Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/oQs_uO2V9LQ4PsKIw1cSXbqnSlw.roa
File:                     oQs_uO2V9LQ4PsKIw1cSXbqnSlw.roa (raw, json)
Hash identifier:          xckDkMIbKyqtjpN02KbGa3kSEGlc51kbebkPkYoG3bs=
Subject key identifier:   A1:0B:3F:B8:ED:95:F4:B4:38:3E:C2:88:C3:57:12:5D:BA:A7:4A:5C
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D614984CABE4D57E8ADFDA67F6F69
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/oQs_uO2V9LQ4PsKIw1cSXbqnSlw.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199048
IP address blocks:        62.176.98.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:61:49:84:ca:be:4d:57:e8:ad:fd:a6:7f:6f:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a10b3fb8ed95f4b4383ec288c357125dbaa74a5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a6:99:c0:60:0a:04:9e:8e:45:9a:3c:60:28:
                    b6:68:ed:83:1c:91:f9:da:00:b6:5e:96:cd:4c:f2:
                    8e:25:f1:3c:ca:95:ce:08:3b:4b:a1:74:69:b8:05:
                    aa:18:30:62:4e:e5:57:00:db:d6:2f:4f:d7:4d:fb:
                    02:4e:25:92:9e:87:be:e8:d8:d0:25:c3:b5:33:0e:
                    c1:18:30:d9:52:dc:9d:3b:ae:45:28:dc:a5:33:c0:
                    d1:26:4e:ab:38:ac:61:92:d5:ca:ac:c4:7b:f2:04:
                    65:34:e3:a2:24:3b:96:82:24:a7:c7:6b:83:da:bd:
                    de:eb:7a:9d:a7:24:fe:9e:3b:fb:90:b0:04:b8:60:
                    57:ee:75:06:81:2e:4e:15:06:1e:db:3c:37:39:fc:
                    13:bf:9c:b8:88:74:ff:45:dc:4a:f7:f5:a5:c9:4d:
                    1f:54:a9:82:27:16:94:13:9d:b9:d7:d0:03:47:2f:
                    cf:03:9d:d7:f7:eb:90:fd:b4:57:a5:ec:ce:76:ee:
                    66:a2:90:ec:5a:78:68:91:74:94:06:ca:37:1a:0a:
                    e0:ae:82:35:c3:86:d1:71:3d:39:d6:83:70:53:8e:
                    ba:c2:31:65:a1:ee:c8:9f:ac:cf:df:54:e4:9c:94:
                    24:30:3e:50:66:ce:e8:a8:09:38:5d:e4:e9:0e:3f:
                    0e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:0B:3F:B8:ED:95:F4:B4:38:3E:C2:88:C3:57:12:5D:BA:A7:4A:5C
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/oQs_uO2V9LQ4PsKIw1cSXbqnSlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:56:a2:c3:3d:4a:e4:ae:54:50:d5:b6:48:13:70:df:8c:96:
         2d:68:f3:16:63:5a:b8:fe:23:bf:50:72:8c:e5:0d:1b:65:aa:
         6d:30:21:52:33:d7:f6:52:63:6c:74:13:a4:43:57:96:2a:e0:
         a4:85:dc:31:98:91:29:3c:43:f3:86:14:c2:85:dd:25:11:bb:
         b9:60:d8:e1:6b:a8:1a:35:8d:72:8e:4b:1d:1e:68:1f:a1:f3:
         ea:14:1f:5d:c0:a6:d7:0f:92:4d:ce:ed:d1:29:3e:c9:47:3b:
         4f:ba:4e:81:90:a3:35:f3:2e:bd:5d:2e:c5:20:34:12:c7:63:
         f2:ec:52:e7:bb:78:98:f5:34:2d:95:a3:6f:2f:26:fb:ec:0e:
         8e:f0:d9:63:ad:a9:12:91:da:2a:b7:62:e3:2b:56:b3:d8:25:
         bc:0d:e9:b3:91:9d:47:d6:45:41:01:ad:5a:36:dd:25:81:a8:
         ae:27:f0:d4:bd:b3:76:1c:34:0f:ae:c9:61:2c:95:68:8f:15:
         88:cf:17:13:74:23:47:ea:c9:97:fd:0d:5b:0c:dc:87:4b:44:
         da:71:14:63:33:df:1d:3f:c7:fe:5d:d7:40:50:ab:fd:d9:03:
         6d:cf:d6:3e:d7:90:1e:2c:4e:f2:b0:a9:e5:fe:2b:13:86:67:
         dc:2e:56:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWFJhMq+TVforf2mf29pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTBiM2ZiOGVkOTVmNGI0MzgzZWMyODhjMzU3MTI1ZGJhYTc0YTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaaZwGAKBJ6ORZo8YCi2aO2DHJH5
2gC2XpbNTPKOJfE8ypXOCDtLoXRpuAWqGDBiTuVXANvWL0/XTfsCTiWSnoe+6NjQ
JcO1Mw7BGDDZUtydO65FKNylM8DRJk6rOKxhktXKrMR78gRlNOOiJDuWgiSnx2uD
2r3e63qdpyT+njv7kLAEuGBX7nUGgS5OFQYe2zw3OfwTv5y4iHT/RdxK9/WlyU0f
VKmCJxaUE52519ADRy/PA53X9+uQ/bRXpezOdu5mopDsWnhokXSUBso3GgrgroI1
w4bRcT051oNwU466wjFloe7In6zP31TknJQkMD5QZs7oqAk4XeTpDj8OKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKELP7jtlfS0OD7CiMNXEl26p0pcMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvb1FzX3VPMlY5TFE0UHNLSXcxY1NYYnFuU2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPrBiMA0G
CSqGSIb3DQEBCwUAA4IBAQAFVqLDPUrkrlRQ1bZIE3DfjJYtaPMWY1q4/iO/UHKM
5Q0bZaptMCFSM9f2UmNsdBOkQ1eWKuCkhdwxmJEpPEPzhhTChd0lEbu5YNjha6ga
NY1yjksdHmgfofPqFB9dwKbXD5JNzu3RKT7JRztPuk6BkKM18y69XS7FIDQSx2Py
7FLnu3iY9TQtlaNvLyb77A6O8NljrakSkdoqt2LjK1az2CW8DemzkZ1H1kVBAa1a
Nt0lgaiuJ/DUvbN2HDQPrslhLJVojxWIzxcTdCNH6smX/Q1bDNyHS0TacRRjM98d
P8f+XddAUKv92QNtz9Y+15AeLE7ysKnl/isThmfcLlb3
-----END CERTIFICATE-----