Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/nwFBz7CBL89ah53T3HH1mmse0ts.roa
File:                     nwFBz7CBL89ah53T3HH1mmse0ts.roa (raw, json)
Hash identifier:          zKHR1hdzvWN8kRONqFUlndoj4buDoIZXko4V1k8oRR8=
Subject key identifier:   9F:01:41:CF:B0:81:2F:CF:5A:87:9D:D3:DC:71:F5:9A:6B:1E:D2:DB
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E9084C0C3D20B823DEF7A5A0B31A3
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/nwFBz7CBL89ah53T3HH1mmse0ts.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200682
IP address blocks:        84.207.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:90:84:c0:c3:d2:0b:82:3d:ef:7a:5a:0b:31:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f0141cfb0812fcf5a879dd3dc71f59a6b1ed2db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:1d:03:bb:39:82:8b:eb:70:af:cc:45:e3:05:
                    c7:97:06:78:1e:5a:0e:40:ef:56:fe:84:d6:93:b1:
                    62:62:5f:e3:16:ae:69:00:03:5e:40:99:0d:f6:7d:
                    d7:22:bd:f1:68:8f:3d:64:63:5d:02:b1:5c:76:67:
                    af:1c:2a:ca:c5:f3:af:33:43:a3:d4:be:9c:67:5c:
                    75:3b:58:bb:c4:b3:a5:af:81:7b:ed:1b:7c:9b:b4:
                    51:9e:9a:43:21:66:af:bd:92:e3:31:7b:5c:5a:1b:
                    f8:e7:65:75:b7:bd:8c:ce:58:a3:99:b6:b3:b9:f1:
                    db:f1:48:02:de:78:5e:53:8b:be:4d:dc:20:7a:f9:
                    4d:ee:c7:a9:90:bb:6a:32:37:13:74:57:d9:64:58:
                    ed:57:ce:4b:a4:c4:b8:58:f1:4f:7b:2a:ac:2f:c4:
                    9d:5d:40:4b:e1:5c:0d:cf:54:a3:ca:cf:9b:a8:bb:
                    62:df:40:a1:68:ab:d9:ea:7a:5a:e2:cb:5d:56:9d:
                    a4:e1:35:9e:14:6b:16:4f:f1:1d:60:65:22:21:07:
                    4f:db:50:31:7f:1e:f8:c0:66:e3:ad:dd:88:ed:68:
                    0a:bb:c8:cc:5c:12:a7:a1:97:e4:ac:32:70:bc:2f:
                    b6:6a:08:fb:9e:63:32:2c:07:97:25:34:d1:3a:c7:
                    64:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:01:41:CF:B0:81:2F:CF:5A:87:9D:D3:DC:71:F5:9A:6B:1E:D2:DB
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/nwFBz7CBL89ah53T3HH1mmse0ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.207.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:19:15:57:dd:67:c4:49:98:c6:03:6d:51:99:5f:bf:cb:22:
         21:50:53:2c:af:a1:99:59:a6:b4:2c:9b:2f:0c:c1:05:c6:53:
         77:6f:e3:13:14:19:8c:11:bd:6b:fb:d2:bb:35:bc:af:1a:c6:
         9a:23:e2:67:b9:12:c0:3e:2e:b1:00:5f:34:3e:fd:96:7e:5d:
         57:23:ba:6d:7a:7a:79:a5:0a:b6:2b:3b:0d:e8:c7:54:d2:fe:
         2c:f1:87:50:f9:27:c3:62:e2:b1:47:ec:39:77:b1:94:ca:a8:
         d7:26:45:13:a3:0f:2b:b7:fa:32:25:de:3c:80:ce:60:6d:ee:
         ea:64:a1:a8:09:a8:d9:25:b7:3a:6a:06:25:c1:3a:76:e7:96:
         0d:75:a6:bf:2f:d9:bd:c1:80:53:04:27:a5:ad:1e:ab:cc:1e:
         88:06:da:10:22:e4:1b:2e:fd:5b:b2:6b:67:07:3f:a9:40:fd:
         79:a4:81:88:77:2d:c1:f7:7d:5a:48:0c:36:8d:dc:e3:e0:8d:
         ab:b7:65:b5:41:11:9e:b8:4d:44:97:4f:aa:40:43:b2:2d:2f:
         df:12:ab:72:37:2c:fb:00:6c:84:af:c2:fa:93:86:e8:0d:87:
         68:48:15:cc:3f:dc:1d:59:01:43:fb:b9:9f:fc:d6:77:6f:df:
         c1:00:c6:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpCEwMPSC4I973paCzGjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjAxNDFjZmIwODEyZmNmNWE4NzlkZDNkYzcxZjU5YTZiMWVkMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjx0DuzmCi+twr8xF4wXHlwZ4HloO
QO9W/oTWk7FiYl/jFq5pAANeQJkN9n3XIr3xaI89ZGNdArFcdmevHCrKxfOvM0Oj
1L6cZ1x1O1i7xLOlr4F77Rt8m7RRnppDIWavvZLjMXtcWhv452V1t72Mzlijmbaz
ufHb8UgC3nheU4u+TdwgevlN7sepkLtqMjcTdFfZZFjtV85LpMS4WPFPeyqsL8Sd
XUBL4VwNz1Sjys+bqLti30ChaKvZ6npa4stdVp2k4TWeFGsWT/EdYGUiIQdP21Ax
fx74wGbjrd2I7WgKu8jMXBKnoZfkrDJwvC+2agj7nmMyLAeXJTTROsdkRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8BQc+wgS/PWoed09xx9ZprHtLbMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvbndGQno3Q0JMODlhaDUzVDNISDFtbXNlMHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVM/3MA0G
CSqGSIb3DQEBCwUAA4IBAQCRGRVX3WfESZjGA21RmV+/yyIhUFMsr6GZWaa0LJsv
DMEFxlN3b+MTFBmMEb1r+9K7NbyvGsaaI+JnuRLAPi6xAF80Pv2Wfl1XI7ptenp5
pQq2KzsN6MdU0v4s8YdQ+SfDYuKxR+w5d7GUyqjXJkUTow8rt/oyJd48gM5gbe7q
ZKGoCajZJbc6agYlwTp255YNdaa/L9m9wYBTBCelrR6rzB6IBtoQIuQbLv1bsmtn
Bz+pQP15pIGIdy3B931aSAw2jdzj4I2rt2W1QRGeuE1El0+qQEOyLS/fEqtyNyz7
AGyEr8L6k4boDYdoSBXMP9wdWQFD+7mf/NZ3b9/BAMYJ
-----END CERTIFICATE-----