Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/PwiXLnc_UClswbp9hGe7A75EC3c.roa
File:                     PwiXLnc_UClswbp9hGe7A75EC3c.roa (raw, json)
Hash identifier:          Qex8yjjgchk3hB4Zl8lTRfnFoSOLg8GiEE8vevGZhtg=
Subject key identifier:   3F:08:97:2E:77:3F:50:29:6C:C1:BA:7D:84:67:BB:03:BE:44:0B:77
Certificate issuer:       /CN=a1f7882861c29ed599be4a937480c4d13e25bfc2
Certificate serial:       018CC72658E9F3CDA642EE897B0EA8BC13A2
Authority key identifier: A1:F7:88:28:61:C2:9E:D5:99:BE:4A:93:74:80:C4:D1:3E:25:BF:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/PwiXLnc_UClswbp9hGe7A75EC3c.roa
Signing time:             Mon 01 Jan 2024 22:30:28 +0000
ROA not before:           Mon 01 Jan 2024 22:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202617
IP address blocks:        84.247.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ofeIKGHCntWZvkqTdIDE0T4lv8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ofeIKGHCntWZvkqTdIDE0T4lv8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:58:e9:f3:cd:a6:42:ee:89:7b:0e:a8:bc:13:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1f7882861c29ed599be4a937480c4d13e25bfc2
        Validity
            Not Before: Jan  1 22:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f08972e773f50296cc1ba7d8467bb03be440b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:60:33:4a:5e:d7:90:81:67:20:b5:d3:92:66:
                    04:86:c4:4c:0a:27:5a:ae:42:8b:a3:1d:f3:f2:df:
                    33:a1:8a:b4:fa:76:91:f0:fa:33:8b:d8:75:dc:d7:
                    f4:19:e4:47:49:64:89:96:76:cc:b4:01:75:2f:48:
                    04:b8:ea:82:b0:25:ed:61:85:c5:5a:e5:4f:61:76:
                    f3:12:d1:4b:4e:84:50:64:2f:67:3b:6e:b5:52:62:
                    2a:5b:90:c8:27:61:73:6e:40:31:19:53:d0:eb:94:
                    d6:e6:33:57:cb:fd:27:d0:e2:d0:ee:f2:0b:8d:23:
                    cd:ce:96:5e:36:c6:fb:e7:44:49:0a:c7:42:75:ef:
                    d6:ba:06:77:8a:c9:89:bc:f2:75:07:82:da:ba:c2:
                    be:31:ba:62:c1:c4:8e:05:bd:62:6b:a7:db:85:ce:
                    06:0a:ad:ce:e7:37:5c:84:72:c0:ac:c5:c2:62:6c:
                    47:d1:df:40:35:01:55:b4:cc:41:8e:29:cd:6e:23:
                    eb:6d:ae:90:79:15:61:ac:b5:aa:62:ef:1c:33:e5:
                    37:30:63:47:49:90:0b:6a:c2:a7:36:3c:e2:d9:c2:
                    b6:b2:d8:17:b8:46:93:c4:fc:ba:86:50:98:52:d8:
                    42:a6:1a:1c:bd:8b:93:9d:60:cd:b9:47:9d:1d:f5:
                    6a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:08:97:2E:77:3F:50:29:6C:C1:BA:7D:84:67:BB:03:BE:44:0B:77
            X509v3 Authority Key Identifier:
                keyid:A1:F7:88:28:61:C2:9E:D5:99:BE:4A:93:74:80:C4:D1:3E:25:BF:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/PwiXLnc_UClswbp9hGe7A75EC3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ofeIKGHCntWZvkqTdIDE0T4lv8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:3a:c2:8f:48:b7:9f:a8:66:de:5e:81:bd:82:7f:8a:e1:2e:
         ef:b4:f4:9e:26:5e:0e:bb:37:ab:7e:b3:6b:f6:0c:75:a4:58:
         d5:f4:ae:ed:bc:e8:1e:85:cf:a1:10:53:70:03:4d:5a:c6:30:
         60:94:32:8c:b1:fb:52:0a:cc:5d:3c:81:bd:a9:e9:f8:ec:8c:
         de:d1:46:42:4b:29:a7:b3:03:12:fa:15:6c:c6:f9:df:b9:d3:
         2e:87:89:be:73:80:c1:46:a1:7b:5b:2a:ee:23:30:f8:42:63:
         38:71:58:2a:d3:f6:bb:7f:7f:3f:bf:bf:ac:55:8a:8d:3f:e7:
         14:85:2b:27:1d:75:8e:a3:c1:08:96:38:97:71:b2:8b:d9:cf:
         76:d5:9e:c1:4d:f9:43:55:b1:f7:a1:ce:2b:0c:39:12:e6:0e:
         d3:db:ef:48:ae:f9:03:04:02:0d:ff:fb:d1:0f:25:c6:24:5f:
         aa:24:8a:33:5a:9e:3a:d4:27:80:c8:97:96:04:95:35:41:26:
         1c:e2:43:89:c9:48:0b:a9:35:14:4e:67:f5:55:cf:55:70:12:
         f4:b2:cb:e9:cd:f3:25:23:8c:df:8a:18:aa:f5:90:b0:41:f9:
         fd:e9:87:c2:89:b4:7a:1a:f2:d8:5c:07:c9:75:6f:78:08:4f:
         f0:0e:c6:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJljp882mQu6Jew6ovBOiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZjc4ODI4NjFjMjllZDU5OWJlNGE5Mzc0ODBjNGQxM2Uy
NWJmYzIwHhcNMjQwMTAxMjIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjA4OTcyZTc3M2Y1MDI5NmNjMWJhN2Q4NDY3YmIwM2JlNDQwYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmAzSl7XkIFnILXTkmYEhsRMCida
rkKLox3z8t8zoYq0+naR8Pozi9h13Nf0GeRHSWSJlnbMtAF1L0gEuOqCsCXtYYXF
WuVPYXbzEtFLToRQZC9nO261UmIqW5DIJ2FzbkAxGVPQ65TW5jNXy/0n0OLQ7vIL
jSPNzpZeNsb750RJCsdCde/WugZ3ismJvPJ1B4LausK+MbpiwcSOBb1ia6fbhc4G
Cq3O5zdchHLArMXCYmxH0d9ANQFVtMxBjinNbiPrba6QeRVhrLWqYu8cM+U3MGNH
SZALasKnNjzi2cK2stgXuEaTxPy6hlCYUthCphocvYuTnWDNuUedHfVqNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8Ily53P1ApbMG6fYRnuwO+RAt3MB8GA1UdIwQY
MBaAFKH3iChhwp7Vmb5Kk3SAxNE+Jb/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2ZlSUtHSENudFdadmtxVGRJREUwVDRsdjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8wM2JhYjgtNmM0My00YTIwLWE5NjAt
YzM3YTU5ODJmNDY2LzEvUHdpWExuY19VQ2xzd2JwOWhHZTdBNzVFQzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8wM2JhYjgtNmM0My00YTIwLWE5NjAtYzM3YTU5ODJmNDY2
LzEvb2ZlSUtHSENudFdadmtxVGRJREUwVDRsdjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPcSMA0G
CSqGSIb3DQEBCwUAA4IBAQCPOsKPSLefqGbeXoG9gn+K4S7vtPSeJl4OuzerfrNr
9gx1pFjV9K7tvOgehc+hEFNwA01axjBglDKMsftSCsxdPIG9qen47Ize0UZCSymn
swMS+hVsxvnfudMuh4m+c4DBRqF7WyruIzD4QmM4cVgq0/a7f38/v7+sVYqNP+cU
hSsnHXWOo8EIljiXcbKL2c921Z7BTflDVbH3oc4rDDkS5g7T2+9IrvkDBAIN//vR
DyXGJF+qJIozWp461CeAyJeWBJU1QSYc4kOJyUgLqTUUTmf1Vc9VcBL0ssvpzfMl
I4zfihiq9ZCwQfn96YfCibR6GvLYXAfJdW94CE/wDsb+
-----END CERTIFICATE-----