Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/H4MBK_5mh8xF5ArgNIkpZT8ll-w.roa
File:                     H4MBK_5mh8xF5ArgNIkpZT8ll-w.roa (raw, json)
Hash identifier:          BTO17AO5+/C7ZMKpcmavNfZq4YvtmEhcMxpFLd38XRI=
Subject key identifier:   1F:83:01:2B:FE:66:87:CC:45:E4:0A:E0:34:89:29:65:3F:25:97:EC
Certificate issuer:       /CN=c11909548695f18c04cb895e2aceeb1103e03e12
Certificate serial:       018CC42491FB82939CBE0E72472A9F36169F
Authority key identifier: C1:19:09:54:86:95:F1:8C:04:CB:89:5E:2A:CE:EB:11:03:E0:3E:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/H4MBK_5mh8xF5ArgNIkpZT8ll-w.roa
Signing time:             Mon 01 Jan 2024 08:29:40 +0000
ROA not before:           Mon 01 Jan 2024 08:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        84.252.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:91:fb:82:93:9c:be:0e:72:47:2a:9f:36:16:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11909548695f18c04cb895e2aceeb1103e03e12
        Validity
            Not Before: Jan  1 08:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f83012bfe6687cc45e40ae0348929653f2597ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d9:6d:f3:99:11:00:48:93:b3:ac:cf:87:f6:
                    45:c1:31:2c:8c:69:a3:44:f0:87:76:fd:05:1b:74:
                    0e:53:1a:e1:7b:a8:62:f3:e9:a3:f9:bd:18:a8:7a:
                    c5:6a:77:f1:29:b6:77:78:76:4d:56:ac:c9:c3:24:
                    2d:4a:f2:c1:a1:28:c9:bc:8b:68:d4:17:69:1b:ca:
                    5c:30:9e:f9:96:97:a2:75:56:5c:c7:c7:2a:c1:e2:
                    c0:c0:05:6a:88:3f:c5:f7:42:dc:6e:74:43:be:b2:
                    89:68:dd:46:d7:ad:d5:2a:94:4b:44:6d:0a:f4:e2:
                    6a:a9:9c:9d:7a:b8:04:5e:2f:09:47:d0:bb:78:aa:
                    8c:76:01:26:6c:18:6c:0f:28:a0:28:6b:85:ef:33:
                    21:bc:95:0e:4d:66:b8:22:c0:f8:cc:8a:6c:67:b1:
                    61:f6:d0:a0:75:a4:56:4b:47:64:bc:6f:22:f3:5b:
                    65:d5:b0:7f:3e:68:3c:22:1c:fb:b9:dc:85:60:fd:
                    af:40:46:17:07:6b:ac:46:b7:d3:ad:75:97:cc:97:
                    e4:90:fd:83:7b:3f:48:1a:b5:74:a9:7a:d0:25:45:
                    6d:9d:66:4d:96:62:7d:a2:73:18:0a:c1:10:b2:9c:
                    39:fd:e8:79:1e:11:06:26:83:62:63:c0:c3:ec:90:
                    1b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:83:01:2B:FE:66:87:CC:45:E4:0A:E0:34:89:29:65:3F:25:97:EC
            X509v3 Authority Key Identifier:
                keyid:C1:19:09:54:86:95:F1:8C:04:CB:89:5E:2A:CE:EB:11:03:E0:3E:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/H4MBK_5mh8xF5ArgNIkpZT8ll-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:ac:84:5c:b9:cf:7f:38:ad:6a:fc:3a:57:a4:21:44:ca:94:
         8b:c8:bd:9a:a2:2f:e5:a3:ac:08:7e:8e:3a:de:70:3c:53:1d:
         f4:e1:6c:8c:4b:39:e9:70:ed:3e:2c:9c:17:69:c4:ce:9a:d2:
         c8:31:f2:66:a2:78:9e:7d:cb:67:76:5e:5b:79:d9:63:69:b8:
         a9:53:80:9c:c1:fe:f0:27:73:ef:4e:89:6c:91:61:5a:be:71:
         f2:e6:2c:d2:00:7c:b6:2a:cc:15:94:d4:66:5c:75:10:90:16:
         99:b3:8e:30:50:c3:20:d4:10:6c:0f:18:a8:c5:7f:99:34:0b:
         bd:c0:06:00:db:77:07:3a:ad:f6:b8:05:cf:64:10:72:eb:23:
         cd:d8:43:63:2f:d3:6f:16:4d:63:d1:a6:10:67:8a:62:89:1a:
         29:d8:a4:43:66:84:64:18:17:16:05:32:71:16:ec:4f:20:18:
         4b:b0:ff:67:d3:7b:46:60:23:26:28:01:fc:ac:a5:22:bc:76:
         94:c9:8b:e3:8e:df:1c:cf:7c:98:40:e9:53:93:53:c6:d9:cf:
         c6:6c:11:77:01:7f:be:e9:59:7d:2b:a4:87:7e:a0:47:a5:d1:
         81:2c:aa:4d:ce:f9:39:5a:c0:7e:0b:18:c3:e2:a6:5b:05:9b:
         f3:3d:ed:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJJH7gpOcvg5yRyqfNhafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTkwOTU0ODY5NWYxOGMwNGNiODk1ZTJhY2VlYjExMDNl
MDNlMTIwHhcNMjQwMTAxMDgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgzMDEyYmZlNjY4N2NjNDVlNDBhZTAzNDg5Mjk2NTNmMjU5N2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNlt85kRAEiTs6zPh/ZFwTEsjGmj
RPCHdv0FG3QOUxrhe6hi8+mj+b0YqHrFanfxKbZ3eHZNVqzJwyQtSvLBoSjJvIto
1BdpG8pcMJ75lpeidVZcx8cqweLAwAVqiD/F90LcbnRDvrKJaN1G163VKpRLRG0K
9OJqqZydergEXi8JR9C7eKqMdgEmbBhsDyigKGuF7zMhvJUOTWa4IsD4zIpsZ7Fh
9tCgdaRWS0dkvG8i81tl1bB/Pmg8Ihz7udyFYP2vQEYXB2usRrfTrXWXzJfkkP2D
ez9IGrV0qXrQJUVtnWZNlmJ9onMYCsEQspw5/eh5HhEGJoNiY8DD7JAbCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+DASv+ZofMReQK4DSJKWU/JZfsMB8GA1UdIwQY
MBaAFMEZCVSGlfGMBMuJXirO6xED4D4SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JrSlZJYVY4WXdFeTRsZUtzN3JFUVBnUGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8zYjMzZTctMzBiNC00MTQ5LTkwNDUt
YTA1NjRjOWQ2ZmRlLzEvSDRNQktfNW1oOHhGNUFyZ05Ja3BaVDhsbC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8zYjMzZTctMzBiNC00MTQ5LTkwNDUtYTA1NjRjOWQ2ZmRl
LzEvd1JrSlZJYVY4WXdFeTRsZUtzN3JFUVBnUGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPxqMA0G
CSqGSIb3DQEBCwUAA4IBAQATrIRcuc9/OK1q/DpXpCFEypSLyL2aoi/lo6wIfo46
3nA8Ux304WyMSznpcO0+LJwXacTOmtLIMfJmoniefctndl5bedljabipU4Ccwf7w
J3PvTolskWFavnHy5izSAHy2KswVlNRmXHUQkBaZs44wUMMg1BBsDxioxX+ZNAu9
wAYA23cHOq32uAXPZBBy6yPN2ENjL9NvFk1j0aYQZ4piiRop2KRDZoRkGBcWBTJx
FuxPIBhLsP9n03tGYCMmKAH8rKUivHaUyYvjjt8cz3yYQOlTk1PG2c/GbBF3AX++
6Vl9K6SHfqBHpdGBLKpNzvk5WsB+CxjD4qZbBZvzPe3l
-----END CERTIFICATE-----