Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/K4_A0q40LqMnY2sIgFDzNevowe0.roa
File:                     K4_A0q40LqMnY2sIgFDzNevowe0.roa (raw, json)
Hash identifier:          iG/EewkQSXq1FpT6dk4dYQevy8pEv6cDpcB14nVbEXg=
Subject key identifier:   2B:8F:C0:D2:AE:34:2E:A3:27:63:6B:08:80:50:F3:35:EB:E8:C1:ED
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF328124E9F2CC2E0D35E785044D02
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/K4_A0q40LqMnY2sIgFDzNevowe0.roa
Signing time:             Tue 02 Jan 2024 06:31:59 +0000
ROA not before:           Tue 02 Jan 2024 06:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206106
IP address blocks:        147.234.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:32:81:24:e9:f2:cc:2e:0d:35:e7:85:04:4d:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b8fc0d2ae342ea327636b088050f335ebe8c1ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4e:25:c0:2e:92:f3:cf:c4:51:77:c1:2e:c9:
                    91:5e:6a:40:70:21:85:41:74:5e:3f:8a:37:7c:44:
                    33:b5:93:38:bf:64:47:84:3a:fc:ca:15:ee:9c:1e:
                    0d:ee:7b:73:64:ea:10:88:d2:7b:fd:e5:7e:34:0e:
                    d7:7c:90:26:76:d0:b0:ab:91:4f:29:30:4b:47:c6:
                    92:96:69:69:60:5c:5c:af:59:3f:8a:c8:bf:63:b4:
                    8a:f5:98:4e:b4:59:ff:af:21:47:04:81:ac:ad:2d:
                    5b:ad:6a:23:bd:d6:3b:cf:a1:22:68:a6:28:f1:cb:
                    e1:76:d5:f7:a8:11:89:01:da:5e:4b:11:e4:36:db:
                    46:e7:83:e7:54:db:68:72:53:62:20:55:7c:79:f0:
                    3a:20:89:39:ef:ff:41:dc:41:15:14:db:a9:01:c2:
                    34:42:00:42:2a:06:03:93:16:23:9f:2c:00:20:67:
                    24:c3:7d:4e:a6:55:8c:fc:23:e7:59:11:7e:9c:3a:
                    ce:f1:37:0b:64:17:9a:7b:fa:e6:24:3f:46:31:b8:
                    45:d5:d0:bc:65:f8:13:f9:f3:79:8a:34:1c:6d:df:
                    72:b0:02:b2:c9:fd:98:89:93:ae:f5:c4:76:fc:d7:
                    86:db:b9:44:bf:04:86:b7:b5:6d:d0:c5:a8:13:5a:
                    4f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:8F:C0:D2:AE:34:2E:A3:27:63:6B:08:80:50:F3:35:EB:E8:C1:ED
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/K4_A0q40LqMnY2sIgFDzNevowe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:0d:42:09:ae:71:72:51:01:03:aa:8f:5d:7d:d8:99:95:bf:
         cc:e2:28:23:30:78:06:47:fc:b6:6c:1f:61:86:ad:fe:62:ab:
         e0:eb:a9:77:53:dd:99:05:52:d6:e9:13:21:6a:3e:2c:0a:77:
         3c:6b:a2:d9:23:51:84:30:c2:c0:f7:15:e2:14:f0:50:0a:c6:
         ba:70:08:32:ba:8c:ad:0b:ea:38:ba:63:c0:eb:f8:5f:74:9d:
         d5:35:2a:11:46:9e:0d:0c:f8:14:a1:b8:b9:61:e8:dc:45:21:
         7e:d7:7c:c8:2e:47:f8:bc:3d:1c:8e:22:51:a5:13:c3:51:65:
         9a:27:40:b5:8c:2d:c6:17:aa:6c:e5:ad:d8:c1:82:38:4d:f1:
         56:13:46:ef:05:05:60:10:87:e1:bf:bd:3b:c1:fe:32:19:6d:
         b8:53:8e:fa:ea:03:ff:ed:89:ed:4b:6f:51:bf:45:a6:24:f8:
         35:fc:52:7b:58:3c:19:06:93:d8:c9:65:64:9e:07:d3:14:c5:
         a7:45:35:ed:d5:a4:7c:d6:2c:b7:c8:5d:e7:0c:d9:e2:ef:c8:
         15:69:e1:eb:f2:28:ee:01:7d:5f:86:b2:74:1f:6a:7a:e9:f4:
         a7:7f:5b:e1:fa:5b:2e:a3:af:16:d2:85:d9:f9:48:f4:d1:21:
         79:d0:50:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zKBJOnyzC4NNeeFBE0CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjhmYzBkMmFlMzQyZWEzMjc2MzZiMDg4MDUwZjMzNWViZThjMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl04lwC6S88/EUXfBLsmRXmpAcCGF
QXReP4o3fEQztZM4v2RHhDr8yhXunB4N7ntzZOoQiNJ7/eV+NA7XfJAmdtCwq5FP
KTBLR8aSlmlpYFxcr1k/isi/Y7SK9ZhOtFn/ryFHBIGsrS1brWojvdY7z6EiaKYo
8cvhdtX3qBGJAdpeSxHkNttG54PnVNtoclNiIFV8efA6IIk57/9B3EEVFNupAcI0
QgBCKgYDkxYjnywAIGckw31OplWM/CPnWRF+nDrO8TcLZBeae/rmJD9GMbhF1dC8
ZfgT+fN5ijQcbd9ysAKyyf2YiZOu9cR2/NeG27lEvwSGt7Vt0MWoE1pP4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuPwNKuNC6jJ2NrCIBQ8zXr6MHtMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvSzRfQTBxNDBMcU1uWTJzSWdGRHpOZXZvd2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+o0MA0G
CSqGSIb3DQEBCwUAA4IBAQCZDUIJrnFyUQEDqo9dfdiZlb/M4igjMHgGR/y2bB9h
hq3+Yqvg66l3U92ZBVLW6RMhaj4sCnc8a6LZI1GEMMLA9xXiFPBQCsa6cAgyuoyt
C+o4umPA6/hfdJ3VNSoRRp4NDPgUobi5YejcRSF+13zILkf4vD0cjiJRpRPDUWWa
J0C1jC3GF6ps5a3YwYI4TfFWE0bvBQVgEIfhv707wf4yGW24U4766gP/7YntS29R
v0WmJPg1/FJ7WDwZBpPYyWVkngfTFMWnRTXt1aR81iy3yF3nDNni78gVaeHr8iju
AX1fhrJ0H2p66fSnf1vh+lsuo68W0oXZ+Uj00SF50FCC
-----END CERTIFICATE-----