Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/n1DHgrll8nPy57UKWi5meaa1Ka4.roa
File:                     n1DHgrll8nPy57UKWi5meaa1Ka4.roa (raw, json)
Hash identifier:          1rSmCEUrLDgmwwRHwWojHjirT5wpJ712d7ew87TkOhE=
Subject key identifier:   9F:50:C7:82:B9:65:F2:73:F2:E7:B5:0A:5A:2E:66:79:A6:B5:29:AE
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D4FD52B403DF7D17E59EC63D7F022
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/n1DHgrll8nPy57UKWi5meaa1Ka4.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24693
IP address blocks:        213.16.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4f:d5:2b:40:3d:f7:d1:7e:59:ec:63:d7:f0:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f50c782b965f273f2e7b50a5a2e6679a6b529ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a9:06:a1:3f:56:7e:46:8f:c3:8b:9c:0f:99:
                    6a:e4:59:ab:20:95:09:93:aa:3f:d4:73:f9:f5:59:
                    c6:38:a7:04:78:35:bb:57:31:df:59:53:4a:eb:8c:
                    55:79:f7:d3:8b:a8:68:d8:08:3d:51:5c:b9:0b:09:
                    af:d6:8a:6e:99:0f:d4:40:58:aa:e4:7a:a0:7e:77:
                    ea:69:47:cb:74:7d:e2:8e:56:71:5e:89:ab:a3:0d:
                    82:2b:4c:55:06:ee:16:71:77:f5:84:8e:6a:b9:4d:
                    e6:14:91:c4:49:79:21:45:92:3b:13:6f:6a:5f:dd:
                    d2:51:f6:d6:a0:52:71:84:69:f4:f7:e7:db:4b:e3:
                    96:55:24:c1:16:e8:cb:29:1d:59:82:b2:c1:c8:e3:
                    17:2c:56:18:9f:ea:a2:44:39:9f:ae:a7:08:47:1b:
                    62:52:63:f4:ea:92:4e:df:df:9a:d9:1f:12:5c:8e:
                    77:28:58:ea:5c:9e:f2:97:74:4a:f4:a4:23:3e:5e:
                    5e:69:85:c3:a2:39:4f:a2:aa:68:34:c6:3b:f6:0e:
                    2d:8f:75:1a:58:73:fe:cc:3a:50:61:fc:36:90:5f:
                    d1:55:f3:cb:8f:ec:c2:6e:47:ed:28:d6:b6:f3:b4:
                    06:c7:ab:50:36:2f:e5:1c:54:48:2a:18:80:1b:bb:
                    4e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:50:C7:82:B9:65:F2:73:F2:E7:B5:0A:5A:2E:66:79:A6:B5:29:AE
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/n1DHgrll8nPy57UKWi5meaa1Ka4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.16.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:8f:ef:3f:0d:8f:00:23:d4:86:46:78:ff:3e:f6:8a:ef:ea:
         a8:9e:0a:80:81:3d:f5:fc:85:e3:e3:b8:72:b8:a9:1f:d3:ad:
         ec:db:30:64:8a:94:2b:b2:55:c9:73:07:ff:2d:8a:5d:e1:d6:
         02:5e:d7:cd:6d:a5:dd:a2:c4:e8:b6:0b:a3:49:15:8e:56:67:
         f4:b0:a6:7c:99:ae:b8:a9:c9:50:04:95:28:00:36:fe:cd:e9:
         ea:5e:9b:de:88:2b:ad:bc:51:a5:40:f1:ae:3b:4d:57:f2:01:
         61:64:8f:51:81:53:6f:4f:06:29:16:16:f7:2d:0b:ce:67:c8:
         20:89:5a:03:ac:2f:8a:06:0b:63:17:ac:3c:a5:8e:3e:ea:a5:
         e3:de:5d:2d:a4:78:37:34:f5:4a:08:07:8a:5a:29:04:32:4a:
         d4:03:81:a8:3c:96:f2:73:7d:e3:02:ef:a6:ee:04:87:32:de:
         a5:cd:7b:85:0f:9b:0c:74:2c:14:72:b4:42:17:b7:13:6d:87:
         ad:fe:b1:95:f4:ac:80:23:38:2c:46:e5:f2:00:5e:c4:a7:ec:
         26:92:5b:06:40:b0:6e:0e:ba:90:a4:37:d7:3b:4b:81:9a:97:
         0c:2a:88:58:0a:f8:9e:fb:35:32:46:f7:57:5c:e0:2b:7e:d7:
         0a:dd:a1:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbU/VK0A999F+Wexj1/AiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjUwYzc4MmI5NjVmMjczZjJlN2I1MGE1YTJlNjY3OWE2YjUyOWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApakGoT9WfkaPw4ucD5lq5FmrIJUJ
k6o/1HP59VnGOKcEeDW7VzHfWVNK64xVeffTi6ho2Ag9UVy5Cwmv1opumQ/UQFiq
5HqgfnfqaUfLdH3ijlZxXomrow2CK0xVBu4WcXf1hI5quU3mFJHESXkhRZI7E29q
X93SUfbWoFJxhGn09+fbS+OWVSTBFujLKR1ZgrLByOMXLFYYn+qiRDmfrqcIRxti
UmP06pJO39+a2R8SXI53KFjqXJ7yl3RK9KQjPl5eaYXDojlPoqpoNMY79g4tj3Ua
WHP+zDpQYfw2kF/RVfPLj+zCbkftKNa287QGx6tQNi/lHFRIKhiAG7tOMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9Qx4K5ZfJz8ue1ClouZnmmtSmuMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvbjFESGdybGw4blB5NTdVS1dpNW1lYWExS2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RAkMA0G
CSqGSIb3DQEBCwUAA4IBAQA7j+8/DY8AI9SGRnj/PvaK7+qongqAgT31/IXj47hy
uKkf063s2zBkipQrslXJcwf/LYpd4dYCXtfNbaXdosTotgujSRWOVmf0sKZ8ma64
qclQBJUoADb+zenqXpveiCutvFGlQPGuO01X8gFhZI9RgVNvTwYpFhb3LQvOZ8gg
iVoDrC+KBgtjF6w8pY4+6qXj3l0tpHg3NPVKCAeKWikEMkrUA4GoPJbyc33jAu+m
7gSHMt6lzXuFD5sMdCwUcrRCF7cTbYet/rGV9KyAIzgsRuXyAF7Ep+wmklsGQLBu
DrqQpDfXO0uBmpcMKohYCvie+zUyRvdXXOArftcK3aEI
-----END CERTIFICATE-----