:79:da:
         d9:35:ef:be:c0:53:8d:ed:49:1e:fa:e5:d1:18:e3:bc:ae:39:
         a1:4e:9f:91:3c:2e:a9:96:ee:1b:14:70:85:a6:03:48:2d:98:
         74:7c:92:1d:74:5f:33:ea:63:88:6d:e2:e5:f3:0f:4c:54:cd:
         af:4a:a4:62:e4:26:e9:a3:17:89:0c:95:6a:59:96:2d:63:b4:
         7f:80:1d:f2:f8:5d:60:45:d0:b7:db:11:7d:05:21:81:d3:94:
         b5:cf:9c:dd:68:59:71:36:63:0c:c2:ec:54:a2:7c:dd:df:21:
         72:cb:6c:69:0d:a6:4d:b3:17:29:49:d4:62:8e:d7:4c:38:2d:
         1c:99:23:74:2d:e1:18:51:7a:91:aa:a1:da:1b:cd:10:9f:a2:
         86:72:99:55:6a:c0:a2:b0:cd:d7:64:fa:fb:ad:5b:ce:78:e1:
         f5:38:03:6b:6d:2b:24:c4:50:57:7e:0a:dd:f5:ac:9a:b6:1d:
         81:a4:62:f4:10:eb:93:3b:a5:0e:43:f3:a6:86:7a:93:a5:4c:
         65:2e:b0:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVYmboJ+h6Khp/GNI/XDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzNmNzkzZTM5NDQ3YTY4ZjYyODM3YzJjMDY0MDI0ZjY5MTgzOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhl3nlLa50pavdJTXMREmRqK5/W9P
twwKMYeI+Mc7MOTtLR9+i8Fh5a39ilv9AAL16p+NHbpt92cBM1n0k30Y7HAe2lho
n5MqodTO4IAX+NNRX79afkWSCvsDohFOwyiGKQOuSjBq9gCdjgr1mkX7ORvkvqAn
M72vX4R3/AbV/3LRmgYV29NdnST9iCYT2Mfvee+kQHZP7kELj5tpyRHmCfU4gdoR
l53Sb2LIET6J5cUcAqN0f4IJfnrSw7dq2myK2YIMjvSB6ecV3apwhc7RQkkqdq4Y
rixG9NZ7h5tZ+rYT4Rm2+VHueZ3U0guyMYssD+VP0Oux0NWHSPUFb/uJFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOw/eT45RHpo9ig3wsBkAk9pGDjNMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvN0Q5NVBqbEVlbWoyS0RmQ3dHUUNUMmtZT00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPrBvMA0G
CSqGSIb3DQEBCwUAA4IBAQCF80lRGggQkEtUWlgb2U2tkFirWqKnN2Iz/9t9KNGr
fHy9d/NCr2Y9et/I+oy6wbsM5BpzedrZNe++wFON7Uke+uXRGOO8rjmhTp+RPC6p
lu4bFHCFpgNILZh0fJIddF8z6mOIbeLl8w9MVM2vSqRi5CbpoxeJDJVqWZYtY7R/
gB3y+F1gRdC32xF9BSGB05S1z5zdaFlxNmMMwuxUonzd3yFyy2xpDaZNsxcpSdRi
jtdMOC0cmSN0LeEYUXqRqqHaG80Qn6KGcplVasCisM3XZPr7rVvOeOH1OANrbSsk
xFBXfgrd9ayath2BpGL0EOuTO6UOQ/OmhnqTpUxlLrDS
-----END CERTIFICATE-----