Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/sRjYoziAYc0BikPSpm8h9jBGuAo.roa
File:                     sRjYoziAYc0BikPSpm8h9jBGuAo.roa (raw, json)
Hash identifier:          WzpXcMPsDEKDqcOh18X8WDKLcZwejFe1kyNYalb3BIY=
Subject key identifier:   B1:18:D8:A3:38:80:61:CD:01:8A:43:D2:A6:6F:21:F6:30:46:B8:0A
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       018CC801A894ADDDCFA16C3445EF1F075477
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/sRjYoziAYc0BikPSpm8h9jBGuAo.roa
Signing time:             Tue 02 Jan 2024 02:30:00 +0000
ROA not before:           Tue 02 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199145
IP address blocks:        84.47.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a8:94:ad:dd:cf:a1:6c:34:45:ef:1f:07:54:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b118d8a3388061cd018a43d2a66f21f63046b80a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:09:62:cc:c9:b8:62:be:6f:10:e3:60:89:af:
                    a1:ed:0d:49:a7:62:d5:b2:59:59:19:c7:08:72:f9:
                    69:c4:30:3b:d2:e6:4d:44:be:61:69:51:ee:a5:37:
                    a5:bc:71:42:6e:fd:e3:0f:ce:69:bf:e4:9b:a4:dd:
                    98:5d:3b:1c:bf:fa:db:e4:57:9f:6d:d7:ed:e1:0b:
                    f8:b9:9e:66:f6:72:b1:56:dd:99:1b:b1:e3:e2:3a:
                    3f:36:0a:f1:4d:98:4f:2e:e3:ba:42:9e:38:7f:60:
                    33:92:09:db:88:f9:a3:d8:08:00:74:e4:38:e4:ca:
                    80:20:3a:e5:87:ec:d8:e4:ba:36:d8:a9:6c:71:3f:
                    7f:27:c6:54:b2:dd:2f:29:ae:0e:c8:01:ba:cb:43:
                    b6:51:af:b9:01:96:c1:4a:34:78:54:c7:a5:74:4d:
                    2d:91:e4:f0:be:91:15:a6:6b:36:34:a7:09:99:25:
                    62:e2:e8:0c:53:06:00:ac:30:be:a0:b4:6c:6c:7d:
                    ff:39:80:f9:a9:3d:89:1b:ca:bd:07:4e:d6:f6:2f:
                    9b:5f:e9:b3:9e:7d:c2:77:f9:eb:c6:3e:5d:b9:3c:
                    ad:ac:53:cb:91:eb:36:d4:14:50:de:7e:a3:18:8e:
                    84:56:6e:87:b5:be:bc:e9:8f:1f:77:b3:90:a4:6e:
                    3a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:18:D8:A3:38:80:61:CD:01:8A:43:D2:A6:6F:21:F6:30:46:B8:0A
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/sRjYoziAYc0BikPSpm8h9jBGuAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:b8:59:23:f0:6d:b2:82:59:d5:e1:33:8b:4b:c3:42:05:49:
         97:ff:e6:79:85:c7:65:d0:c3:da:71:bd:8f:23:ec:ce:fa:0b:
         4b:f6:65:1d:18:fb:50:f0:a1:25:aa:65:06:76:66:8e:4b:5b:
         47:c1:a2:21:f2:a0:2c:14:f8:6a:d9:86:6e:c5:b9:a3:14:eb:
         7e:b7:e1:24:27:ad:c5:4f:56:11:b0:a8:76:72:33:95:a7:ab:
         40:22:02:83:b8:81:f2:f7:83:74:a3:3f:17:1b:ef:74:00:6d:
         83:84:46:df:2d:d7:29:07:3f:14:d7:3e:a0:f3:60:4d:c5:42:
         60:7f:87:ea:7f:28:a4:9e:8b:31:bc:44:0a:2f:26:e7:76:35:
         c2:a7:59:7f:13:f5:45:ae:8e:6c:d0:90:9d:e3:1e:7c:c7:ea:
         eb:6b:4e:ff:65:c4:98:77:ad:79:c4:2e:f0:03:81:ee:ac:7c:
         a0:db:85:6c:17:36:6d:c8:8e:33:48:14:41:f0:09:29:31:31:
         f4:6b:2b:0c:6a:52:db:84:af:2f:00:dd:c5:5d:ca:41:fa:58:
         23:bb:b2:74:db:45:2d:60:13:54:05:3e:a3:4b:ff:1a:8d:d2:
         e9:4d:bc:1f:41:de:41:86:81:27:ac:7c:f0:ee:a3:8c:43:d8:
         96:75:3b:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAaiUrd3PoWw0Re8fB1R3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTE4ZDhhMzM4ODA2MWNkMDE4YTQzZDJhNjZmMjFmNjMwNDZiODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwlizMm4Yr5vEONgia+h7Q1Jp2LV
sllZGccIcvlpxDA70uZNRL5haVHupTelvHFCbv3jD85pv+SbpN2YXTscv/rb5Fef
bdft4Qv4uZ5m9nKxVt2ZG7Hj4jo/NgrxTZhPLuO6Qp44f2AzkgnbiPmj2AgAdOQ4
5MqAIDrlh+zY5Lo22KlscT9/J8ZUst0vKa4OyAG6y0O2Ua+5AZbBSjR4VMeldE0t
keTwvpEVpms2NKcJmSVi4ugMUwYArDC+oLRsbH3/OYD5qT2JG8q9B07W9i+bX+mz
nn3Cd/nrxj5duTytrFPLkes21BRQ3n6jGI6EVm6Htb686Y8fd7OQpG46IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEY2KM4gGHNAYpD0qZvIfYwRrgKMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvc1JqWW96aUFZYzBCaWtQU3BtOGg5akJHdUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVC+tMA0G
CSqGSIb3DQEBCwUAA4IBAQCAuFkj8G2yglnV4TOLS8NCBUmX/+Z5hcdl0MPacb2P
I+zO+gtL9mUdGPtQ8KElqmUGdmaOS1tHwaIh8qAsFPhq2YZuxbmjFOt+t+EkJ63F
T1YRsKh2cjOVp6tAIgKDuIHy94N0oz8XG+90AG2DhEbfLdcpBz8U1z6g82BNxUJg
f4fqfyiknosxvEQKLybndjXCp1l/E/VFro5s0JCd4x58x+rra07/ZcSYd615xC7w
A4HurHyg24VsFzZtyI4zSBRB8AkpMTH0aysMalLbhK8vAN3FXcpB+lgju7J020Ut
YBNUBT6jS/8ajdLpTbwfQd5BhoEnrHzw7qOMQ9iWdTv7
-----END CERTIFICATE-----