Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/r4rwUUhXTCUkEZAOXuJN9fXk95E.roa
File:                     r4rwUUhXTCUkEZAOXuJN9fXk95E.roa (raw, json)
Hash identifier:          VB7AX+BGjUOHmh59VRcVDuWEl/9cXmzhqhUieJpe9i8=
Subject key identifier:   AF:8A:F0:51:48:57:4C:25:24:11:90:0E:5E:E2:4D:F5:F5:E4:F7:91
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF2C1945C548375156A7C0474DB8DE
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/r4rwUUhXTCUkEZAOXuJN9fXk95E.roa
Signing time:             Tue 02 Jan 2024 06:31:58 +0000
ROA not before:           Tue 02 Jan 2024 06:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44060
IP address blocks:        147.234.4.0/24 maxlen: 24
                          147.234.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2c:19:45:c5:48:37:51:56:a7:c0:47:4d:b8:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af8af05148574c252411900e5ee24df5f5e4f791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:16:c6:61:df:87:43:be:09:8f:93:39:9d:63:
                    95:49:56:fc:07:e9:ba:ec:36:79:38:96:55:db:1b:
                    5c:12:35:54:24:c6:58:42:12:d1:29:18:15:0c:c6:
                    63:a4:56:fb:ab:0b:42:4d:f0:62:9c:8d:0e:76:c8:
                    0a:ed:0b:c8:26:79:0b:7d:f1:b1:f0:d0:5b:1a:07:
                    7e:d6:b3:4b:cb:87:1c:e5:7a:64:6d:9d:b8:2c:63:
                    cb:ec:ce:fc:18:c2:0e:52:e3:aa:93:1a:c3:d7:f2:
                    e0:89:c6:63:70:49:03:bf:41:41:ae:09:45:ca:7f:
                    9e:39:0e:a9:cb:64:3e:3c:fd:33:34:e5:ca:ff:94:
                    c9:45:f2:a0:19:61:bd:58:69:78:db:0d:59:96:7e:
                    ef:1c:1a:4d:2d:78:88:a5:36:3f:2f:13:69:a7:e7:
                    9c:4f:81:49:e4:d4:d0:e2:42:73:bc:ba:83:f2:3c:
                    d2:f3:94:d0:b3:af:ef:4d:b2:6a:88:a0:e4:0a:08:
                    10:48:e3:96:8e:0f:22:54:66:dd:64:c3:81:51:55:
                    a8:f3:42:ec:da:11:aa:8c:4a:11:91:e4:b5:f0:ec:
                    d6:1d:16:cb:a0:5a:7f:54:af:81:84:36:af:c3:20:
                    64:99:da:9d:1a:2d:f0:57:9d:1f:90:6a:2a:9d:56:
                    cd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:8A:F0:51:48:57:4C:25:24:11:90:0E:5E:E2:4D:F5:F5:E4:F7:91
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/r4rwUUhXTCUkEZAOXuJN9fXk95E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:ee:44:21:fb:f9:ab:b6:fc:36:91:d6:9f:79:d4:ac:18:2e:
         93:ef:55:8c:70:de:f0:42:1e:e1:00:7e:be:ab:9a:d9:ae:9c:
         0f:54:b6:83:f7:9f:b3:e6:15:c0:a1:90:27:87:33:ab:b0:20:
         14:a5:83:a4:bf:e2:fa:22:da:22:c2:8c:20:23:01:07:76:bf:
         ad:eb:07:08:93:4d:04:8b:df:c0:3d:93:b7:2a:dd:71:c9:c6:
         66:12:22:c0:96:4a:93:9d:3f:13:fb:bf:cf:d3:4a:c5:e0:58:
         52:fe:01:cb:63:29:70:2d:c2:02:10:2a:df:ea:fa:49:a9:ff:
         d8:1f:43:51:4a:c4:5c:03:8f:24:a4:d9:48:d8:0c:72:a2:bd:
         f6:6c:89:78:51:e8:21:30:be:51:4f:78:d1:44:5e:13:49:7b:
         8d:15:e2:04:ce:4c:49:bb:ca:f1:ef:5c:4a:fe:a4:44:7e:f2:
         30:41:86:1f:7c:7f:9b:a3:fb:d6:af:69:c0:0b:a8:00:f0:f3:
         cb:24:ac:46:3f:55:82:dd:87:f6:36:40:19:53:80:31:0d:f8:
         bf:f5:71:02:d2:ed:15:42:34:3c:2c:26:46:30:1f:24:97:16:
         7d:e0:21:fe:e6:bb:4f:b4:8b:f8:a4:69:67:6c:1b:db:78:45:
         ea:17:f1:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ywZRcVIN1FWp8BHTbjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjhhZjA1MTQ4NTc0YzI1MjQxMTkwMGU1ZWUyNGRmNWY1ZTRmNzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBbGYd+HQ74Jj5M5nWOVSVb8B+m6
7DZ5OJZV2xtcEjVUJMZYQhLRKRgVDMZjpFb7qwtCTfBinI0OdsgK7QvIJnkLffGx
8NBbGgd+1rNLy4cc5XpkbZ24LGPL7M78GMIOUuOqkxrD1/LgicZjcEkDv0FBrglF
yn+eOQ6py2Q+PP0zNOXK/5TJRfKgGWG9WGl42w1Zln7vHBpNLXiIpTY/LxNpp+ec
T4FJ5NTQ4kJzvLqD8jzS85TQs6/vTbJqiKDkCggQSOOWjg8iVGbdZMOBUVWo80Ls
2hGqjEoRkeS18OzWHRbLoFp/VK+BhDavwyBkmdqdGi3wV50fkGoqnVbNGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+K8FFIV0wlJBGQDl7iTfX15PeRMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvcjRyd1VVaFhUQ1VrRVpBT1h1Sk45ZlhrOTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk+oEMA0G
CSqGSIb3DQEBCwUAA4IBAQA87kQh+/mrtvw2kdafedSsGC6T71WMcN7wQh7hAH6+
q5rZrpwPVLaD95+z5hXAoZAnhzOrsCAUpYOkv+L6ItoiwowgIwEHdr+t6wcIk00E
i9/APZO3Kt1xycZmEiLAlkqTnT8T+7/P00rF4FhS/gHLYylwLcICECrf6vpJqf/Y
H0NRSsRcA48kpNlI2Axyor32bIl4UeghML5RT3jRRF4TSXuNFeIEzkxJu8rx71xK
/qREfvIwQYYffH+bo/vWr2nAC6gA8PPLJKxGP1WC3Yf2NkAZU4AxDfi/9XEC0u0V
QjQ8LCZGMB8klxZ94CH+5rtPtIv4pGlnbBvbeEXqF/Ho
-----END CERTIFICATE-----