Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/b88e0c-24cf-4fec-b118-9a6df39592c7/1/nod4PeATgyeG0rHwkzt9Xf9h4IM.roa
File:                     nod4PeATgyeG0rHwkzt9Xf9h4IM.roa (raw, json)
Hash identifier:          Sjpa8IMd27+CFxZMuLkR6nB6ffY8GtlyVgt9aO2WoGo=
Subject key identifier:   9E:87:78:3D:E0:13:83:27:86:D2:B1:F0:93:3B:7D:5D:FF:61:E0:83
Certificate issuer:       /CN=83076f3ab3efaa6328f0a38fcf4a7f963004b777
Certificate serial:       018CC26D5120D22AA2B75626DC9027980210
Authority key identifier: 83:07:6F:3A:B3:EF:AA:63:28:F0:A3:8F:CF:4A:7F:96:30:04:B7:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gwdvOrPvqmMo8KOPz0p_ljAEt3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/b88e0c-24cf-4fec-b118-9a6df39592c7/1/nod4PeATgyeG0rHwkzt9Xf9h4IM.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203673
IP address blocks:        185.127.168.0/22 maxlen: 22
                          84.38.8.0/21 maxlen: 21
                          2a03:97e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/b88e0c-24cf-4fec-b118-9a6df39592c7/1/gwdvOrPvqmMo8KOPz0p_ljAEt3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/b88e0c-24cf-4fec-b118-9a6df39592c7/1/gwdvOrPvqmMo8KOPz0p_ljAEt3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gwdvOrPvqmMo8KOPz0p_ljAEt3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:51:20:d2:2a:a2:b7:56:26:dc:90:27:98:02:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83076f3ab3efaa6328f0a38fcf4a7f963004b777
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e87783de013832786d2b1f0933b7d5dff61e083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e7:f7:ba:dd:cb:54:29:9c:ec:5c:aa:32:a1:
                    48:a3:a4:8e:06:7f:3a:33:6a:b3:fa:2a:18:08:d3:
                    be:1b:4b:bc:4c:33:b9:00:94:fd:57:97:4f:41:56:
                    15:8a:21:a0:d7:b6:7a:f1:3f:d2:57:e3:78:e2:94:
                    ab:a8:a4:98:e0:95:e7:88:c1:d8:fe:1e:97:09:80:
                    76:fd:8a:5d:80:8e:ea:d1:68:5f:87:cd:14:8e:a2:
                    fa:75:0e:f6:7e:9f:ea:a6:4d:70:d1:f7:e2:ce:a9:
                    72:97:f2:90:ce:14:44:5f:fd:c0:ed:dd:1a:a7:9f:
                    13:b5:81:b6:d6:d3:27:da:7a:31:57:5e:58:f2:e7:
                    49:99:df:ab:77:92:3f:7d:60:51:1a:6e:f9:96:1d:
                    08:ae:9a:ed:3b:f8:c2:00:25:ce:fe:1c:7c:6e:46:
                    10:ee:9e:d5:b4:58:25:c1:f3:e1:9e:e4:7f:98:41:
                    3e:05:fd:76:2c:79:3c:28:0e:ed:b2:56:68:4b:49:
                    eb:c7:d9:0c:cc:61:be:60:3e:1c:0b:9b:ce:fa:ae:
                    fc:54:99:23:66:c8:d9:4f:d1:ad:9b:9c:9b:6e:1a:
                    e7:32:44:8e:4e:16:f9:f0:6e:9c:1a:b9:44:e0:05:
                    6a:30:64:6b:31:93:f5:27:cc:7d:8f:e1:3d:e7:2b:
                    83:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:87:78:3D:E0:13:83:27:86:D2:B1:F0:93:3B:7D:5D:FF:61:E0:83
            X509v3 Authority Key Identifier:
                keyid:83:07:6F:3A:B3:EF:AA:63:28:F0:A3:8F:CF:4A:7F:96:30:04:B7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gwdvOrPvqmMo8KOPz0p_ljAEt3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/b88e0c-24cf-4fec-b118-9a6df39592c7/1/nod4PeATgyeG0rHwkzt9Xf9h4IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/b88e0c-24cf-4fec-b118-9a6df39592c7/1/gwdvOrPvqmMo8KOPz0p_ljAEt3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.8.0/21
                  185.127.168.0/22
                IPv6:
                  2a03:97e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:db:ec:a9:5b:3b:1e:bd:9b:cc:b6:c3:68:1b:56:0a:07:42:
         36:2c:be:ce:61:cb:d9:85:5f:6a:bc:4b:33:13:d3:6a:9a:10:
         f8:67:30:eb:40:9b:34:26:cc:4c:ca:ca:d1:cc:90:15:21:f6:
         1e:71:d9:d6:e2:c6:67:34:59:77:22:1c:fa:24:7a:e4:d2:bc:
         cc:2a:4f:75:c7:68:1b:6e:94:32:ed:cf:f8:64:c3:74:11:25:
         e5:f5:4a:19:c7:6d:fc:f0:bf:b2:fb:78:c9:15:28:30:4a:44:
         ad:6b:f8:4d:5e:d8:f5:de:0f:70:25:7b:e2:0e:eb:a9:cf:6c:
         4f:5d:38:43:22:f1:59:1e:60:e3:8b:1c:fa:98:db:62:4a:4f:
         bd:64:f7:01:c2:96:c3:cd:ce:f1:33:ad:8f:e1:90:5b:14:9b:
         70:1e:ed:c5:af:7e:64:c1:52:7a:91:72:6a:d8:56:79:bb:76:
         d7:a3:52:e4:3f:4b:00:b0:c8:09:58:f5:01:14:e2:41:b4:f9:
         35:1b:f2:63:21:3e:6d:c2:0e:75:af:ff:f0:35:cb:8b:de:77:
         e2:23:74:49:13:d3:44:e4:90:d3:40:bc:f3:bd:9f:16:9f:32:
         23:09:82:42:34:cf:3a:5a:f8:9e:d9:b6:18:00:b9:fc:95:fb:
         65:8f:74:b2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbVEg0iqit1Ym3JAnmAIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMDc2ZjNhYjNlZmFhNjMyOGYwYTM4ZmNmNGE3Zjk2MzAw
NGI3NzcwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTg3NzgzZGUwMTM4MzI3ODZkMmIxZjA5MzNiN2Q1ZGZmNjFlMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyef3ut3LVCmc7FyqMqFIo6SOBn86
M2qz+ioYCNO+G0u8TDO5AJT9V5dPQVYViiGg17Z68T/SV+N44pSrqKSY4JXniMHY
/h6XCYB2/YpdgI7q0Whfh80UjqL6dQ72fp/qpk1w0ffizqlyl/KQzhREX/3A7d0a
p58TtYG21tMn2noxV15Y8udJmd+rd5I/fWBRGm75lh0IrprtO/jCACXO/hx8bkYQ
7p7VtFglwfPhnuR/mEE+Bf12LHk8KA7tslZoS0nrx9kMzGG+YD4cC5vO+q78VJkj
ZsjZT9Gtm5ybbhrnMkSOThb58G6cGrlE4AVqMGRrMZP1J8x9j+E95yuDfwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ6HeD3gE4MnhtKx8JM7fV3/YeCDMB8GA1UdIwQY
MBaAFIMHbzqz76pjKPCjj89Kf5YwBLd3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3dkdk9yUHZxbU1vOEtPUHowcF9sakFFdDNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9iODhlMGMtMjRjZi00ZmVjLWIxMTgt
OWE2ZGYzOTU5MmM3LzEvbm9kNFBlQVRneWVHMHJId2t6dDlYZjloNElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9iODhlMGMtMjRjZi00ZmVjLWIxMTgtOWE2ZGYzOTU5MmM3
LzEvZ3dkdk9yUHZxbU1vOEtPUHowcF9sakFFdDNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDVCYIAwQC
uX+oMA0EAgACMAcDBQAqA5fgMA0GCSqGSIb3DQEBCwUAA4IBAQBK2+ypWzsevZvM
tsNoG1YKB0I2LL7OYcvZhV9qvEszE9NqmhD4ZzDrQJs0JsxMysrRzJAVIfYecdnW
4sZnNFl3Ihz6JHrk0rzMKk91x2gbbpQy7c/4ZMN0ESXl9UoZx2388L+y+3jJFSgw
SkSta/hNXtj13g9wJXviDuupz2xPXThDIvFZHmDjixz6mNtiSk+9ZPcBwpbDzc7x
M62P4ZBbFJtwHu3Fr35kwVJ6kXJq2FZ5u3bXo1LkP0sAsMgJWPUBFOJBtPk1G/Jj
IT5twg51r//wNcuL3nfiI3RJE9NE5JDTQLzzvZ8WnzIjCYJCNM86Wvie2bYYALn8
lftlj3Sy
-----END CERTIFICATE-----