Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/84_xRs3tcY_TKuf4Z9MFqWqMnRE.roa
File:                     84_xRs3tcY_TKuf4Z9MFqWqMnRE.roa (raw, json)
Hash identifier:          1+ofwM/2g/qfEEy0B++HQXax3JExhZTbc56xGRRVcVc=
Subject key identifier:   F3:8F:F1:46:CD:ED:71:8F:D3:2A:E7:F8:67:D3:05:A9:6A:8C:9D:11
Certificate issuer:       /CN=dc6917645d9d220435f91c7e46c8110cf89acbe4
Certificate serial:       018CC5DCEEB3BD71B27979B78BE4F2DF117C
Authority key identifier: DC:69:17:64:5D:9D:22:04:35:F9:1C:7E:46:C8:11:0C:F8:9A:CB:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/84_xRs3tcY_TKuf4Z9MFqWqMnRE.roa
Signing time:             Mon 01 Jan 2024 16:30:39 +0000
ROA not before:           Mon 01 Jan 2024 16:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204661
IP address blocks:        185.172.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:ee:b3:bd:71:b2:79:79:b7:8b:e4:f2:df:11:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc6917645d9d220435f91c7e46c8110cf89acbe4
        Validity
            Not Before: Jan  1 16:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f38ff146cded718fd32ae7f867d305a96a8c9d11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:50:9e:b0:af:5f:c9:cb:d1:73:c1:e1:06:fc:
                    5e:59:ec:4c:1e:29:b2:84:34:7b:c3:34:24:6c:71:
                    59:6f:fb:5b:c2:74:23:9b:fa:5c:ae:cb:f7:1d:e9:
                    79:93:9a:5f:76:9c:84:02:c7:ac:75:9d:08:82:c6:
                    1a:ed:c7:1f:49:f2:e5:54:a9:09:d4:ea:c7:8c:eb:
                    da:fe:74:65:80:69:8f:0c:bf:df:f4:f4:7a:3f:fc:
                    20:b8:51:7f:d7:d3:9d:1c:ab:85:eb:65:56:d7:59:
                    f7:10:2e:7e:dd:6d:52:f4:c5:8f:17:36:ba:84:0b:
                    80:a4:6d:91:e9:7a:9c:50:58:fc:45:c3:2b:7c:9f:
                    a3:37:63:5b:3c:28:72:ad:74:c0:ec:7f:0f:5e:7c:
                    3a:9f:34:91:f5:67:06:21:04:1f:b0:aa:78:ad:ab:
                    ed:8b:46:9d:da:23:5c:3c:89:45:e2:88:36:df:7a:
                    bb:cc:41:88:96:a4:34:1e:6e:22:9c:8f:3a:60:62:
                    1b:c4:1c:be:6b:0c:c7:0f:84:6b:98:36:3f:1a:4e:
                    92:9f:6d:1d:54:25:1f:2a:6b:de:9d:55:9c:17:2a:
                    d3:3e:dc:9d:0e:80:7c:b4:a5:16:d8:9f:34:81:51:
                    ad:e7:1b:78:1e:9a:e1:19:35:2c:ee:59:e0:16:97:
                    94:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8F:F1:46:CD:ED:71:8F:D3:2A:E7:F8:67:D3:05:A9:6A:8C:9D:11
            X509v3 Authority Key Identifier:
                keyid:DC:69:17:64:5D:9D:22:04:35:F9:1C:7E:46:C8:11:0C:F8:9A:CB:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/84_xRs3tcY_TKuf4Z9MFqWqMnRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:0f:d5:de:52:7b:1c:41:5e:ca:35:11:cc:57:6a:6d:32:0b:
         ab:de:01:4f:fb:69:04:26:a4:05:d8:e9:10:7d:93:2f:dc:72:
         e1:aa:0e:d8:b7:3f:05:b1:bf:4f:89:ef:ed:aa:f8:ca:a7:b9:
         d8:fa:6e:cf:a0:09:ae:77:b7:06:46:43:6c:bd:04:20:00:1e:
         c0:0a:0c:ff:e0:1a:c6:5e:55:5f:73:71:d6:a9:a8:51:fd:82:
         29:51:bf:28:8c:db:2f:61:5b:27:0a:67:8f:88:56:f6:5e:05:
         d8:1d:9a:ff:f9:e1:44:44:56:56:f7:bf:5d:42:3b:0c:62:b0:
         d0:3e:12:85:73:55:e5:98:51:36:4a:64:d3:fb:d7:3f:05:b8:
         e1:31:43:ee:6c:c4:1f:52:07:76:d0:26:61:a9:f6:06:42:78:
         42:c7:f5:03:a6:0e:e1:45:4f:b0:9b:64:03:d5:42:b4:b1:d7:
         00:6a:50:9f:26:19:87:78:87:b9:ed:ff:ef:12:bc:34:ea:7a:
         69:4b:f1:f7:8b:9f:32:86:c7:ec:61:c1:eb:db:ad:7d:00:b6:
         12:79:c7:c0:be:e9:a4:b2:09:93:80:26:1a:c5:ef:6a:f0:55:
         88:1f:2d:81:1c:4c:bb:41:4c:a8:30:00:f4:eb:f9:26:86:33:
         6e:20:20:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3O6zvXGyeXm3i+Ty3xF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNjkxNzY0NWQ5ZDIyMDQzNWY5MWM3ZTQ2YzgxMTBjZjg5
YWNiZTQwHhcNMjQwMTAxMTYzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzhmZjE0NmNkZWQ3MThmZDMyYWU3Zjg2N2QzMDVhOTZhOGM5ZDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VCesK9fycvRc8HhBvxeWexMHimy
hDR7wzQkbHFZb/tbwnQjm/pcrsv3Hel5k5pfdpyEAsesdZ0IgsYa7ccfSfLlVKkJ
1OrHjOva/nRlgGmPDL/f9PR6P/wguFF/19OdHKuF62VW11n3EC5+3W1S9MWPFza6
hAuApG2R6XqcUFj8RcMrfJ+jN2NbPChyrXTA7H8PXnw6nzSR9WcGIQQfsKp4ravt
i0ad2iNcPIlF4og233q7zEGIlqQ0Hm4inI86YGIbxBy+awzHD4RrmDY/Gk6Sn20d
VCUfKmvenVWcFyrTPtydDoB8tKUW2J80gVGt5xt4HprhGTUs7lngFpeUNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOP8UbN7XGP0yrn+GfTBalqjJ0RMB8GA1UdIwQY
MBaAFNxpF2RdnSIENfkcfkbIEQz4msvkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0drWFpGMmRJZ1ExLVJ4LVJzZ1JEUGlheS1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zNTQ0YTctZDU1Ni00NzAxLTk1N2Et
NDI4YmU5MDA4ZmJhLzEvODRfeFJzM3RjWV9US3VmNFo5TUZxV3FNblJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zNTQ0YTctZDU1Ni00NzAxLTk1N2EtNDI4YmU5MDA4ZmJh
LzEvM0drWFpGMmRJZ1ExLVJ4LVJzZ1JEUGlheS1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuazgMA0G
CSqGSIb3DQEBCwUAA4IBAQAiD9XeUnscQV7KNRHMV2ptMgur3gFP+2kEJqQF2OkQ
fZMv3HLhqg7Ytz8Fsb9Pie/tqvjKp7nY+m7PoAmud7cGRkNsvQQgAB7ACgz/4BrG
XlVfc3HWqahR/YIpUb8ojNsvYVsnCmePiFb2XgXYHZr/+eFERFZW979dQjsMYrDQ
PhKFc1XlmFE2SmTT+9c/BbjhMUPubMQfUgd20CZhqfYGQnhCx/UDpg7hRU+wm2QD
1UK0sdcAalCfJhmHeIe57f/vErw06nppS/H3i58yhsfsYcHr2619ALYSecfAvumk
sgmTgCYaxe9q8FWIHy2BHEy7QUyoMAD06/kmhjNuICDQ
-----END CERTIFICATE-----