Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/l84RtFfBw2uZgLg97k1wOmrMS5s.roa
File:                     l84RtFfBw2uZgLg97k1wOmrMS5s.roa (raw, json)
Hash identifier:          rHOfSavM2e3PGnwvhMWu8C18e1diXP14AiaIv4yGuYs=
Subject key identifier:   97:CE:11:B4:57:C1:C3:6B:99:80:B8:3D:EE:4D:70:3A:6A:CC:4B:9B
Certificate issuer:       /CN=330fe971b3e36b16a92be85f59985be45968b864
Certificate serial:       018CC9BC112FF77AE7141F3FF8CFC4D958FE
Authority key identifier: 33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/l84RtFfBw2uZgLg97k1wOmrMS5s.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16243
IP address blocks:        94.103.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:11:2f:f7:7a:e7:14:1f:3f:f8:cf:c4:d9:58:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330fe971b3e36b16a92be85f59985be45968b864
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97ce11b457c1c36b9980b83dee4d703a6acc4b9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9d:e9:e2:35:d4:95:30:e2:14:1c:89:4b:0b:
                    75:96:9c:cd:31:48:22:86:97:9e:f7:33:ce:d2:da:
                    80:9f:68:0b:0d:91:0a:41:2a:3c:d1:6a:f6:06:e4:
                    1d:c8:b7:27:59:a0:1a:e4:db:82:bd:e9:9c:04:c7:
                    1b:de:6f:d2:8d:0d:0a:da:66:5c:13:34:f6:4c:e3:
                    de:60:63:d5:10:1c:9d:60:d7:6b:da:6d:b5:5d:bd:
                    45:9e:09:a4:25:4e:cd:bc:26:89:d4:f9:2e:92:e4:
                    e1:85:37:43:ad:41:9a:70:64:f4:7d:ea:da:78:c6:
                    be:b1:0a:d3:39:f5:d1:4d:ba:ff:91:81:e6:8a:11:
                    1c:71:d1:9c:2e:aa:3c:e3:81:8f:7a:96:8b:bd:32:
                    27:21:8d:0c:45:b2:81:92:b8:e3:6d:1a:02:88:6f:
                    0b:17:86:1f:d3:ae:2f:08:3b:1b:26:e1:b3:fc:de:
                    3a:39:2e:1c:7a:06:c7:5b:f9:74:f4:3e:ca:91:2e:
                    b5:8a:c8:95:05:68:ba:51:32:58:bc:40:2d:ba:89:
                    22:3f:87:77:5e:1e:54:2e:a3:a1:87:73:22:de:5e:
                    d2:20:4f:30:37:f2:99:2a:12:db:ee:26:50:11:0c:
                    63:9b:94:ef:0b:7b:d3:40:6f:db:86:10:2b:47:49:
                    45:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:CE:11:B4:57:C1:C3:6B:99:80:B8:3D:EE:4D:70:3A:6A:CC:4B:9B
            X509v3 Authority Key Identifier:
                keyid:33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/l84RtFfBw2uZgLg97k1wOmrMS5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:ca:97:82:14:6e:5f:98:d9:2b:2c:a2:0f:90:d3:71:73:b2:
         8b:cd:fa:cc:a2:a8:7c:ee:4b:47:dd:12:5d:36:aa:99:a5:54:
         1c:19:c6:89:ff:35:b3:cc:bd:f4:e9:a1:8f:a1:2c:4e:68:79:
         c3:0a:1a:06:1b:db:f3:e3:fe:57:64:ce:d9:84:ca:6d:d8:a1:
         97:5c:5c:19:1b:f8:cb:87:6f:20:8a:5e:da:a2:39:98:b3:d3:
         9c:77:70:80:87:38:f6:79:79:49:37:be:9c:62:1b:54:ed:37:
         83:6f:07:d5:83:de:ff:65:f0:59:79:52:c7:ef:80:a7:c3:e5:
         a9:ad:17:4c:b4:1b:db:19:4c:d4:48:62:89:64:8d:63:3d:1f:
         66:29:c7:6e:de:2f:64:86:51:f8:95:72:11:21:aa:e0:fb:9a:
         c0:8e:f4:d4:93:fd:b4:9c:5a:02:5b:98:30:eb:f0:75:e3:82:
         e5:0b:a3:ac:b4:2b:55:e8:87:df:6e:6f:91:40:e4:9e:13:62:
         c5:65:17:e3:b0:d5:06:98:70:e2:31:ca:f2:f2:ca:c7:18:c2:
         8c:04:a2:a3:19:ba:02:60:26:b2:5a:4d:a7:f8:ff:7a:4d:b7:
         41:98:23:01:19:4f:0c:f8:92:47:2c:45:01:50:86:c8:a2:ce:
         24:11:3c:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvBEv93rnFB8/+M/E2Vj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGZlOTcxYjNlMzZiMTZhOTJiZTg1ZjU5OTg1YmU0NTk2
OGI4NjQwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2NlMTFiNDU3YzFjMzZiOTk4MGI4M2RlZTRkNzAzYTZhY2M0YjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs53p4jXUlTDiFByJSwt1lpzNMUgi
hpee9zPO0tqAn2gLDZEKQSo80Wr2BuQdyLcnWaAa5NuCvemcBMcb3m/SjQ0K2mZc
EzT2TOPeYGPVEBydYNdr2m21Xb1FngmkJU7NvCaJ1PkukuThhTdDrUGacGT0fera
eMa+sQrTOfXRTbr/kYHmihEccdGcLqo844GPepaLvTInIY0MRbKBkrjjbRoCiG8L
F4Yf064vCDsbJuGz/N46OS4cegbHW/l09D7KkS61isiVBWi6UTJYvEAtuokiP4d3
Xh5ULqOhh3Mi3l7SIE8wN/KZKhLb7iZQEQxjm5TvC3vTQG/bhhArR0lFpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfOEbRXwcNrmYC4Pe5NcDpqzEubMB8GA1UdIwQY
MBaAFDMP6XGz42sWqSvoX1mYW+RZaLhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWIt
MTFlOWU5ZjAxMzQzLzEvbDg0UnRGZkJ3MnVaZ0xnOTdrMXdPbXJNUzVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWItMTFlOWU5ZjAxMzQz
LzEvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmcRMA0G
CSqGSIb3DQEBCwUAA4IBAQBeypeCFG5fmNkrLKIPkNNxc7KLzfrMoqh87ktH3RJd
NqqZpVQcGcaJ/zWzzL306aGPoSxOaHnDChoGG9vz4/5XZM7ZhMpt2KGXXFwZG/jL
h28gil7aojmYs9Ocd3CAhzj2eXlJN76cYhtU7TeDbwfVg97/ZfBZeVLH74Cnw+Wp
rRdMtBvbGUzUSGKJZI1jPR9mKcdu3i9khlH4lXIRIarg+5rAjvTUk/20nFoCW5gw
6/B144LlC6OstCtV6Iffbm+RQOSeE2LFZRfjsNUGmHDiMcry8srHGMKMBKKjGboC
YCayWk2n+P96TbdBmCMBGU8M+JJHLEUBUIbIos4kETzW
-----END CERTIFICATE-----