Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/46477a-8708-4b37-875b-670030dcac30/1/SRtmHCiqtWYvIuXBYr31JiAAogY.roa
File:                     SRtmHCiqtWYvIuXBYr31JiAAogY.roa (raw, json)
Hash identifier:          PTu+Lw8+lflfqbJpGzZnAUXfp79XwIx+2O6LHhimSSs=
Subject key identifier:   49:1B:66:1C:28:AA:B5:66:2F:22:E5:C1:62:BD:F5:26:20:00:A2:06
Certificate issuer:       /CN=dd2496feff991276bd1b85336b7697a9800f84c1
Certificate serial:       018CC26D0317263EC0D35144C80767E46DD6
Authority key identifier: DD:24:96:FE:FF:99:12:76:BD:1B:85:33:6B:76:97:A9:80:0F:84:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3SSW_v-ZEna9G4Uza3aXqYAPhME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/46477a-8708-4b37-875b-670030dcac30/1/SRtmHCiqtWYvIuXBYr31JiAAogY.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207839
IP address blocks:        84.234.104.0/23 maxlen: 23
                          84.234.104.0/22 maxlen: 22
                          84.234.106.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/46477a-8708-4b37-875b-670030dcac30/1/3SSW_v-ZEna9G4Uza3aXqYAPhME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/46477a-8708-4b37-875b-670030dcac30/1/3SSW_v-ZEna9G4Uza3aXqYAPhME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3SSW_v-ZEna9G4Uza3aXqYAPhME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:03:17:26:3e:c0:d3:51:44:c8:07:67:e4:6d:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd2496feff991276bd1b85336b7697a9800f84c1
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=491b661c28aab5662f22e5c162bdf5262000a206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:27:e4:3b:16:27:64:03:ab:69:1d:ed:bb:98:
                    8d:55:87:f9:28:31:6e:62:0e:ab:88:b1:de:48:17:
                    81:22:01:39:76:61:aa:dc:83:93:1e:6e:07:06:1d:
                    77:41:17:dd:e6:fc:d2:73:01:da:bf:aa:cb:26:2c:
                    92:87:a8:d8:ec:a3:26:5f:38:df:9c:13:fe:15:bf:
                    f3:90:0a:52:83:29:a6:2f:a7:63:cc:9b:ae:28:6b:
                    b0:3a:bc:27:c1:a5:30:eb:b1:b9:20:c8:83:96:75:
                    22:54:97:1f:83:7a:e6:24:a3:89:a7:9b:ef:bf:c2:
                    f1:b7:b8:84:64:b0:e7:89:86:0d:93:b0:87:30:bb:
                    38:27:8c:7f:3d:81:e5:1a:96:d0:52:5f:e1:dc:8a:
                    ae:c5:db:cc:99:c8:5b:05:bd:f1:81:6c:e5:4e:5d:
                    52:c8:6c:80:37:32:7e:00:c8:bc:ef:36:ea:e7:1e:
                    02:2c:ee:3a:0a:1a:95:5e:52:ef:6c:bb:31:ba:dd:
                    19:aa:80:ca:43:f0:6b:9c:d4:07:97:a4:55:46:5e:
                    67:94:01:1e:c7:0b:82:4d:dd:32:9d:71:5f:ae:2d:
                    ff:98:8c:c0:5d:cf:19:e7:1a:7a:ff:12:df:ce:67:
                    f4:b5:48:60:eb:25:76:ab:00:84:8c:95:16:0f:52:
                    58:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:1B:66:1C:28:AA:B5:66:2F:22:E5:C1:62:BD:F5:26:20:00:A2:06
            X509v3 Authority Key Identifier:
                keyid:DD:24:96:FE:FF:99:12:76:BD:1B:85:33:6B:76:97:A9:80:0F:84:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3SSW_v-ZEna9G4Uza3aXqYAPhME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/46477a-8708-4b37-875b-670030dcac30/1/SRtmHCiqtWYvIuXBYr31JiAAogY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/46477a-8708-4b37-875b-670030dcac30/1/3SSW_v-ZEna9G4Uza3aXqYAPhME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.234.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d5:68:a3:a3:51:6c:c2:69:1c:09:cc:56:d8:15:e8:2e:e7:1a:
         42:d8:39:e2:28:f9:52:0f:33:83:c9:c8:2c:d9:a6:cf:c5:bd:
         d6:bd:6d:ca:70:5b:62:54:d5:07:b6:a5:49:e5:a3:6b:68:51:
         a7:e0:97:49:a8:f9:71:d0:50:57:d8:47:56:0d:90:a7:75:2d:
         94:00:a5:0e:2e:85:cd:60:ea:44:2b:5c:6d:a8:d1:82:30:19:
         6c:f4:99:25:53:05:05:34:c5:d4:3f:c3:41:f7:c1:6b:58:45:
         84:3d:97:a0:63:ff:5f:28:63:cd:18:4c:d7:9e:44:54:49:8e:
         dc:1f:10:38:06:cf:2f:3c:37:ef:15:ec:0a:20:37:e4:3d:b9:
         f2:d0:9c:6b:b5:b4:94:b8:4d:df:a9:ce:41:ac:d0:9c:b1:5d:
         95:ce:a5:72:39:f3:0a:e3:2e:c0:35:9a:8f:b0:35:c0:23:4e:
         65:67:bb:66:94:aa:11:38:37:7b:94:17:2c:e5:45:8a:41:86:
         c9:de:65:a7:5a:72:20:6c:f3:a7:6d:4d:c6:72:18:cb:5d:71:
         bf:eb:2c:c5:af:d4:7c:96:df:b1:97:32:85:42:29:6b:00:d0:
         7d:5d:e4:0f:92:37:0a:c8:15:fc:f1:77:c9:1b:e2:e6:fd:f6:
         39:14:7c:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQMXJj7A01FEyAdn5G3WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMjQ5NmZlZmY5OTEyNzZiZDFiODUzMzZiNzY5N2E5ODAw
Zjg0YzEwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTFiNjYxYzI4YWFiNTY2MmYyMmU1YzE2MmJkZjUyNjIwMDBhMjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyfkOxYnZAOraR3tu5iNVYf5KDFu
Yg6riLHeSBeBIgE5dmGq3IOTHm4HBh13QRfd5vzScwHav6rLJiySh6jY7KMmXzjf
nBP+Fb/zkApSgymmL6djzJuuKGuwOrwnwaUw67G5IMiDlnUiVJcfg3rmJKOJp5vv
v8Lxt7iEZLDniYYNk7CHMLs4J4x/PYHlGpbQUl/h3IquxdvMmchbBb3xgWzlTl1S
yGyANzJ+AMi87zbq5x4CLO46ChqVXlLvbLsxut0ZqoDKQ/BrnNQHl6RVRl5nlAEe
xwuCTd0ynXFfri3/mIzAXc8Z5xp6/xLfzmf0tUhg6yV2qwCEjJUWD1JYkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkbZhwoqrVmLyLlwWK99SYgAKIGMB8GA1UdIwQY
MBaAFN0klv7/mRJ2vRuFM2t2l6mAD4TBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1NTV192LVpFbmE5RzRVemEzYVhxWUFQaE1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS80NjQ3N2EtODcwOC00YjM3LTg3NWIt
NjcwMDMwZGNhYzMwLzEvU1J0bUhDaXF0V1l2SXVYQllyMzFKaUFBb2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS80NjQ3N2EtODcwOC00YjM3LTg3NWItNjcwMDMwZGNhYzMw
LzEvM1NTV192LVpFbmE5RzRVemEzYVhxWUFQaE1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVOpoMA0G
CSqGSIb3DQEBCwUAA4IBAQDVaKOjUWzCaRwJzFbYFegu5xpC2DniKPlSDzODycgs
2abPxb3WvW3KcFtiVNUHtqVJ5aNraFGn4JdJqPlx0FBX2EdWDZCndS2UAKUOLoXN
YOpEK1xtqNGCMBls9JklUwUFNMXUP8NB98FrWEWEPZegY/9fKGPNGEzXnkRUSY7c
HxA4Bs8vPDfvFewKIDfkPbny0JxrtbSUuE3fqc5BrNCcsV2VzqVyOfMK4y7ANZqP
sDXAI05lZ7tmlKoRODd7lBcs5UWKQYbJ3mWnWnIgbPOnbU3GchjLXXG/6yzFr9R8
lt+xlzKFQilrANB9XeQPkjcKyBX88XfJG+Lm/fY5FHwf
-----END CERTIFICATE-----