Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/wb3BAI9EoR9uh2Q71bW3_Jranpg.roa
File:                     wb3BAI9EoR9uh2Q71bW3_Jranpg.roa (raw, json)
Hash identifier:          rkyU3ji59Kuh4b0r4C/NMbkC1/kl+/6ogKvAlUE4ia4=
Subject key identifier:   C1:BD:C1:00:8F:44:A1:1F:6E:87:64:3B:D5:B5:B7:FC:9A:DA:9E:98
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       0191DAE90114576C4BFEA82E59292D243A87
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/wb3BAI9EoR9uh2Q71bW3_Jranpg.roa
Signing time:             Tue 10 Sep 2024 07:49:48 +0000
ROA not before:           Tue 10 Sep 2024 07:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39841
IP address blocks:        84.17.75.0/24 maxlen: 24
                          84.17.83.0/24 maxlen: 24
                          84.17.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:da:e9:01:14:57:6c:4b:fe:a8:2e:59:29:2d:24:3a:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Sep 10 07:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1bdc1008f44a11f6e87643bd5b5b7fc9ada9e98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4c:f6:43:af:19:ff:d0:76:51:99:76:8c:d4:
                    61:d7:ec:d5:4a:1b:ec:b7:bc:5a:df:96:e4:c1:70:
                    06:90:4e:bc:8a:87:3d:e7:00:72:32:f2:02:6c:b0:
                    ae:ab:95:a0:c4:c3:8e:d9:d1:0a:ca:a8:a7:35:bb:
                    e4:e7:5f:84:31:5a:3f:ea:35:84:51:60:c7:f5:90:
                    ac:9e:d6:c9:57:40:6c:3d:19:7b:3a:74:cd:17:36:
                    3f:ac:e3:d1:93:a5:80:c2:08:7d:61:e9:b7:76:e4:
                    86:d5:e5:b2:d5:4c:55:37:bf:4a:fc:d4:38:19:9f:
                    41:18:85:c2:d9:f8:31:84:30:7a:8d:16:b1:44:8c:
                    ba:8e:df:cb:2b:a3:bd:a6:52:cc:09:97:d6:32:6b:
                    21:1a:55:c0:99:44:b3:cc:e3:a5:fb:72:78:4b:b2:
                    ba:cd:db:be:7c:8c:8e:51:fe:81:f5:e2:1d:dc:4e:
                    4e:c2:13:b7:15:3a:b3:d9:7c:80:f5:cb:83:a3:49:
                    0e:b5:e1:22:19:b6:cf:4e:a1:cb:63:38:d2:b1:ab:
                    de:38:6c:fe:97:a7:fa:2d:06:f4:ab:f2:f2:b3:e3:
                    a2:81:5c:58:96:47:f6:a1:02:1e:a6:67:65:e9:bf:
                    aa:72:fa:87:f1:27:e4:0b:d0:ce:6e:21:4f:49:1e:
                    bc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BD:C1:00:8F:44:A1:1F:6E:87:64:3B:D5:B5:B7:FC:9A:DA:9E:98
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/wb3BAI9EoR9uh2Q71bW3_Jranpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.75.0/24
                  84.17.83.0-84.17.84.255

    Signature Algorithm: sha256WithRSAEncryption
         41:c5:36:f8:8d:86:66:0a:fb:14:52:c1:1e:ae:fd:2e:7f:bb:
         7a:8b:64:37:45:af:91:64:88:b8:0e:64:ab:de:8e:45:61:69:
         e7:f6:cb:88:8d:48:54:03:dc:3d:81:94:24:c9:71:d1:8b:a4:
         29:24:b1:9e:44:06:1b:0d:b9:68:1d:93:08:bd:e0:0b:36:96:
         da:7a:29:0f:e7:44:e7:58:9f:be:b0:73:fb:50:e2:5d:53:4e:
         86:70:1e:f6:db:5c:8a:14:bd:88:81:b7:c9:e5:b2:fd:b6:f8:
         90:74:26:05:1a:0e:05:35:2a:2a:33:05:44:40:84:ec:6c:19:
         20:3c:64:05:a0:a5:57:35:b7:f6:94:2d:57:c2:b1:aa:62:17:
         95:46:9b:70:38:ec:7d:84:05:64:a4:25:d8:01:3b:36:fb:bb:
         c5:2a:42:1c:7e:1f:41:fd:ed:61:9d:9b:9c:72:e6:dc:8e:94:
         b6:9e:af:06:17:cd:b3:d1:0b:23:42:6c:d2:aa:2d:1c:16:e1:
         eb:da:47:87:1a:f2:51:12:26:2c:48:bb:29:83:cc:eb:ab:0f:
         59:e4:16:36:9d:58:2a:fe:fd:f6:c0:02:97:c8:59:00:37:15:
         21:51:26:f2:0a:5c:79:0e:ff:30:8f:1a:01:13:ff:62:9f:6e:
         6e:65:b8:15
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZHa6QEUV2xL/qguWSktJDqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwOTEwMDc0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWJkYzEwMDhmNDRhMTFmNmU4NzY0M2JkNWI1YjdmYzlhZGE5ZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0z2Q68Z/9B2UZl2jNRh1+zVShvs
t7xa35bkwXAGkE68ioc95wByMvICbLCuq5WgxMOO2dEKyqinNbvk51+EMVo/6jWE
UWDH9ZCsntbJV0BsPRl7OnTNFzY/rOPRk6WAwgh9Yem3duSG1eWy1UxVN79K/NQ4
GZ9BGIXC2fgxhDB6jRaxRIy6jt/LK6O9plLMCZfWMmshGlXAmUSzzOOl+3J4S7K6
zdu+fIyOUf6B9eId3E5OwhO3FTqz2XyA9cuDo0kOteEiGbbPTqHLYzjSsaveOGz+
l6f6LQb0q/Lys+OigVxYlkf2oQIepmdl6b+qcvqH8SfkC9DObiFPSR68ZwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMG9wQCPRKEfbodkO9W1t/ya2p6YMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvd2IzQkFJOUVvUjl1aDJRNzFiVzNfSnJhbnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAVBFLMAwD
BABUEVMDBABUEVQwDQYJKoZIhvcNAQELBQADggEBAEHFNviNhmYK+xRSwR6u/S5/
u3qLZDdFr5FkiLgOZKvejkVhaef2y4iNSFQD3D2BlCTJcdGLpCkksZ5EBhsNuWgd
kwi94As2ltp6KQ/nROdYn76wc/tQ4l1TToZwHvbbXIoUvYiBt8nlsv22+JB0JgUa
DgU1KiozBURAhOxsGSA8ZAWgpVc1t/aULVfCsapiF5VGm3A47H2EBWSkJdgBOzb7
u8UqQhx+H0H97WGdm5xy5tyOlLaerwYXzbPRCyNCbNKqLRwW4evaR4ca8lESJixI
uymDzOurD1nkFjadWCr+/fbAApfIWQA3FSFRJvIKXHkO/zCPGgET/2Kfbm5luBU=
-----END CERTIFICATE-----