Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/TAiV4HRSbX6Td08KR8YBWiSR88k.roa
File:                     TAiV4HRSbX6Td08KR8YBWiSR88k.roa (raw, json)
Hash identifier:          UcIjV88/i/TPp8EcSf/UKuGEWlQfN9coItc/DpDHkxY=
Subject key identifier:   4C:08:95:E0:74:52:6D:7E:93:77:4F:0A:47:C6:01:5A:24:91:F3:C9
Certificate issuer:       /CN=85860273eb271922b9f7ec8f4a591016356d732b
Certificate serial:       018CC727670CA7026DA4EB6BA9CDC6E2724B
Authority key identifier: 85:86:02:73:EB:27:19:22:B9:F7:EC:8F:4A:59:10:16:35:6D:73:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hYYCc-snGSK59-yPSlkQFjVtcys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/TAiV4HRSbX6Td08KR8YBWiSR88k.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207989
IP address blocks:        84.38.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/hYYCc-snGSK59-yPSlkQFjVtcys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/hYYCc-snGSK59-yPSlkQFjVtcys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hYYCc-snGSK59-yPSlkQFjVtcys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 19:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:67:0c:a7:02:6d:a4:eb:6b:a9:cd:c6:e2:72:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85860273eb271922b9f7ec8f4a591016356d732b
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c0895e074526d7e93774f0a47c6015a2491f3c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5e:e5:17:4e:d4:f6:b2:c7:53:0f:df:32:57:
                    06:20:a9:37:6d:cc:16:97:f9:1d:66:1b:b9:b5:48:
                    12:22:02:bc:a7:ca:27:d9:1d:60:c8:d6:b4:00:24:
                    69:ef:f5:f0:f9:d6:ed:db:6a:2a:b8:2c:28:2c:88:
                    ac:a2:94:cd:c5:25:e4:78:5d:04:50:cb:49:91:96:
                    cc:c7:b4:49:25:2a:6b:65:8e:1b:1c:14:cd:89:90:
                    e8:7f:82:3a:6d:3d:3c:70:e2:73:28:2e:11:4c:81:
                    e7:2a:1b:63:dd:75:15:bb:d1:dd:a7:dd:94:55:37:
                    3d:19:64:0b:01:66:5d:49:a6:c9:c4:4d:30:98:b6:
                    58:f3:de:a9:63:3b:47:7b:bd:4e:fd:26:99:30:55:
                    ac:f6:38:9a:bc:ed:22:76:3a:10:4e:51:0c:37:59:
                    85:3e:1b:98:18:1b:f7:50:09:97:d3:a1:8c:74:7a:
                    57:c6:23:44:f8:c7:33:88:46:72:30:a2:69:f8:64:
                    f1:26:7d:4a:39:ce:bd:ef:b4:c7:b7:da:99:5b:d3:
                    ab:81:c3:29:3c:cc:7e:43:f4:f8:84:5e:8a:df:e4:
                    b1:21:9f:dc:d4:a4:1a:ff:fe:79:8b:7a:55:d1:ca:
                    51:88:ed:b2:80:37:77:24:65:0f:06:f6:58:ff:3a:
                    54:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:08:95:E0:74:52:6D:7E:93:77:4F:0A:47:C6:01:5A:24:91:F3:C9
            X509v3 Authority Key Identifier:
                keyid:85:86:02:73:EB:27:19:22:B9:F7:EC:8F:4A:59:10:16:35:6D:73:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hYYCc-snGSK59-yPSlkQFjVtcys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/TAiV4HRSbX6Td08KR8YBWiSR88k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/hYYCc-snGSK59-yPSlkQFjVtcys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:25:7f:3b:ab:2c:0b:fa:e2:ed:d6:2d:06:bb:ea:e4:fb:16:
         84:33:db:f8:3f:17:7f:95:30:5f:51:7c:ba:60:ca:97:67:35:
         d6:ce:25:dd:e0:3c:60:c8:aa:36:f2:60:a9:f6:3d:92:29:8d:
         fb:0b:98:64:70:20:84:eb:27:65:e1:64:6a:f3:0f:a9:7b:c8:
         0b:5d:50:5b:5e:dc:72:0c:96:f1:30:40:65:24:0d:c3:95:45:
         d6:42:f3:87:18:0d:79:e7:57:08:ba:57:f3:ee:64:13:9e:04:
         f1:a2:54:8a:7f:7b:7f:b3:d9:0a:95:26:0f:d4:db:2b:b6:c4:
         79:7d:da:ab:02:86:ba:ad:a6:38:98:cc:2b:b4:49:76:f9:28:
         b7:5e:b1:47:23:68:1a:9a:f2:41:a5:f8:46:25:23:3d:98:21:
         af:e9:5c:26:05:3a:2e:62:76:e7:a6:05:53:1a:91:d5:a5:9d:
         d3:46:a1:18:d0:59:44:fd:72:d5:ce:1e:a5:23:e1:a6:2c:a1:
         8e:96:ec:f6:d9:1d:47:a1:d9:fa:cc:67:94:d9:4c:6e:e9:f3:
         5d:2f:d0:5f:a6:1b:34:8e:4e:f2:b5:93:cd:42:9b:19:0b:eb:
         f3:6a:49:03:23:eb:60:0e:51:07:b2:84:48:52:b9:5b:91:8f:
         b2:05:e6:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2cMpwJtpOtrqc3G4nJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ODYwMjczZWIyNzE5MjJiOWY3ZWM4ZjRhNTkxMDE2MzU2
ZDczMmIwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzA4OTVlMDc0NTI2ZDdlOTM3NzRmMGE0N2M2MDE1YTI0OTFmM2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtl7lF07U9rLHUw/fMlcGIKk3bcwW
l/kdZhu5tUgSIgK8p8on2R1gyNa0ACRp7/Xw+dbt22oquCwoLIisopTNxSXkeF0E
UMtJkZbMx7RJJSprZY4bHBTNiZDof4I6bT08cOJzKC4RTIHnKhtj3XUVu9Hdp92U
VTc9GWQLAWZdSabJxE0wmLZY896pYztHe71O/SaZMFWs9jiavO0idjoQTlEMN1mF
PhuYGBv3UAmX06GMdHpXxiNE+McziEZyMKJp+GTxJn1KOc6977THt9qZW9OrgcMp
PMx+Q/T4hF6K3+SxIZ/c1KQa//55i3pV0cpRiO2ygDd3JGUPBvZY/zpUaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwIleB0Um1+k3dPCkfGAVokkfPJMB8GA1UdIwQY
MBaAFIWGAnPrJxkiuffsj0pZEBY1bXMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFlZQ2Mtc25HU0s1OS15UFNsa1FGalZ0Y3lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wMTU3YzktMzQ4OC00ZmI4LTliNGYt
OTkwOWVlMmYzM2IyLzEvVEFpVjRIUlNiWDZUZDA4S1I4WUJXaVNSODhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wMTU3YzktMzQ4OC00ZmI4LTliNGYtOTkwOWVlMmYzM2Iy
LzEvaFlZQ2Mtc25HU0s1OS15UFNsa1FGalZ0Y3lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCb7MA0G
CSqGSIb3DQEBCwUAA4IBAQBmJX87qywL+uLt1i0Gu+rk+xaEM9v4Pxd/lTBfUXy6
YMqXZzXWziXd4DxgyKo28mCp9j2SKY37C5hkcCCE6ydl4WRq8w+pe8gLXVBbXtxy
DJbxMEBlJA3DlUXWQvOHGA1551cIulfz7mQTngTxolSKf3t/s9kKlSYP1NsrtsR5
fdqrAoa6raY4mMwrtEl2+Si3XrFHI2gamvJBpfhGJSM9mCGv6VwmBTouYnbnpgVT
GpHVpZ3TRqEY0FlE/XLVzh6lI+GmLKGOluz22R1Hodn6zGeU2Uxu6fNdL9Bfphs0
jk7ytZPNQpsZC+vzakkDI+tgDlEHsoRIUrlbkY+yBeaq
-----END CERTIFICATE-----