Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ChZqHbmznk1s87_Ikm6rRyPkMu0.roa
File:                     ChZqHbmznk1s87_Ikm6rRyPkMu0.roa (raw, json)
Hash identifier:          BWlKsDpIL6mhrqArpNWAOu3GY0GkqspNV35fT8UifNg=
Subject key identifier:   0A:16:6A:1D:B9:B3:9E:4D:6C:F3:BF:C8:92:6E:AB:47:23:E4:32:ED
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D4EFE37AB0A102DCD375F91B994BF
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ChZqHbmznk1s87_Ikm6rRyPkMu0.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12982
IP address blocks:        212.72.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4e:fe:37:ab:0a:10:2d:cd:37:5f:91:b9:94:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a166a1db9b39e4d6cf3bfc8926eab4723e432ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4e:14:44:dc:8a:5e:13:32:29:cd:07:a3:90:
                    d9:7e:4e:93:db:f3:f2:1c:4f:74:f7:03:6f:10:2c:
                    48:11:e3:12:ea:fd:46:e9:f6:98:1e:92:15:8a:78:
                    10:e1:15:9c:cb:76:4a:94:a6:a2:7f:01:45:c1:fd:
                    1e:b3:4c:f8:b0:bc:9e:dd:20:22:a2:50:fb:c3:5d:
                    4b:c5:29:ba:38:9d:de:3e:cf:6d:f7:8c:ab:9a:51:
                    6d:df:33:f1:0f:c3:8a:af:91:6d:92:0c:9a:65:cc:
                    c7:26:9f:be:e2:c7:6c:25:16:05:31:2c:09:a9:ff:
                    7d:67:5e:fa:18:80:99:d9:4e:1f:83:90:ae:8b:83:
                    d9:b8:1a:bb:cb:18:9c:7f:b0:37:e7:8e:a6:bd:3b:
                    1b:9d:59:32:8e:70:f4:56:ba:da:54:da:6b:7d:78:
                    74:8e:87:61:cf:50:38:11:65:f4:90:a6:e9:02:7e:
                    66:ee:ce:e8:94:fb:dc:67:13:f6:e9:aa:a9:17:4a:
                    de:5c:4b:b8:68:f0:09:13:8a:12:f7:6b:32:6d:30:
                    99:84:54:14:62:67:f2:45:99:b8:be:31:60:b4:6c:
                    87:72:29:ac:1f:14:ed:f8:7e:ec:72:64:ce:b0:c7:
                    13:75:a4:82:20:c4:ba:1c:18:99:be:0b:db:80:5c:
                    d3:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:16:6A:1D:B9:B3:9E:4D:6C:F3:BF:C8:92:6E:AB:47:23:E4:32:ED
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ChZqHbmznk1s87_Ikm6rRyPkMu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:56:9a:66:e7:51:82:da:11:6f:e8:70:40:82:7b:b7:8c:6b:
         23:25:8d:bf:0a:e5:2c:b6:d7:b3:bc:3f:b5:8a:98:9a:0a:b0:
         1c:a8:07:8f:e9:d0:88:50:a1:25:02:b9:cd:69:04:dc:51:58:
         bb:b3:20:a7:6c:2a:20:06:20:ac:78:c4:4e:bb:d7:60:6b:ea:
         51:a5:c7:e9:58:cd:2e:57:14:f7:56:69:f3:9a:d3:fc:e5:be:
         3c:8c:81:e0:10:a8:34:16:a9:7c:ef:6a:53:18:5e:86:52:f1:
         f6:07:a3:38:d6:91:c4:c7:c3:36:f8:5c:7d:49:4d:ae:91:70:
         7e:cf:2f:37:bc:e3:f0:eb:36:23:76:5d:33:59:f6:60:9e:c3:
         8b:ba:81:07:ea:ae:5a:d6:38:d9:b8:6c:bf:9b:22:c5:ea:68:
         31:99:3d:06:99:be:0c:eb:5e:7c:c5:6e:ea:1e:9a:a0:30:09:
         99:1c:50:f2:fa:2d:76:ea:6d:a8:72:b4:08:48:84:4d:70:5e:
         24:d0:49:43:46:8b:f1:5d:ce:d8:27:cf:06:81:18:5b:e0:19:
         07:86:bc:49:74:ce:90:80:37:53:4e:f9:3e:dc:7b:37:32:4f:
         50:a4:5c:2d:4b:61:3a:95:6e:0a:70:8e:1a:23:a6:03:11:f3:
         86:bd:e6:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbU7+N6sKEC3NN1+RuZS/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTE2NmExZGI5YjM5ZTRkNmNmM2JmYzg5MjZlYWI0NzIzZTQzMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkk4URNyKXhMyKc0Ho5DZfk6T2/Py
HE909wNvECxIEeMS6v1G6faYHpIVingQ4RWcy3ZKlKaifwFFwf0es0z4sLye3SAi
olD7w11LxSm6OJ3ePs9t94yrmlFt3zPxD8OKr5FtkgyaZczHJp++4sdsJRYFMSwJ
qf99Z176GICZ2U4fg5Cui4PZuBq7yxicf7A3546mvTsbnVkyjnD0VrraVNprfXh0
jodhz1A4EWX0kKbpAn5m7s7olPvcZxP26aqpF0reXEu4aPAJE4oS92sybTCZhFQU
YmfyRZm4vjFgtGyHcimsHxTt+H7scmTOsMcTdaSCIMS6HBiZvgvbgFzToQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoWah25s55NbPO/yJJuq0cj5DLtMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvQ2hacUhibXpuazFzODdfSWttNnJSeVBrTXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EjDMA0G
CSqGSIb3DQEBCwUAA4IBAQBQVppm51GC2hFv6HBAgnu3jGsjJY2/CuUsttezvD+1
ipiaCrAcqAeP6dCIUKElArnNaQTcUVi7syCnbCogBiCseMROu9dga+pRpcfpWM0u
VxT3VmnzmtP85b48jIHgEKg0Fql872pTGF6GUvH2B6M41pHEx8M2+Fx9SU2ukXB+
zy83vOPw6zYjdl0zWfZgnsOLuoEH6q5a1jjZuGy/myLF6mgxmT0Gmb4M6158xW7q
HpqgMAmZHFDy+i126m2ocrQISIRNcF4k0ElDRovxXc7YJ88GgRhb4BkHhrxJdM6Q
gDdTTvk+3Hs3Mk9QpFwtS2E6lW4KcI4aI6YDEfOGveZP
-----END CERTIFICATE-----