Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/CE297M06fyQPmMAjcAAX-3AyO40.roa
File:                     CE297M06fyQPmMAjcAAX-3AyO40.roa (raw, json)
Hash identifier:          qZBqDfQHpO0Cn7/BaALA6NqkugvLougJVfWiQyP4eRU=
Subject key identifier:   08:4D:BD:EC:CD:3A:7F:24:0F:98:C0:23:70:00:17:FB:70:32:3B:8D
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D6A9AB795FB71C2709A5F4115DCCD
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/CE297M06fyQPmMAjcAAX-3AyO40.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208579
IP address blocks:        77.85.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6a:9a:b7:95:fb:71:c2:70:9a:5f:41:15:dc:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=084dbdeccd3a7f240f98c023700017fb70323b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:75:b8:fa:81:b6:30:2e:83:94:7c:3f:5e:60:
                    b0:81:7e:0b:ab:52:23:38:0d:0a:ef:00:66:11:97:
                    3c:d2:c8:8f:7e:aa:6c:77:94:50:f6:fb:dd:65:0d:
                    3c:95:6b:37:19:b1:21:dc:47:61:ac:2c:ac:76:97:
                    4d:5d:d6:b6:d5:d1:39:42:a8:51:a5:cd:4c:39:3e:
                    23:7a:ae:8f:81:19:57:4f:12:b0:58:58:57:41:ad:
                    eb:67:77:89:d2:5b:b2:25:3f:ec:ec:fc:07:cf:8e:
                    f0:cf:b5:8d:03:38:9e:6d:a4:b9:87:3e:85:5e:4f:
                    16:c0:09:97:f6:d6:a5:9a:7f:2b:59:09:02:be:ee:
                    94:1b:30:1b:61:d4:c4:09:47:ba:9f:e7:8b:ca:62:
                    46:e4:36:6a:a1:54:c8:eb:e2:e0:35:8f:17:3a:c9:
                    a5:ac:39:cb:cd:72:f9:2f:06:8c:b9:d3:69:20:77:
                    19:77:f9:f2:c5:99:cc:14:a7:68:d2:03:e0:26:3e:
                    ef:24:3c:03:e9:cc:d2:b4:93:57:bd:bb:da:89:d0:
                    c1:f6:17:a5:26:8c:77:3c:4a:24:c1:06:6a:e2:a8:
                    5c:cc:53:95:7e:15:5c:4f:6d:02:03:b6:97:d3:69:
                    fe:7f:51:68:3b:64:61:dc:a0:b0:47:12:d9:c7:25:
                    05:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:4D:BD:EC:CD:3A:7F:24:0F:98:C0:23:70:00:17:FB:70:32:3B:8D
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/CE297M06fyQPmMAjcAAX-3AyO40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.85.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:75:b7:fa:6c:7e:ac:9d:61:15:dd:78:71:59:f9:75:8e:1d:
         73:ac:1b:e9:b6:3e:33:08:e6:87:56:e0:3c:42:67:eb:0e:8d:
         35:0b:24:13:9f:3a:d1:a8:e0:33:36:8c:70:9a:6f:11:f3:9d:
         c6:be:3d:c6:d8:15:eb:de:ac:77:c5:b6:eb:c4:62:f9:6c:cf:
         74:8d:34:7f:c5:9b:d5:30:11:10:07:b4:c2:a2:cb:42:06:aa:
         67:c4:9e:8f:4a:9a:ff:ef:32:42:6a:ea:1d:58:4f:c9:bc:9a:
         9f:20:57:48:e9:fe:6f:55:13:9b:26:c0:17:fc:77:cc:93:29:
         e2:7f:ab:6e:73:01:cd:22:2c:c5:43:7d:e1:48:2f:01:75:57:
         59:96:b8:f0:c1:ff:f8:6e:f2:81:56:bb:89:5f:19:6c:d1:f1:
         18:4b:e4:0b:98:f7:6b:e1:dc:f6:b1:42:cf:7d:d8:35:52:48:
         a4:d2:b8:aa:52:5e:8f:61:59:c5:76:1a:8c:a0:b3:66:f4:79:
         84:2c:e7:ee:7d:c3:f7:b0:2e:ab:11:18:00:7c:6a:11:f4:b8:
         2c:5d:08:35:22:52:27:91:e4:94:c3:08:dc:c5:73:2c:03:1d:
         3d:36:29:14:c7:10:55:45:66:7c:cd:6d:0f:a3:c9:5a:39:67:
         5e:8e:86:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWqat5X7ccJwml9BFdzNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODRkYmRlY2NkM2E3ZjI0MGY5OGMwMjM3MDAwMTdmYjcwMzIzYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3W4+oG2MC6DlHw/XmCwgX4Lq1Ij
OA0K7wBmEZc80siPfqpsd5RQ9vvdZQ08lWs3GbEh3EdhrCysdpdNXda21dE5QqhR
pc1MOT4jeq6PgRlXTxKwWFhXQa3rZ3eJ0luyJT/s7PwHz47wz7WNAziebaS5hz6F
Xk8WwAmX9talmn8rWQkCvu6UGzAbYdTECUe6n+eLymJG5DZqoVTI6+LgNY8XOsml
rDnLzXL5LwaMudNpIHcZd/nyxZnMFKdo0gPgJj7vJDwD6czStJNXvbvaidDB9hel
Jox3PEokwQZq4qhczFOVfhVcT20CA7aX02n+f1FoO2Rh3KCwRxLZxyUFjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhNvezNOn8kD5jAI3AAF/twMjuNMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvQ0UyOTdNMDZmeVFQbU1BamNBQVgtM0F5TzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVXOMA0G
CSqGSIb3DQEBCwUAA4IBAQANdbf6bH6snWEV3XhxWfl1jh1zrBvptj4zCOaHVuA8
QmfrDo01CyQTnzrRqOAzNoxwmm8R853Gvj3G2BXr3qx3xbbrxGL5bM90jTR/xZvV
MBEQB7TCostCBqpnxJ6PSpr/7zJCauodWE/JvJqfIFdI6f5vVRObJsAX/HfMkyni
f6tucwHNIizFQ33hSC8BdVdZlrjwwf/4bvKBVruJXxls0fEYS+QLmPdr4dz2sULP
fdg1Ukik0riqUl6PYVnFdhqMoLNm9HmELOfufcP3sC6rERgAfGoR9LgsXQg1IlIn
keSUwwjcxXMsAx09NikUxxBVRWZ8zW0Po8laOWdejoYZ
-----END CERTIFICATE-----