Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/dro4sIm0wrSA7Fjw4RBomw9EazA.roa
File:                     dro4sIm0wrSA7Fjw4RBomw9EazA.roa (raw, json)
Hash identifier:          9VjVQtDTfJfcjTAehAGJiQXU+a0BnuvD5zX/8GMziJ4=
Subject key identifier:   76:BA:38:B0:89:B4:C2:B4:80:EC:58:F0:E1:10:68:9B:0F:44:6B:30
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D659283C0CA8EE955113F25501A2D
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/dro4sIm0wrSA7Fjw4RBomw9EazA.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202439
IP address blocks:        95.43.236.0/24 maxlen: 24
                          95.43.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Nov 2024 16:12:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:65:92:83:c0:ca:8e:e9:55:11:3f:25:50:1a:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76ba38b089b4c2b480ec58f0e110689b0f446b30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c9:0d:ab:5a:4a:ac:8c:9a:21:0e:4c:67:7a:
                    6a:e0:47:c5:5c:a8:75:88:8d:c4:4d:ad:a8:28:bf:
                    fe:54:25:f7:49:63:cb:ce:c7:d1:f7:ae:ba:cd:9d:
                    86:31:60:85:41:c9:ed:eb:ef:e8:d6:c4:ac:a8:f4:
                    e6:8e:8f:83:1c:59:76:73:1d:1e:e3:45:8f:2a:46:
                    fd:3e:1d:24:90:3e:30:e8:73:2e:3a:09:09:96:30:
                    93:a6:fb:28:3b:b1:6c:9b:06:f0:03:58:dd:67:ef:
                    84:30:f1:5c:80:02:7b:d8:17:d8:af:57:ba:6a:ab:
                    71:a0:f5:c6:c4:77:47:96:55:53:bf:02:3e:96:3f:
                    6f:d8:87:39:22:29:eb:21:60:0d:d9:f8:3f:da:b1:
                    e1:47:9b:03:73:ef:b9:fa:8f:c3:c7:d1:99:9e:fd:
                    4e:a7:c5:86:f9:80:47:93:65:40:73:ee:7a:41:0d:
                    b2:c6:ef:1f:c8:ee:9a:48:28:83:e6:e7:74:0f:f2:
                    22:ef:2d:86:4d:a0:04:cc:37:18:a9:f7:4d:09:b1:
                    56:b3:03:a0:ed:cd:0d:31:59:ae:3d:48:7b:e7:0a:
                    5d:c3:4e:ab:cc:ea:1b:af:f2:cf:5b:d6:aa:7c:db:
                    82:a0:12:31:6c:4f:cf:d1:ad:6b:63:2e:c1:51:f4:
                    db:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:BA:38:B0:89:B4:C2:B4:80:EC:58:F0:E1:10:68:9B:0F:44:6B:30
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/dro4sIm0wrSA7Fjw4RBomw9EazA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.43.236.0/24
                  95.43.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ed:02:c9:5d:0e:0f:8f:10:27:5b:f5:76:d6:26:ab:65:45:
         b5:ed:0f:9a:9c:af:f7:1b:31:6a:7c:d5:ad:1a:43:5c:b6:bf:
         8e:39:6b:e0:06:da:41:15:21:96:58:a8:7b:51:6e:6c:55:6b:
         d8:eb:eb:ed:2b:38:2a:99:05:78:9c:96:f8:93:ea:65:59:1f:
         38:66:cf:be:5e:5a:2f:14:72:73:5b:47:8e:17:31:0a:e0:f2:
         07:3a:60:cd:a6:64:bb:a1:db:ec:93:bc:5d:84:b1:de:64:09:
         6a:23:73:2e:57:24:4d:d2:79:de:dd:13:47:56:9d:6a:13:f4:
         e9:73:c2:78:7b:4d:ed:9a:f4:07:24:7a:6d:86:54:17:10:f4:
         fa:79:5c:bb:a6:2d:e8:7d:fc:9a:4a:17:90:9b:a3:42:12:37:
         28:4e:47:d5:57:b8:1e:d4:14:1f:ed:13:ba:dd:1f:68:e5:b8:
         78:dd:63:4a:4d:fe:38:6f:39:28:17:76:3c:a5:a8:80:66:e7:
         9f:51:d0:cd:96:d4:53:37:33:0b:27:2a:57:c5:fe:9d:ab:54:
         a5:4d:be:00:f5:ea:5e:50:ba:53:84:66:3b:26:fe:44:a5:fc:
         db:66:e9:6b:8b:c7:dc:d1:14:bc:0a:90:e9:42:7c:7c:be:02:
         d8:39:bd:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbWWSg8DKjulVET8lUBotMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmJhMzhiMDg5YjRjMmI0ODBlYzU4ZjBlMTEwNjg5YjBmNDQ2YjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8kNq1pKrIyaIQ5MZ3pq4EfFXKh1
iI3ETa2oKL/+VCX3SWPLzsfR9666zZ2GMWCFQcnt6+/o1sSsqPTmjo+DHFl2cx0e
40WPKkb9Ph0kkD4w6HMuOgkJljCTpvsoO7FsmwbwA1jdZ++EMPFcgAJ72BfYr1e6
aqtxoPXGxHdHllVTvwI+lj9v2Ic5IinrIWAN2fg/2rHhR5sDc++5+o/Dx9GZnv1O
p8WG+YBHk2VAc+56QQ2yxu8fyO6aSCiD5ud0D/Ii7y2GTaAEzDcYqfdNCbFWswOg
7c0NMVmuPUh75wpdw06rzOobr/LPW9aqfNuCoBIxbE/P0a1rYy7BUfTbVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHa6OLCJtMK0gOxY8OEQaJsPRGswMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvZHJvNHNJbTB3clNBN0ZqdzRSQm9tdzlFYXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXyvsAwQA
XyvvMA0GCSqGSIb3DQEBCwUAA4IBAQBA7QLJXQ4PjxAnW/V21iarZUW17Q+anK/3
GzFqfNWtGkNctr+OOWvgBtpBFSGWWKh7UW5sVWvY6+vtKzgqmQV4nJb4k+plWR84
Zs++XlovFHJzW0eOFzEK4PIHOmDNpmS7odvsk7xdhLHeZAlqI3MuVyRN0nne3RNH
Vp1qE/Tpc8J4e03tmvQHJHpthlQXEPT6eVy7pi3offyaSheQm6NCEjcoTkfVV7ge
1BQf7RO63R9o5bh43WNKTf44bzkoF3Y8paiAZuefUdDNltRTNzMLJypXxf6dq1Sl
Tb4A9epeULpThGY7Jv5EpfzbZulri8fc0RS8CpDpQnx8vgLYOb1w
-----END CERTIFICATE-----