Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/M2Ibh4u91i70a_urGldcQLcJXHU.roa
File:                     M2Ibh4u91i70a_urGldcQLcJXHU.roa (raw, json)
Hash identifier:          zc4U+kovzG0BihjA3UgKPELSUnEg0OcchHXyjQoEgkc=
Subject key identifier:   33:62:1B:87:8B:BD:D6:2E:F4:6B:FB:AB:1A:57:5C:40:B7:09:5C:75
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D5211A18BD2C8FEBFD07EC75D1873
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/M2Ibh4u91i70a_urGldcQLcJXHU.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29286
IP address blocks:        95.43.198.0/24 maxlen: 24
                          46.10.162.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:52:11:a1:8b:d2:c8:fe:bf:d0:7e:c7:5d:18:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33621b878bbdd62ef46bfbab1a575c40b7095c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6d:63:74:b1:04:24:5b:a8:8f:80:ef:05:3b:
                    86:2a:1f:86:29:c3:ff:93:aa:29:60:c7:7c:95:34:
                    a7:3e:6e:cd:3c:16:09:d3:c0:cc:b7:25:94:3a:4e:
                    12:c7:c3:29:84:99:59:44:3b:97:53:20:73:c1:d7:
                    a3:e9:74:7a:92:55:13:e8:e9:a5:fc:ae:d0:3b:be:
                    b9:af:8e:fc:21:d2:b4:6d:4b:98:fa:64:e5:f6:77:
                    d7:26:ea:52:65:2d:4b:db:6c:e5:af:c6:4a:94:55:
                    fc:42:f3:d0:c5:77:91:6f:1e:a0:87:11:02:7f:58:
                    94:02:91:2b:6b:48:7c:a6:97:11:27:bc:8c:d2:92:
                    03:80:cb:a6:b7:ec:4e:4b:0e:e0:70:31:c5:67:8b:
                    29:53:41:0d:e8:cb:5a:68:90:e2:7d:bc:15:a1:2d:
                    28:ba:e0:b0:a0:f7:c4:be:49:f9:da:38:3a:7e:d1:
                    84:52:03:7b:87:2d:4e:83:b1:80:f9:c3:88:ec:3f:
                    22:22:77:37:80:0a:4c:0d:29:56:0f:39:63:f8:86:
                    1a:eb:18:45:af:51:16:01:ba:b6:21:d6:29:34:eb:
                    3f:e7:ad:9f:5b:92:04:4d:90:52:5e:58:be:c9:90:
                    9e:e7:58:f9:63:c2:e8:27:71:76:ce:f3:f2:3d:da:
                    4f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:62:1B:87:8B:BD:D6:2E:F4:6B:FB:AB:1A:57:5C:40:B7:09:5C:75
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/M2Ibh4u91i70a_urGldcQLcJXHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.10.162.0/23
                  95.43.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:32:17:09:bd:34:98:b3:75:52:88:32:4f:2d:a5:72:44:6d:
         a6:f1:5b:1b:55:03:8a:bc:71:fb:c1:d4:e3:79:b6:68:a7:03:
         47:6a:c1:d1:0d:43:98:2d:d6:9c:cf:d9:51:1d:02:18:3c:b6:
         c9:78:e8:97:35:8a:4c:20:04:fc:42:f1:2f:e2:4e:d9:af:2d:
         3c:0d:76:1b:ae:f6:b5:b0:4a:fd:8d:84:44:63:70:e3:47:a8:
         41:b6:76:db:6a:67:9c:68:7a:34:65:45:a3:3b:75:e6:e0:71:
         61:1b:b2:c1:22:38:72:62:2e:cf:9c:6b:c7:c5:e7:ae:37:22:
         8c:67:19:2d:97:a6:55:33:05:c7:1c:e3:31:8b:64:8e:10:e3:
         e5:c6:64:c0:35:f9:5d:52:97:9b:0a:68:5b:16:39:88:82:d1:
         80:eb:f9:1b:24:37:54:9b:7c:d9:74:91:01:1e:9e:9b:11:91:
         62:69:73:0c:bf:37:b7:05:f7:74:13:d7:91:1f:4d:82:93:86:
         9c:a9:8a:70:da:e5:8b:b1:0f:30:11:8d:8c:83:6d:30:03:c0:
         a1:8e:c7:69:f8:34:70:07:01:1c:54:41:7c:7c:54:f0:6e:d9:
         7c:01:56:af:9e:d0:fa:17:d0:f4:d0:45:d6:b2:82:17:40:c0:
         69:39:e0:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbVIRoYvSyP6/0H7HXRhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYyMWI4NzhiYmRkNjJlZjQ2YmZiYWIxYTU3NWM0MGI3MDk1Yzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjW1jdLEEJFuoj4DvBTuGKh+GKcP/
k6opYMd8lTSnPm7NPBYJ08DMtyWUOk4Sx8MphJlZRDuXUyBzwdej6XR6klUT6Oml
/K7QO765r478IdK0bUuY+mTl9nfXJupSZS1L22zlr8ZKlFX8QvPQxXeRbx6ghxEC
f1iUApEra0h8ppcRJ7yM0pIDgMumt+xOSw7gcDHFZ4spU0EN6MtaaJDifbwVoS0o
uuCwoPfEvkn52jg6ftGEUgN7hy1Og7GA+cOI7D8iInc3gApMDSlWDzlj+IYa6xhF
r1EWAbq2IdYpNOs/562fW5IETZBSXli+yZCe51j5Y8LoJ3F2zvPyPdpPnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDNiG4eLvdYu9Gv7qxpXXEC3CVx1MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvTTJJYmg0dTkxaTcwYV91ckdsZGNRTGNKWEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLgqiAwQA
XyvGMA0GCSqGSIb3DQEBCwUAA4IBAQCUMhcJvTSYs3VSiDJPLaVyRG2m8VsbVQOK
vHH7wdTjebZopwNHasHRDUOYLdacz9lRHQIYPLbJeOiXNYpMIAT8QvEv4k7Zry08
DXYbrva1sEr9jYREY3DjR6hBtnbbamecaHo0ZUWjO3Xm4HFhG7LBIjhyYi7PnGvH
xeeuNyKMZxktl6ZVMwXHHOMxi2SOEOPlxmTANfldUpebCmhbFjmIgtGA6/kbJDdU
m3zZdJEBHp6bEZFiaXMMvze3Bfd0E9eRH02Ck4acqYpw2uWLsQ8wEY2Mg20wA8Ch
jsdp+DRwBwEcVEF8fFTwbtl8AVavntD6F9D00EXWsoIXQMBpOeD1
-----END CERTIFICATE-----