Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7TfXPQCLFc4JijegnITtcEVaBWo.roa
File:                     7TfXPQCLFc4JijegnITtcEVaBWo.roa (raw, json)
Hash identifier:          v4PCpdc48u9pBI0KTxIDj8tfBCps0vB3QBQkUFaeK8c=
Subject key identifier:   ED:37:D7:3D:00:8B:15:CE:09:8A:37:A0:9C:84:ED:70:45:5A:05:6A
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D5F8827B938301193CFBE7A06DCB5
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7TfXPQCLFc4JijegnITtcEVaBWo.roa
Signing time:             Mon 01 Jan 2024 00:29:56 +0000
ROA not before:           Mon 01 Jan 2024 00:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197236
IP address blocks:        95.43.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Nov 2024 16:12:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5f:88:27:b9:38:30:11:93:cf:be:7a:06:dc:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed37d73d008b15ce098a37a09c84ed70455a056a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b5:cd:db:9a:7a:0a:bf:2d:d0:0f:84:cb:36:
                    2f:fa:c9:28:0d:ba:63:c8:29:e5:9e:61:2d:57:ab:
                    f4:35:16:4f:82:93:9f:4b:8f:c7:13:4a:e9:d0:45:
                    33:0f:ca:8d:c0:61:dc:38:2e:d2:f7:6c:86:58:e0:
                    b1:c0:e1:88:18:f4:fa:6b:76:b7:3e:9e:61:0f:a5:
                    e8:dd:ec:0f:12:b7:ab:95:01:89:c1:17:f1:1c:b3:
                    0d:27:14:72:3e:c7:de:ad:b4:7e:ae:63:ec:d6:a3:
                    dd:69:71:14:5a:d8:f2:84:af:63:0e:ad:68:b6:b3:
                    54:81:e5:fe:46:b5:f2:b4:6b:61:73:87:f9:d3:e0:
                    93:6e:eb:44:05:16:a3:4d:7d:c2:96:7e:c4:2d:b1:
                    f0:48:7b:66:c9:d3:95:97:23:b3:69:4d:41:b3:dc:
                    8f:11:fa:ec:b2:25:3b:ea:17:7e:88:b5:9f:13:aa:
                    1c:9e:82:de:52:1a:96:55:a9:70:d4:31:66:38:ec:
                    af:16:50:67:72:d0:8a:b7:f7:60:eb:36:ab:78:04:
                    96:a5:77:84:77:d1:3a:df:97:ee:37:bc:9a:7f:d1:
                    8b:a3:8f:6a:ed:c5:e5:3d:04:a3:e3:e4:fc:e6:75:
                    dd:72:96:24:26:27:08:18:21:9e:5a:50:90:c2:9f:
                    84:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:37:D7:3D:00:8B:15:CE:09:8A:37:A0:9C:84:ED:70:45:5A:05:6A
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7TfXPQCLFc4JijegnITtcEVaBWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.43.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:99:83:ac:f5:d5:08:79:61:9b:e3:06:f1:b6:eb:73:06:86:
         ae:ee:66:d6:6b:4d:29:ed:d9:12:db:04:36:77:d9:53:db:e7:
         f2:be:ef:60:e6:f0:dd:7b:18:ce:9b:2b:3e:8e:e4:36:2a:c2:
         31:f9:f7:55:1f:13:a7:d9:e8:e8:cd:68:84:eb:b4:39:d2:51:
         eb:01:4a:b5:c6:2b:e0:c4:bd:a3:4c:3a:aa:2d:7a:63:b0:56:
         3d:51:a2:40:47:08:d5:99:53:f9:56:cb:d4:a3:3b:12:3a:8f:
         36:8a:09:8d:cd:ef:25:2f:cc:68:48:fa:c2:dd:d3:80:ba:68:
         89:95:ee:33:3f:13:56:75:0b:83:a3:b4:cc:18:98:61:eb:2b:
         61:f8:1a:c8:d1:7c:a3:8c:98:eb:2f:1d:58:27:e0:dc:ef:8b:
         79:96:ec:a7:18:ba:48:67:98:78:24:07:1f:4c:03:ad:4b:a1:
         03:03:1e:51:5b:8e:1f:41:c1:bc:80:2c:4d:d1:bf:92:25:51:
         e7:71:16:29:51:54:d8:b1:22:96:3e:b9:ec:b7:b2:47:a0:26:
         74:14:48:bc:45:68:84:b5:2a:52:7d:b3:51:76:25:2b:14:d6:
         fd:5d:ee:72:f2:6c:e5:3e:71:4c:d3:7d:32:66:8b:ba:c3:af:
         6d:25:81:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbV+IJ7k4MBGTz756Bty1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDM3ZDczZDAwOGIxNWNlMDk4YTM3YTA5Yzg0ZWQ3MDQ1NWEwNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLXN25p6Cr8t0A+EyzYv+skoDbpj
yCnlnmEtV6v0NRZPgpOfS4/HE0rp0EUzD8qNwGHcOC7S92yGWOCxwOGIGPT6a3a3
Pp5hD6Xo3ewPErerlQGJwRfxHLMNJxRyPsferbR+rmPs1qPdaXEUWtjyhK9jDq1o
trNUgeX+RrXytGthc4f50+CTbutEBRajTX3Cln7ELbHwSHtmydOVlyOzaU1Bs9yP
EfrssiU76hd+iLWfE6ocnoLeUhqWValw1DFmOOyvFlBnctCKt/dg6zareASWpXeE
d9E635fuN7yaf9GLo49q7cXlPQSj4+T85nXdcpYkJicIGCGeWlCQwp+E6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO031z0AixXOCYo3oJyE7XBFWgVqMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvN1RmWFBRQ0xGYzRKaWplZ25JVHRjRVZhQldvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXyvlMA0G
CSqGSIb3DQEBCwUAA4IBAQCbmYOs9dUIeWGb4wbxtutzBoau7mbWa00p7dkS2wQ2
d9lT2+fyvu9g5vDdexjOmys+juQ2KsIx+fdVHxOn2ejozWiE67Q50lHrAUq1xivg
xL2jTDqqLXpjsFY9UaJARwjVmVP5VsvUozsSOo82igmNze8lL8xoSPrC3dOAumiJ
le4zPxNWdQuDo7TMGJhh6yth+BrI0XyjjJjrLx1YJ+Dc74t5luynGLpIZ5h4JAcf
TAOtS6EDAx5RW44fQcG8gCxN0b+SJVHncRYpUVTYsSKWPrnst7JHoCZ0FEi8RWiE
tSpSfbNRdiUrFNb9Xe5y8mzlPnFM030yZou6w69tJYEk
-----END CERTIFICATE-----