Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/N-DvlOafaDcyGhvy0HgilliLe9I.roa
File:                     N-DvlOafaDcyGhvy0HgilliLe9I.roa (raw, json)
Hash identifier:          ebQATVrFiQBi5ONuFHikUQSVYKtu8dgsd82aslz1DRg=
Subject key identifier:   37:E0:EF:94:E6:9F:68:37:32:1A:1B:F2:D0:78:22:96:58:8B:7B:D2
Certificate issuer:       /CN=6511ce5e2f53b7bb8cac8f39e294e89a45b20029
Certificate serial:       018CC79503E23B810F7A50534C71EA5E5AB8
Authority key identifier: 65:11:CE:5E:2F:53:B7:BB:8C:AC:8F:39:E2:94:E8:9A:45:B2:00:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZRHOXi9Tt7uMrI854pTomkWyACk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/N-DvlOafaDcyGhvy0HgilliLe9I.roa
Signing time:             Tue 02 Jan 2024 00:31:21 +0000
ROA not before:           Tue 02 Jan 2024 00:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30870
IP address blocks:        84.244.153.0/24 maxlen: 24
                          84.244.170.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/ZRHOXi9Tt7uMrI854pTomkWyACk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/ZRHOXi9Tt7uMrI854pTomkWyACk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZRHOXi9Tt7uMrI854pTomkWyACk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:03:e2:3b:81:0f:7a:50:53:4c:71:ea:5e:5a:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6511ce5e2f53b7bb8cac8f39e294e89a45b20029
        Validity
            Not Before: Jan  2 00:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37e0ef94e69f6837321a1bf2d0782296588b7bd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:88:df:78:c7:04:80:65:9a:b7:05:c4:7a:1a:
                    01:bb:42:b6:00:eb:1f:af:8a:1a:e7:ad:12:c7:9e:
                    79:17:71:1b:bb:09:fe:06:dd:9e:ba:ae:82:e8:44:
                    c9:75:a1:26:b0:eb:ec:a7:f8:2b:c6:b3:8f:38:d5:
                    18:db:ed:16:00:6b:05:1c:5e:5d:80:c7:ee:2b:d6:
                    f3:4d:94:b0:dd:1d:24:c7:4b:66:c3:51:e2:d1:51:
                    50:fb:aa:6a:68:f0:df:ca:55:9a:07:59:b4:08:47:
                    80:c4:34:46:cc:52:2f:66:dd:e5:73:0b:81:12:50:
                    2d:f1:1a:42:68:7e:88:36:6b:ea:41:8b:ac:36:41:
                    9b:d2:d1:f1:d2:9e:72:a2:cb:cb:3f:e9:58:24:e0:
                    96:a4:b1:fa:36:c3:72:28:78:17:ca:93:ee:be:09:
                    cf:bd:64:6b:c8:70:f7:8e:80:89:1b:b6:71:de:9a:
                    86:62:0e:dc:9c:e3:ff:b9:72:bf:79:f6:4f:52:d4:
                    b6:2d:89:e6:4e:aa:91:53:66:1a:7c:dd:e4:dd:34:
                    08:bd:7d:0d:96:a1:87:60:16:58:a5:23:2e:b3:f7:
                    05:d1:34:61:9b:9e:72:d7:f6:64:fd:3c:f2:7d:ed:
                    92:f2:e0:64:59:04:00:1e:6b:f8:a1:21:9a:4a:6f:
                    a2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E0:EF:94:E6:9F:68:37:32:1A:1B:F2:D0:78:22:96:58:8B:7B:D2
            X509v3 Authority Key Identifier:
                keyid:65:11:CE:5E:2F:53:B7:BB:8C:AC:8F:39:E2:94:E8:9A:45:B2:00:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZRHOXi9Tt7uMrI854pTomkWyACk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/N-DvlOafaDcyGhvy0HgilliLe9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/ZRHOXi9Tt7uMrI854pTomkWyACk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.244.153.0/24
                  84.244.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:b5:79:49:4f:9e:45:35:2a:2b:d5:fe:c1:a3:9c:04:2c:7c:
         d8:a2:ab:8c:24:2a:91:96:e1:88:38:1f:9f:9a:b9:26:da:c0:
         1c:ed:85:64:28:86:90:f4:13:8b:7e:8a:24:e2:b4:11:27:68:
         aa:cd:cb:4b:ee:a5:88:c6:08:5d:0d:17:f3:e4:6e:b4:67:ff:
         34:9b:2d:c8:47:67:9b:66:5d:96:c9:19:96:fe:bf:4b:15:98:
         d1:a7:43:97:82:36:f3:ba:7b:7d:ab:5a:a6:9d:8d:f0:87:b1:
         88:9b:92:04:12:bc:04:b5:e5:c4:0e:32:92:2e:b4:a9:66:a9:
         6f:d1:38:22:19:a3:72:58:33:f0:62:88:24:94:9b:08:5c:8d:
         af:e1:34:97:c8:a5:84:23:70:f1:49:b3:da:1e:11:0a:0d:59:
         f4:a6:6b:64:02:43:90:05:03:8a:16:77:c2:e4:10:3c:6e:52:
         52:0f:dd:45:d5:df:54:fd:c0:a8:56:11:83:96:a9:e9:8a:2d:
         2d:56:15:fd:ed:1a:8f:99:44:42:ee:c2:95:53:25:46:9e:f6:
         87:da:6d:10:9c:d2:8b:a9:d5:0b:1b:6c:40:33:fd:7e:be:f5:
         5d:75:78:c5:2c:04:63:be:fd:9d:a8:70:78:c6:42:4f:66:8f:
         87:88:fb:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlQPiO4EPelBTTHHqXlq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MTFjZTVlMmY1M2I3YmI4Y2FjOGYzOWUyOTRlODlhNDVi
MjAwMjkwHhcNMjQwMTAyMDAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2UwZWY5NGU2OWY2ODM3MzIxYTFiZjJkMDc4MjI5NjU4OGI3YmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIjfeMcEgGWatwXEehoBu0K2AOsf
r4oa560Sx555F3Ebuwn+Bt2euq6C6ETJdaEmsOvsp/grxrOPONUY2+0WAGsFHF5d
gMfuK9bzTZSw3R0kx0tmw1Hi0VFQ+6pqaPDfylWaB1m0CEeAxDRGzFIvZt3lcwuB
ElAt8RpCaH6INmvqQYusNkGb0tHx0p5yosvLP+lYJOCWpLH6NsNyKHgXypPuvgnP
vWRryHD3joCJG7Zx3pqGYg7cnOP/uXK/efZPUtS2LYnmTqqRU2YafN3k3TQIvX0N
lqGHYBZYpSMus/cF0TRhm55y1/Zk/Tzyfe2S8uBkWQQAHmv4oSGaSm+iBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDfg75Tmn2g3Mhob8tB4IpZYi3vSMB8GA1UdIwQY
MBaAFGURzl4vU7e7jKyPOeKU6JpFsgApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlJIT1hpOVR0N3VNckk4NTRwVG9ta1d5QUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS85MWIwOTMtYWNiNy00Y2I3LWJmOGYt
NWNiOTM0YTU1YjBkLzEvTi1EdmxPYWZhRGN5R2h2eTBIZ2lsbGlMZTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS85MWIwOTMtYWNiNy00Y2I3LWJmOGYtNWNiOTM0YTU1YjBk
LzEvWlJIT1hpOVR0N3VNckk4NTRwVG9ta1d5QUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPSZAwQB
VPSqMA0GCSqGSIb3DQEBCwUAA4IBAQBQtXlJT55FNSor1f7Bo5wELHzYoquMJCqR
luGIOB+fmrkm2sAc7YVkKIaQ9BOLfook4rQRJ2iqzctL7qWIxghdDRfz5G60Z/80
my3IR2ebZl2WyRmW/r9LFZjRp0OXgjbzunt9q1qmnY3wh7GIm5IEErwEteXEDjKS
LrSpZqlv0TgiGaNyWDPwYogklJsIXI2v4TSXyKWEI3DxSbPaHhEKDVn0pmtkAkOQ
BQOKFnfC5BA8blJSD91F1d9U/cCoVhGDlqnpii0tVhX97RqPmURC7sKVUyVGnvaH
2m0QnNKLqdULG2xAM/1+vvVddXjFLARjvv2dqHB4xkJPZo+HiPvs
-----END CERTIFICATE-----