Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/D1Qut_0mc8bzGgt1rSHmLmNJIK0.roa
File:                     D1Qut_0mc8bzGgt1rSHmLmNJIK0.roa (raw, json)
Hash identifier:          SgUYRw4n3uOvoc/UbN9K4AQOS9wSW7blxgGKE1zlP6M=
Subject key identifier:   0F:54:2E:B7:FD:26:73:C6:F3:1A:0B:75:AD:21:E6:2E:63:49:20:AD
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747FCEF26F27E61B16DD6425F388FDA
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/D1Qut_0mc8bzGgt1rSHmLmNJIK0.roa
Signing time:             Thu 02 Jan 2025 13:50:16 +0000
ROA not before:           Thu 02 Jan 2025 13:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201583
IP address blocks:        84.40.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:fc:ef:26:f2:7e:61:b1:6d:d6:42:5f:38:8f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f542eb7fd2673c6f31a0b75ad21e62e634920ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8e:6e:f3:54:ea:e2:f1:a2:99:d6:d4:52:8b:
                    8c:5a:1b:14:ac:93:69:96:33:25:5e:33:d2:cb:e5:
                    68:7a:47:b4:44:80:71:e5:b1:c0:7a:b6:c7:94:6e:
                    42:69:7b:37:3f:76:f7:c4:76:b0:a1:d3:e3:97:4f:
                    b1:a2:b9:a0:ee:67:c2:26:41:f9:91:e2:01:9b:71:
                    74:0c:73:b5:02:4a:0a:38:47:ff:59:95:95:60:d4:
                    17:86:7e:d8:67:00:89:fe:8c:35:1c:d9:35:87:a0:
                    26:9e:07:7b:f0:82:45:e2:37:e9:0d:c1:ab:7c:ec:
                    2c:33:08:2f:3b:79:b5:81:af:0d:0e:91:c7:0b:1d:
                    c7:a5:11:a0:52:6c:fb:2b:bf:9b:4d:0d:f7:48:43:
                    a2:40:93:a0:2f:8c:02:01:fd:35:9e:e5:9c:ab:99:
                    7f:70:97:9a:db:7d:9c:db:89:2c:ca:62:cc:fe:e9:
                    80:a6:9a:c2:d7:91:a5:a7:75:6c:b1:98:56:ac:53:
                    76:c8:ef:8a:eb:13:54:8f:d1:2f:50:f9:1b:7a:9f:
                    ec:07:cd:6a:cb:7c:82:ae:46:e6:59:b7:6f:fc:09:
                    95:e5:60:fd:30:7f:3a:84:8b:92:9a:43:0f:e2:78:
                    32:18:cf:76:13:80:e3:4e:37:df:fa:5e:3e:22:cc:
                    f7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:54:2E:B7:FD:26:73:C6:F3:1A:0B:75:AD:21:E6:2E:63:49:20:AD
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/D1Qut_0mc8bzGgt1rSHmLmNJIK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.40.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:bc:eb:76:36:aa:1d:93:5a:81:2e:ba:ab:f9:c8:3c:da:2f:
         6f:52:79:ff:ac:d1:33:98:29:00:1a:79:3d:59:a7:a9:b1:89:
         e5:4b:d5:f9:43:36:a4:b9:aa:aa:64:fb:94:ac:82:42:1f:31:
         99:97:03:d4:5c:43:c3:17:18:f5:c8:ad:e9:6a:26:6c:1d:44:
         45:31:cd:b5:e3:bb:91:7b:83:aa:31:2b:82:78:c7:29:ce:ab:
         d3:2c:8c:ca:f6:3b:72:d7:f8:7b:7f:47:98:cf:34:93:16:9c:
         ad:09:fa:2f:9c:3b:12:68:bb:0e:5d:eb:bc:2d:4f:bd:30:47:
         1f:5b:77:3c:9d:b2:51:cd:1b:7b:59:2b:ec:1b:41:44:26:b4:
         ca:f6:45:8d:76:7f:80:bc:01:63:95:04:66:a6:53:bb:62:85:
         fd:cc:d9:32:91:05:78:55:bb:a8:ad:94:fc:81:f9:14:9f:0b:
         0f:fa:c3:5f:cb:6e:a4:4a:c6:3b:ae:6f:79:03:61:36:8a:4a:
         23:b7:57:28:94:0f:33:c0:a5:b2:37:22:98:be:4c:a2:ba:d0:
         b6:79:fc:52:a6:ee:4b:02:00:4a:cb:eb:a0:9d:46:ff:5e:3d:
         5a:2e:c9:67:70:84:02:18:1b:dc:bf:a7:88:c0:85:9c:2b:0f:
         7d:d3:84:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/zvJvJ+YbFt1kJfOI/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjU0MmViN2ZkMjY3M2M2ZjMxYTBiNzVhZDIxZTYyZTYzNDkyMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I5u81Tq4vGimdbUUouMWhsUrJNp
ljMlXjPSy+Voeke0RIBx5bHAerbHlG5CaXs3P3b3xHawodPjl0+xormg7mfCJkH5
keIBm3F0DHO1AkoKOEf/WZWVYNQXhn7YZwCJ/ow1HNk1h6Amngd78IJF4jfpDcGr
fOwsMwgvO3m1ga8NDpHHCx3HpRGgUmz7K7+bTQ33SEOiQJOgL4wCAf01nuWcq5l/
cJea232c24ksymLM/umApprC15Glp3VssZhWrFN2yO+K6xNUj9EvUPkbep/sB81q
y3yCrkbmWbdv/AmV5WD9MH86hIuSmkMP4ngyGM92E4DjTjff+l4+Isz3HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9ULrf9JnPG8xoLda0h5i5jSSCtMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvRDFRdXRfMG1jOGJ6R2d0MXJTSG1MbU5KSUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVChyMA0G
CSqGSIb3DQEBCwUAA4IBAQAwvOt2Nqodk1qBLrqr+cg82i9vUnn/rNEzmCkAGnk9
WaepsYnlS9X5QzakuaqqZPuUrIJCHzGZlwPUXEPDFxj1yK3paiZsHURFMc2147uR
e4OqMSuCeMcpzqvTLIzK9jty1/h7f0eYzzSTFpytCfovnDsSaLsOXeu8LU+9MEcf
W3c8nbJRzRt7WSvsG0FEJrTK9kWNdn+AvAFjlQRmplO7YoX9zNkykQV4VbuorZT8
gfkUnwsP+sNfy26kSsY7rm95A2E2ikojt1colA8zwKWyNyKYvkyiutC2efxSpu5L
AgBKy+ugnUb/Xj1aLslncIQCGBvcv6eIwIWcKw9904RI
-----END CERTIFICATE-----