Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/hOtBS8iM0FDTHbiwcSMOPZF34yE.roa
File:                     hOtBS8iM0FDTHbiwcSMOPZF34yE.roa (raw, json)
Hash identifier:          AUdfiKnm5D1cyICwV+8eU9Q1PePsFFZ2UQgApby7zlM=
Subject key identifier:   84:EB:41:4B:C8:8C:D0:50:D3:1D:B8:B0:71:23:0E:3D:91:77:E3:21
Certificate issuer:       /CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
Certificate serial:       018CC94ABFF52667915B5FA544837B491015
Authority key identifier: 43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/hOtBS8iM0FDTHbiwcSMOPZF34yE.roa
Signing time:             Tue 02 Jan 2024 08:29:28 +0000
ROA not before:           Tue 02 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210687
IP address blocks:        5.183.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:bf:f5:26:67:91:5b:5f:a5:44:83:7b:49:10:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
        Validity
            Not Before: Jan  2 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84eb414bc88cd050d31db8b071230e3d9177e321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:52:ff:d0:f5:c9:ef:66:99:18:e9:f2:54:3f:
                    00:37:c9:7b:28:bc:62:da:35:31:be:09:2c:d4:06:
                    8b:c3:6c:46:b7:60:a0:23:55:11:3d:04:08:a2:b0:
                    9d:8c:f8:2e:34:35:ba:4a:ee:15:af:8d:4d:75:c1:
                    f2:a6:ec:82:41:db:44:10:7f:fe:b4:46:d5:e1:b7:
                    49:90:9f:89:b3:bb:46:18:2f:d7:78:87:aa:5d:3c:
                    fe:78:14:3f:0e:34:c4:36:5a:04:98:7f:6e:2c:af:
                    40:52:cc:65:08:4e:83:15:96:4e:9a:00:29:87:11:
                    ed:c9:b5:28:49:1b:5c:1c:43:e7:a3:4f:e2:44:6e:
                    8f:d7:ed:ee:6e:96:a6:23:51:ab:cf:75:99:71:f4:
                    49:a4:25:df:83:d0:7c:f0:d2:a6:83:08:65:39:51:
                    90:a6:db:ab:e7:08:09:76:2d:b4:80:23:3b:06:3e:
                    07:ef:41:a5:c4:ab:4e:da:89:bf:33:f0:2a:4a:dd:
                    bc:d0:98:92:ef:bc:0d:f0:fd:b5:d4:11:1c:11:ee:
                    9b:ca:d1:28:a0:3d:2b:b2:7f:4d:34:c7:a5:64:b6:
                    84:95:56:16:64:10:b8:d0:62:80:fe:58:08:00:db:
                    5f:ee:46:3d:1e:31:fa:ee:de:5e:cc:80:77:45:67:
                    61:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:EB:41:4B:C8:8C:D0:50:D3:1D:B8:B0:71:23:0E:3D:91:77:E3:21
            X509v3 Authority Key Identifier:
                keyid:43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/hOtBS8iM0FDTHbiwcSMOPZF34yE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:7c:13:c3:4e:5d:2c:1b:fb:3d:ee:a9:98:32:55:9d:de:80:
         44:c0:5f:56:1e:e4:f5:fc:9e:43:f3:34:c9:7c:30:a1:bd:cb:
         1f:5a:73:11:7c:83:74:76:6d:e6:ec:a2:39:67:fe:4a:7b:22:
         69:9e:bd:7e:82:92:4b:e1:0f:fb:1f:48:d9:ed:85:b9:09:bf:
         c1:36:67:72:aa:c2:30:5b:6b:41:25:bc:e2:63:6c:39:cd:65:
         6d:26:7d:78:05:cb:5d:16:58:b1:c1:eb:d0:6a:82:8b:b6:de:
         01:12:a6:11:24:71:ae:8a:fb:43:44:05:a9:68:45:99:93:4d:
         b2:02:71:94:e4:04:78:fa:9d:e5:c7:9e:d5:e3:00:e1:88:c6:
         10:62:b3:6e:1c:7d:74:41:6f:6a:12:88:c8:54:55:80:60:89:
         0d:55:d5:95:d1:b5:01:ea:40:be:e1:f8:ea:cc:75:91:40:a8:
         e7:b9:f3:5f:63:c1:85:38:25:75:e6:2a:83:39:aa:d2:29:ea:
         36:22:9a:8d:eb:35:d7:45:93:e0:f5:f7:cf:50:c8:2f:28:99:
         60:ce:bb:0d:4f:b9:bb:5c:03:92:96:6a:51:da:89:0c:bf:3a:
         d9:ce:94:27:f4:5d:53:de:c7:93:73:02:8e:f3:fd:db:ab:76:
         d5:29:aa:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSr/1JmeRW1+lRIN7SRAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzODRmNmZhNmRlY2NlZDU1NzhhODVhNTFlMGJkNjU3MDFl
YTM0ZWMwHhcNMjQwMTAyMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGViNDE0YmM4OGNkMDUwZDMxZGI4YjA3MTIzMGUzZDkxNzdlMzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1L/0PXJ72aZGOnyVD8AN8l7KLxi
2jUxvgks1AaLw2xGt2CgI1URPQQIorCdjPguNDW6Su4Vr41NdcHypuyCQdtEEH/+
tEbV4bdJkJ+Js7tGGC/XeIeqXTz+eBQ/DjTENloEmH9uLK9AUsxlCE6DFZZOmgAp
hxHtybUoSRtcHEPno0/iRG6P1+3ubpamI1Grz3WZcfRJpCXfg9B88NKmgwhlOVGQ
ptur5wgJdi20gCM7Bj4H70GlxKtO2om/M/AqSt280JiS77wN8P211BEcEe6bytEo
oD0rsn9NNMelZLaElVYWZBC40GKA/lgIANtf7kY9HjH67t5ezIB3RWdhlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITrQUvIjNBQ0x24sHEjDj2Rd+MhMB8GA1UdIwQY
MBaAFEOE9vpt7M7VV4qFpR4L1lcB6jTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMt
MWIxM2JkNDU2NmE1LzEvaE90QlM4aU0wRkRUSGJpd2NTTU9QWkYzNHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMtMWIxM2JkNDU2NmE1
LzEvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbdtMA0G
CSqGSIb3DQEBCwUAA4IBAQAVfBPDTl0sG/s97qmYMlWd3oBEwF9WHuT1/J5D8zTJ
fDChvcsfWnMRfIN0dm3m7KI5Z/5KeyJpnr1+gpJL4Q/7H0jZ7YW5Cb/BNmdyqsIw
W2tBJbziY2w5zWVtJn14BctdFlixwevQaoKLtt4BEqYRJHGuivtDRAWpaEWZk02y
AnGU5AR4+p3lx57V4wDhiMYQYrNuHH10QW9qEojIVFWAYIkNVdWV0bUB6kC+4fjq
zHWRQKjnufNfY8GFOCV15iqDOarSKeo2IpqN6zXXRZPg9ffPUMgvKJlgzrsNT7m7
XAOSlmpR2okMvzrZzpQn9F1T3seTcwKO8/3bq3bVKaoU
-----END CERTIFICATE-----