Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/98c304-6532-4ac6-a162-c0a25b10902a/1/beUn0cJL2bJB9VVKqeILlolpwVo.roa
File:                     beUn0cJL2bJB9VVKqeILlolpwVo.roa (raw, json)
Hash identifier:          iPtSQYvrqXCbXxDqUonvidYtxR6DmFZ4AhL2P+MU2EA=
Subject key identifier:   6D:E5:27:D1:C2:4B:D9:B2:41:F5:55:4A:A9:E2:0B:96:89:69:C1:5A
Certificate issuer:       /CN=7273cdacc1e28f0213dfb28f3dfd8b9cbdd3c62e
Certificate serial:       018DF3C8DC001C96FD5767F4144AFE55A9A6
Authority key identifier: 72:73:CD:AC:C1:E2:8F:02:13:DF:B2:8F:3D:FD:8B:9C:BD:D3:C6:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cnPNrMHijwIT37KPPf2LnL3Txi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/98c304-6532-4ac6-a162-c0a25b10902a/1/beUn0cJL2bJB9VVKqeILlolpwVo.roa
Signing time:             Thu 29 Feb 2024 07:34:03 +0000
ROA not before:           Thu 29 Feb 2024 07:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208141
IP address blocks:        84.234.118.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/98c304-6532-4ac6-a162-c0a25b10902a/1/cnPNrMHijwIT37KPPf2LnL3Txi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/98c304-6532-4ac6-a162-c0a25b10902a/1/cnPNrMHijwIT37KPPf2LnL3Txi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cnPNrMHijwIT37KPPf2LnL3Txi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:c8:dc:00:1c:96:fd:57:67:f4:14:4a:fe:55:a9:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7273cdacc1e28f0213dfb28f3dfd8b9cbdd3c62e
        Validity
            Not Before: Feb 29 07:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6de527d1c24bd9b241f5554aa9e20b968969c15a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cd:12:52:6d:24:cd:59:30:bd:bf:0f:eb:c1:
                    b5:38:08:55:3a:dc:e5:57:29:0c:c6:95:92:79:ac:
                    b1:0c:e9:c7:14:4b:ed:62:56:18:13:28:9b:20:6c:
                    68:14:e1:57:75:e9:7d:d4:1b:fd:3e:3c:68:14:5d:
                    a8:ec:f7:5d:0c:b7:b1:eb:1d:be:61:fc:24:8d:0e:
                    f4:ee:86:0d:7c:70:6f:f8:97:58:0e:95:3a:5f:f8:
                    c3:2a:5c:67:37:99:14:f3:29:15:63:95:dc:2b:38:
                    3d:33:81:fb:c3:79:80:d3:57:11:29:5b:fe:aa:f4:
                    c0:93:4c:30:b5:f3:07:05:7a:aa:72:31:f9:ba:52:
                    9c:06:2d:e9:4f:31:9e:63:c0:a2:0a:0e:ee:8c:0f:
                    8b:c4:39:6e:35:f9:4c:3b:98:c4:95:ec:89:54:79:
                    37:67:ec:50:e2:91:25:b4:80:8f:96:65:9e:d1:b0:
                    07:52:55:4a:43:8a:b0:af:6a:bb:7b:42:25:53:6c:
                    4e:88:57:0a:62:0d:2b:dc:8e:55:64:8f:a4:45:7e:
                    d3:99:65:39:fa:01:9e:65:cb:5f:82:36:a3:22:ba:
                    24:83:b3:1e:79:72:b8:9b:33:b0:12:cb:e5:1f:62:
                    37:b8:8b:c5:b2:47:b3:a6:c8:d2:27:66:2f:05:ad:
                    3c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E5:27:D1:C2:4B:D9:B2:41:F5:55:4A:A9:E2:0B:96:89:69:C1:5A
            X509v3 Authority Key Identifier:
                keyid:72:73:CD:AC:C1:E2:8F:02:13:DF:B2:8F:3D:FD:8B:9C:BD:D3:C6:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cnPNrMHijwIT37KPPf2LnL3Txi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/98c304-6532-4ac6-a162-c0a25b10902a/1/beUn0cJL2bJB9VVKqeILlolpwVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/98c304-6532-4ac6-a162-c0a25b10902a/1/cnPNrMHijwIT37KPPf2LnL3Txi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.234.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:43:6c:a8:57:7b:5b:56:46:d3:ad:0b:25:8f:52:41:c6:56:
         95:d4:c1:33:d2:04:68:5d:b5:1c:f7:b3:b6:19:76:de:ab:8c:
         c2:97:48:53:db:55:0e:1a:78:0d:af:09:4a:a8:ab:55:6b:67:
         35:a6:1c:dd:c9:de:48:d4:7e:39:c1:28:0e:a4:09:88:17:b7:
         40:50:29:c7:c1:b0:ae:18:ca:4c:c6:a1:5d:cc:2b:89:53:39:
         27:b3:9e:94:92:a3:af:7c:cb:d4:90:bd:bc:93:f9:a9:51:26:
         b2:d4:e8:ee:dd:0e:ba:55:89:c9:ad:76:a4:3f:f0:72:56:e1:
         7a:d3:c8:79:17:5f:7f:cd:4b:99:79:a6:81:7c:98:72:ab:b4:
         b7:13:1e:ba:98:5d:ef:36:18:94:34:37:3b:98:b6:db:b4:81:
         1f:ed:71:f3:d2:22:85:c2:1f:4a:bf:2a:00:d3:25:0a:af:ee:
         a8:08:bd:d5:1b:1e:e3:af:af:1b:f4:f8:9b:5f:76:4d:ec:1e:
         55:52:94:7d:75:f4:19:52:b3:08:21:9f:42:cf:b3:c1:57:14:
         d3:83:97:a2:74:4e:19:56:6e:9c:ed:30:1a:62:d6:6c:20:b7:
         3e:cd:2f:45:1c:a4:96:d9:e7:b0:bb:7b:1c:a7:7f:a3:33:8f:
         23:87:42:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3zyNwAHJb9V2f0FEr+VammMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNzNjZGFjYzFlMjhmMDIxM2RmYjI4ZjNkZmQ4YjljYmRk
M2M2MmUwHhcNMjQwMjI5MDczNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGU1MjdkMWMyNGJkOWIyNDFmNTU1NGFhOWUyMGI5Njg5NjljMTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts0SUm0kzVkwvb8P68G1OAhVOtzl
VykMxpWSeayxDOnHFEvtYlYYEyibIGxoFOFXdel91Bv9PjxoFF2o7PddDLex6x2+
YfwkjQ707oYNfHBv+JdYDpU6X/jDKlxnN5kU8ykVY5XcKzg9M4H7w3mA01cRKVv+
qvTAk0wwtfMHBXqqcjH5ulKcBi3pTzGeY8CiCg7ujA+LxDluNflMO5jEleyJVHk3
Z+xQ4pEltICPlmWe0bAHUlVKQ4qwr2q7e0IlU2xOiFcKYg0r3I5VZI+kRX7TmWU5
+gGeZctfgjajIrokg7MeeXK4mzOwEsvlH2I3uIvFskezpsjSJ2YvBa08+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3lJ9HCS9myQfVVSqniC5aJacFaMB8GA1UdIwQY
MBaAFHJzzazB4o8CE9+yjz39i5y908YuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY25QTnJNSGlqd0lUMzdLUFBmMkxuTDNUeGk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS85OGMzMDQtNjUzMi00YWM2LWExNjIt
YzBhMjViMTA5MDJhLzEvYmVVbjBjSkwyYkpCOVZWS3FlSUxsb2xwd1ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS85OGMzMDQtNjUzMi00YWM2LWExNjItYzBhMjViMTA5MDJh
LzEvY25QTnJNSGlqd0lUMzdLUFBmMkxuTDNUeGk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVOp2MA0G
CSqGSIb3DQEBCwUAA4IBAQByQ2yoV3tbVkbTrQslj1JBxlaV1MEz0gRoXbUc97O2
GXbeq4zCl0hT21UOGngNrwlKqKtVa2c1phzdyd5I1H45wSgOpAmIF7dAUCnHwbCu
GMpMxqFdzCuJUzkns56UkqOvfMvUkL28k/mpUSay1Oju3Q66VYnJrXakP/ByVuF6
08h5F19/zUuZeaaBfJhyq7S3Ex66mF3vNhiUNDc7mLbbtIEf7XHz0iKFwh9KvyoA
0yUKr+6oCL3VGx7jr68b9PibX3ZN7B5VUpR9dfQZUrMIIZ9Cz7PBVxTTg5eidE4Z
Vm6c7TAaYtZsILc+zS9FHKSW2eewu3scp3+jM48jh0Kv
-----END CERTIFICATE-----