Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/cHwCc7KOPcHE1C2oxJtA3vtRb0g.roa
File:                     cHwCc7KOPcHE1C2oxJtA3vtRb0g.roa (raw, json)
Hash identifier:          JpTP/qw/bLYch6cCmbjNMzUAfayXuQNQphvIscYBMpw=
Subject key identifier:   70:7C:02:73:B2:8E:3D:C1:C4:D4:2D:A8:C4:9B:40:DE:FB:51:6F:48
Certificate issuer:       /CN=c11909548695f18c04cb895e2aceeb1103e03e12
Certificate serial:       018CC42492422E6CC66CCD31887044833383
Authority key identifier: C1:19:09:54:86:95:F1:8C:04:CB:89:5E:2A:CE:EB:11:03:E0:3E:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/cHwCc7KOPcHE1C2oxJtA3vtRb0g.roa
Signing time:             Mon 01 Jan 2024 08:29:40 +0000
ROA not before:           Mon 01 Jan 2024 08:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207515
IP address blocks:        84.252.106.0/24 maxlen: 24
                          2a10:1100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 04:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:92:42:2e:6c:c6:6c:cd:31:88:70:44:83:33:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11909548695f18c04cb895e2aceeb1103e03e12
        Validity
            Not Before: Jan  1 08:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=707c0273b28e3dc1c4d42da8c49b40defb516f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:51:ad:b0:fd:50:c5:aa:3c:f8:3a:1a:98:0c:
                    07:06:e0:f2:14:ff:11:5a:dd:e4:71:15:c7:a4:9f:
                    14:36:56:3d:3b:b2:1e:20:f4:cd:f1:46:0f:b8:bf:
                    b6:7c:b6:73:84:2d:8a:cd:b1:57:8a:2b:40:74:85:
                    7a:bd:8d:ac:25:88:83:c3:3f:04:09:bb:ba:29:22:
                    65:d2:22:29:4b:56:ef:d2:b0:7e:ea:4a:a5:56:9d:
                    59:8f:ee:bf:fe:9b:67:16:98:79:24:69:96:3a:0c:
                    55:3e:7e:24:79:bd:73:d5:8d:08:dc:d6:d1:3b:8d:
                    31:0a:bb:5d:57:fb:77:63:e2:0d:d2:cf:5c:4d:2a:
                    f0:b1:60:2b:a2:90:ca:95:d3:6a:0b:34:c1:4f:06:
                    54:22:d5:a6:e6:6d:50:08:74:6d:ae:10:89:fa:c3:
                    b0:48:88:45:00:25:7b:23:00:35:dc:15:08:1c:bd:
                    ab:0a:5d:52:9e:dd:ae:22:c5:15:82:40:a4:5b:43:
                    d8:db:48:de:50:87:b3:be:6c:41:b8:47:e4:a6:2e:
                    0c:90:ad:07:a2:b6:f1:69:65:26:6f:86:6a:24:0b:
                    0e:3e:bf:d9:5d:74:27:b3:98:8f:e0:cb:28:15:30:
                    d5:bc:37:09:04:6e:fe:a2:70:83:4f:2f:35:2a:d8:
                    d7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7C:02:73:B2:8E:3D:C1:C4:D4:2D:A8:C4:9B:40:DE:FB:51:6F:48
            X509v3 Authority Key Identifier:
                keyid:C1:19:09:54:86:95:F1:8C:04:CB:89:5E:2A:CE:EB:11:03:E0:3E:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/cHwCc7KOPcHE1C2oxJtA3vtRb0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.106.0/24
                IPv6:
                  2a10:1100::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:3b:f8:7a:cc:d3:bb:f5:f3:eb:a7:be:72:fd:45:e3:d2:53:
         cf:2d:8f:10:91:d1:f4:25:57:d7:af:8f:a2:2d:f6:4f:6e:60:
         2b:8d:83:17:4e:6e:ca:9c:9f:5f:56:ad:0a:97:92:c0:e5:9d:
         00:0d:b1:ca:92:38:68:d1:2c:cb:67:f4:42:10:e1:32:57:04:
         c3:f8:81:d6:8f:1b:cf:af:85:2f:31:a5:1d:06:8f:6d:c9:76:
         9c:71:af:07:40:25:9c:b4:c7:fe:06:da:3f:7c:14:d4:81:f9:
         15:29:69:1b:e9:a7:f1:63:4e:53:eb:65:09:e8:11:9e:3d:61:
         fe:c0:22:75:4f:fe:1f:54:97:8f:af:48:cc:13:d0:2c:82:1d:
         e3:4e:1b:1c:6a:e9:1e:49:ae:f6:97:f7:bd:b1:24:44:01:e6:
         5e:bc:3d:11:1e:16:c9:d5:2c:a2:c7:d2:5f:27:b3:5d:bb:74:
         bf:e7:30:f3:0f:c0:8a:5a:4e:e2:bf:0e:ec:6d:6c:f7:ec:60:
         22:65:42:da:0d:8e:3e:00:01:ae:33:26:73:61:a3:77:3f:a0:
         06:54:6c:a5:56:9b:bd:97:58:a5:7d:30:c2:04:9d:65:dd:b2:
         f8:65:9a:1e:cb:a5:1d:a3:e4:69:3a:fc:df:b5:67:a2:12:70:
         13:64:c4:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJJJCLmzGbM0xiHBEgzODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTkwOTU0ODY5NWYxOGMwNGNiODk1ZTJhY2VlYjExMDNl
MDNlMTIwHhcNMjQwMTAxMDgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdjMDI3M2IyOGUzZGMxYzRkNDJkYThjNDliNDBkZWZiNTE2ZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lGtsP1Qxao8+DoamAwHBuDyFP8R
Wt3kcRXHpJ8UNlY9O7IeIPTN8UYPuL+2fLZzhC2KzbFXiitAdIV6vY2sJYiDwz8E
Cbu6KSJl0iIpS1bv0rB+6kqlVp1Zj+6//ptnFph5JGmWOgxVPn4keb1z1Y0I3NbR
O40xCrtdV/t3Y+IN0s9cTSrwsWAropDKldNqCzTBTwZUItWm5m1QCHRtrhCJ+sOw
SIhFACV7IwA13BUIHL2rCl1Snt2uIsUVgkCkW0PY20jeUIezvmxBuEfkpi4MkK0H
orbxaWUmb4ZqJAsOPr/ZXXQns5iP4MsoFTDVvDcJBG7+onCDTy81KtjXZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHB8AnOyjj3BxNQtqMSbQN77UW9IMB8GA1UdIwQY
MBaAFMEZCVSGlfGMBMuJXirO6xED4D4SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JrSlZJYVY4WXdFeTRsZUtzN3JFUVBnUGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8zYjMzZTctMzBiNC00MTQ5LTkwNDUt
YTA1NjRjOWQ2ZmRlLzEvY0h3Q2M3S09QY0hFMUMyb3hKdEEzdnRSYjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8zYjMzZTctMzBiNC00MTQ5LTkwNDUtYTA1NjRjOWQ2ZmRl
LzEvd1JrSlZJYVY4WXdFeTRsZUtzN3JFUVBnUGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAVPxqMA0E
AgACMAcDBQMqEBEAMA0GCSqGSIb3DQEBCwUAA4IBAQAdO/h6zNO79fPrp75y/UXj
0lPPLY8QkdH0JVfXr4+iLfZPbmArjYMXTm7KnJ9fVq0Kl5LA5Z0ADbHKkjho0SzL
Z/RCEOEyVwTD+IHWjxvPr4UvMaUdBo9tyXacca8HQCWctMf+Bto/fBTUgfkVKWkb
6afxY05T62UJ6BGePWH+wCJ1T/4fVJePr0jME9Asgh3jThscaukeSa72l/e9sSRE
AeZevD0RHhbJ1Syix9JfJ7Ndu3S/5zDzD8CKWk7ivw7sbWz37GAiZULaDY4+AAGu
MyZzYaN3P6AGVGylVpu9l1ilfTDCBJ1l3bL4ZZoey6Udo+RpOvzftWeiEnATZMTB
-----END CERTIFICATE-----