Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/tLU8YTa50BNFR815aO3wRQWQeOU.roa
File:                     tLU8YTa50BNFR815aO3wRQWQeOU.roa (raw, json)
Hash identifier:          zKU8zGeZgDYdgb9bdeIWosjG2Cp7PA508CX52QOSIVA=
Subject key identifier:   B4:B5:3C:61:36:B9:D0:13:45:47:CD:79:68:ED:F0:45:05:90:78:E5
Certificate issuer:       /CN=ded353e2f5d318c348772a8ff105aa70719e4135
Certificate serial:       018CC348F4BAC43B5A1F1949753CF5CABD87
Authority key identifier: DE:D3:53:E2:F5:D3:18:C3:48:77:2A:8F:F1:05:AA:70:71:9E:41:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3tNT4vXTGMNIdyqP8QWqcHGeQTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/tLU8YTa50BNFR815aO3wRQWQeOU.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        87.237.84.0/24 maxlen: 24
                          87.237.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/3tNT4vXTGMNIdyqP8QWqcHGeQTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/3tNT4vXTGMNIdyqP8QWqcHGeQTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3tNT4vXTGMNIdyqP8QWqcHGeQTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f4:ba:c4:3b:5a:1f:19:49:75:3c:f5:ca:bd:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ded353e2f5d318c348772a8ff105aa70719e4135
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4b53c6136b9d0134547cd7968edf045059078e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f3:34:d2:22:a9:df:4c:41:e1:2b:37:31:39:
                    c0:0a:e0:d2:98:3e:33:1f:61:cb:55:76:af:71:1e:
                    e8:a7:32:77:b3:a5:2b:90:35:df:3d:bc:c6:59:17:
                    ab:f9:58:90:e5:1c:37:63:76:1f:ea:cc:21:75:87:
                    3a:41:8c:3e:9f:d5:54:fc:21:ea:f5:2b:00:d9:56:
                    24:0f:b7:81:ca:d1:64:94:7c:cf:f9:91:f2:9e:15:
                    b8:9a:27:4b:a9:b5:8b:0d:14:88:b4:b1:10:b0:9f:
                    76:42:85:ce:d5:dc:01:47:5c:b2:6a:fd:9c:69:50:
                    40:95:92:c3:3b:83:f3:b3:b5:41:a0:37:89:43:33:
                    7a:c9:4f:ca:fb:4e:cf:c8:75:47:20:03:03:f9:87:
                    dd:21:b7:7e:69:44:c2:db:5e:c4:b9:f2:e9:ad:f2:
                    33:40:07:ce:91:18:7a:1f:14:d3:cd:6a:4e:ad:13:
                    6d:06:22:d3:0d:92:d6:8a:2e:1f:60:24:4a:09:21:
                    1c:a1:23:f6:cf:00:1e:72:2b:4d:c6:c1:6a:33:b9:
                    92:ff:57:74:d1:fd:5c:c5:7c:4b:8b:dc:5b:78:54:
                    12:e9:5a:72:b2:c2:6e:89:37:52:29:34:91:0b:6f:
                    20:3a:03:b1:33:85:12:44:fb:85:a6:7a:33:01:b4:
                    2a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B5:3C:61:36:B9:D0:13:45:47:CD:79:68:ED:F0:45:05:90:78:E5
            X509v3 Authority Key Identifier:
                keyid:DE:D3:53:E2:F5:D3:18:C3:48:77:2A:8F:F1:05:AA:70:71:9E:41:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3tNT4vXTGMNIdyqP8QWqcHGeQTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/tLU8YTa50BNFR815aO3wRQWQeOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/3tNT4vXTGMNIdyqP8QWqcHGeQTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.84.0/24
                  87.237.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:2a:17:2f:d4:d2:97:ef:f9:71:c1:00:57:81:f8:22:9e:d8:
         20:ed:ee:dc:90:3c:45:a1:52:96:80:08:44:f7:66:ff:19:ee:
         8d:1f:fe:56:e8:4c:3c:10:cf:c1:9a:8a:9a:7e:ec:ff:3b:60:
         01:14:ee:d8:c1:59:a3:49:e8:44:ef:a2:10:e8:82:3b:7b:c2:
         c1:fc:eb:39:01:d5:ee:ab:22:49:a2:9d:12:f4:5a:e7:bd:65:
         78:89:5a:0e:55:e7:c5:d9:73:7b:a8:44:00:10:9f:3f:88:74:
         94:6d:7d:ff:a6:8e:99:44:f7:3c:56:85:c7:71:07:a0:97:f0:
         1e:6c:7b:45:7b:16:23:2f:db:83:ae:bb:4d:8d:47:15:36:ee:
         bf:c5:37:ad:d8:e0:02:2b:26:33:84:19:57:06:81:22:49:54:
         3b:a6:ac:70:bb:cf:59:96:6a:e8:be:af:7b:bb:35:16:5a:bc:
         7c:d4:58:5b:ae:7f:c9:d4:6d:98:75:7e:b1:49:4b:04:1e:24:
         d6:a0:a5:af:4d:e4:1d:d9:fd:f0:35:17:5b:fc:ac:c0:c5:8f:
         7f:7d:c6:dd:86:b9:15:6a:20:ec:53:cc:82:6a:2c:04:43:9d:
         f5:de:9a:77:87:7b:d2:7a:50:70:8d:80:57:67:e2:72:12:fc:
         3d:44:c6:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSPS6xDtaHxlJdTz1yr2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZDM1M2UyZjVkMzE4YzM0ODc3MmE4ZmYxMDVhYTcwNzE5
ZTQxMzUwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGI1M2M2MTM2YjlkMDEzNDU0N2NkNzk2OGVkZjA0NTA1OTA3OGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvM00iKp30xB4Ss3MTnACuDSmD4z
H2HLVXavcR7opzJ3s6UrkDXfPbzGWRer+ViQ5Rw3Y3Yf6swhdYc6QYw+n9VU/CHq
9SsA2VYkD7eBytFklHzP+ZHynhW4midLqbWLDRSItLEQsJ92QoXO1dwBR1yyav2c
aVBAlZLDO4Pzs7VBoDeJQzN6yU/K+07PyHVHIAMD+YfdIbd+aUTC217EufLprfIz
QAfOkRh6HxTTzWpOrRNtBiLTDZLWii4fYCRKCSEcoSP2zwAecitNxsFqM7mS/1d0
0f1cxXxLi9xbeFQS6VpyssJuiTdSKTSRC28gOgOxM4USRPuFpnozAbQqfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLS1PGE2udATRUfNeWjt8EUFkHjlMB8GA1UdIwQY
MBaAFN7TU+L10xjDSHcqj/EFqnBxnkE1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3ROVDR2WFRHTU5JZHlxUDhRV3FjSEdlUVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jYmFjY2UtZWZiZi00ZjMyLThkODgt
NGU4NWRhYmQ2NDc0LzEvdExVOFlUYTUwQk5GUjgxNWFPM3dSUVdRZU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jYmFjY2UtZWZiZi00ZjMyLThkODgtNGU4NWRhYmQ2NDc0
LzEvM3ROVDR2WFRHTU5JZHlxUDhRV3FjSEdlUVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+1UAwQA
V+1WMA0GCSqGSIb3DQEBCwUAA4IBAQAnKhcv1NKX7/lxwQBXgfgintgg7e7ckDxF
oVKWgAhE92b/Ge6NH/5W6Ew8EM/Bmoqafuz/O2ABFO7YwVmjSehE76IQ6II7e8LB
/Os5AdXuqyJJop0S9FrnvWV4iVoOVefF2XN7qEQAEJ8/iHSUbX3/po6ZRPc8VoXH
cQegl/AebHtFexYjL9uDrrtNjUcVNu6/xTet2OACKyYzhBlXBoEiSVQ7pqxwu89Z
lmrovq97uzUWWrx81Fhbrn/J1G2YdX6xSUsEHiTWoKWvTeQd2f3wNRdb/KzAxY9/
fcbdhrkVaiDsU8yCaiwEQ5313pp3h3vSelBwjYBXZ+JyEvw9RMbx
-----END CERTIFICATE-----