Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/8M3Ue-WgkZaSjPXybs2qAwB2VCs.roa
File:                     8M3Ue-WgkZaSjPXybs2qAwB2VCs.roa (raw, json)
Hash identifier:          hl9nkIk9i9Pr4MTILKtNoQWV9kJAQ/s9efIVSuXpE7E=
Subject key identifier:   F0:CD:D4:7B:E5:A0:91:96:92:8C:F5:F2:6E:CD:AA:03:00:76:54:2B
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DB053DBCE30CBDBF59729ABEA3F30
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/8M3Ue-WgkZaSjPXybs2qAwB2VCs.roa
Signing time:             Tue 02 Jan 2024 08:32:41 +0000
ROA not before:           Tue 02 Jan 2024 08:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199380
IP address blocks:        84.232.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b0:53:db:ce:30:cb:db:f5:97:29:ab:ea:3f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0cdd47be5a09196928cf5f26ecdaa030076542b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1c:ec:af:2a:ad:08:e5:3a:50:72:88:5c:00:
                    1a:6c:b2:6f:75:8e:ef:ce:9f:7a:d6:19:a0:16:ed:
                    a0:2f:a1:7e:fb:be:17:31:ab:10:78:f6:30:7f:64:
                    9a:41:c3:ec:88:d5:7d:86:f6:5b:68:80:e6:f2:49:
                    50:53:73:9f:a7:f4:13:e9:33:45:f4:1f:44:23:92:
                    e5:f5:20:50:c5:41:2b:a9:37:91:60:1d:b3:cb:f4:
                    f0:8a:95:7c:1d:bd:60:30:56:dc:78:7a:00:78:f2:
                    00:7f:39:bf:55:e5:f6:d6:5e:81:1d:f3:7d:f5:7c:
                    d1:6a:3a:ad:d0:ed:70:84:15:d9:76:46:46:b1:0e:
                    ec:8f:36:ee:c9:62:06:0b:71:8e:62:0b:f3:63:76:
                    97:01:f5:59:3d:c3:af:1b:10:e8:43:06:4b:35:ca:
                    29:12:54:bf:b9:77:d4:28:72:7e:07:60:24:67:eb:
                    ff:c7:41:57:b7:b5:b6:54:77:34:a8:7e:03:30:dd:
                    ec:8d:e3:a8:dd:95:c2:f2:1d:7e:75:28:1a:5c:9a:
                    83:7b:eb:0d:52:d7:41:a4:ea:09:c9:36:c3:81:18:
                    67:d6:93:e7:ee:97:63:e6:de:d9:3b:21:77:f2:4f:
                    13:3f:1f:21:57:f4:84:67:ba:9b:d4:88:30:50:8d:
                    fa:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:CD:D4:7B:E5:A0:91:96:92:8C:F5:F2:6E:CD:AA:03:00:76:54:2B
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/8M3Ue-WgkZaSjPXybs2qAwB2VCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.232.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:62:85:55:6f:f3:a7:b3:85:fe:20:53:5a:04:17:c0:cb:66:
         a1:cf:d4:2a:a8:4c:5d:da:b3:db:b2:ea:78:a2:19:eb:1d:0b:
         59:d5:d8:b2:a5:7a:3c:35:d9:5a:1f:b3:5c:4a:37:05:f2:52:
         6c:2e:b9:58:94:fd:be:da:08:71:ed:5b:72:ba:69:94:b0:12:
         93:49:ac:fd:ac:b0:50:a4:d1:bb:8b:14:c8:f0:75:a5:68:63:
         b2:f5:53:ab:a9:75:30:37:a4:28:04:40:6a:b0:2b:b0:60:13:
         eb:1f:79:79:ad:5a:12:c1:0c:e7:2e:17:8e:3e:03:53:23:d6:
         86:d4:8c:9e:c9:86:80:7e:0f:22:58:34:91:c8:e5:38:17:12:
         32:26:76:fc:27:f0:6d:63:6f:dc:e9:67:f3:cf:b1:b1:62:b4:
         91:9d:a3:63:28:8b:d7:74:0c:c9:96:d7:bc:27:9c:5c:74:e3:
         b2:75:a6:db:0d:78:68:99:fd:94:30:43:07:4e:cb:29:5d:d9:
         0c:da:5d:8f:f4:a4:88:90:53:6b:7f:b7:d4:23:c1:bb:2b:71:
         51:1a:f9:b3:cb:eb:7c:bd:44:17:ab:3f:8b:75:93:0a:ce:9e:
         40:f3:e1:48:f5:db:8a:58:d8:d6:17:38:29:0d:82:34:2e:be:
         d4:7e:a5:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbBT284wy9v1lymr6j8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGNkZDQ3YmU1YTA5MTk2OTI4Y2Y1ZjI2ZWNkYWEwMzAwNzY1NDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRzsryqtCOU6UHKIXAAabLJvdY7v
zp961hmgFu2gL6F++74XMasQePYwf2SaQcPsiNV9hvZbaIDm8klQU3Ofp/QT6TNF
9B9EI5Ll9SBQxUErqTeRYB2zy/TwipV8Hb1gMFbceHoAePIAfzm/VeX21l6BHfN9
9XzRajqt0O1whBXZdkZGsQ7sjzbuyWIGC3GOYgvzY3aXAfVZPcOvGxDoQwZLNcop
ElS/uXfUKHJ+B2AkZ+v/x0FXt7W2VHc0qH4DMN3sjeOo3ZXC8h1+dSgaXJqDe+sN
UtdBpOoJyTbDgRhn1pPn7pdj5t7ZOyF38k8TPx8hV/SEZ7qb1IgwUI36wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDN1HvloJGWkoz18m7NqgMAdlQrMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvOE0zVWUtV2drWmFTalBYeWJzMnFBd0IyVkNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVOhiMA0G
CSqGSIb3DQEBCwUAA4IBAQB0YoVVb/Ons4X+IFNaBBfAy2ahz9QqqExd2rPbsup4
ohnrHQtZ1diypXo8NdlaH7NcSjcF8lJsLrlYlP2+2ghx7VtyummUsBKTSaz9rLBQ
pNG7ixTI8HWlaGOy9VOrqXUwN6QoBEBqsCuwYBPrH3l5rVoSwQznLheOPgNTI9aG
1IyeyYaAfg8iWDSRyOU4FxIyJnb8J/BtY2/c6Wfzz7GxYrSRnaNjKIvXdAzJlte8
J5xcdOOydabbDXhomf2UMEMHTsspXdkM2l2P9KSIkFNrf7fUI8G7K3FRGvmzy+t8
vUQXqz+LdZMKzp5A8+FI9duKWNjWFzgpDYI0Lr7UfqXO
-----END CERTIFICATE-----