Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/xh4X1a2epskOxIwR96JBl94Qlxg.roa
File:                     xh4X1a2epskOxIwR96JBl94Qlxg.roa (raw, json)
Hash identifier:          6bii/Bdt+TcJdIXhazUXo/YR7T2wbaneVsd8dllVq98=
Subject key identifier:   C6:1E:17:D5:AD:9E:A6:C9:0E:C4:8C:11:F7:A2:41:97:DE:10:97:18
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D5AE58B647EBA392C46FE7733416F
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/xh4X1a2epskOxIwR96JBl94Qlxg.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50431
IP address blocks:        95.43.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5a:e5:8b:64:7e:ba:39:2c:46:fe:77:33:41:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c61e17d5ad9ea6c90ec48c11f7a24197de109718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:01:9a:aa:7b:80:ec:a5:4f:15:f6:62:2e:29:
                    1f:ce:55:de:2d:43:15:58:bb:c6:fb:74:21:f8:07:
                    aa:bd:9d:65:d1:2b:be:68:e8:4d:a1:6e:8e:fb:84:
                    14:39:1d:cf:dd:56:f9:9f:68:e0:c7:78:b5:8d:a0:
                    52:14:32:01:d2:15:11:6f:97:58:75:e6:38:60:0e:
                    86:0b:0d:79:f9:b8:a3:11:1f:30:68:83:da:49:82:
                    f2:35:76:47:7d:dd:d5:af:d8:68:6e:f8:f8:fc:39:
                    ea:24:46:3d:f6:7f:8d:4e:b8:89:94:73:c1:36:20:
                    db:ce:c6:09:ea:70:0b:cf:2f:ea:03:47:c7:82:19:
                    49:fa:cc:d2:3c:14:3d:31:7c:70:48:0c:80:dc:70:
                    7e:d5:2c:14:3a:38:28:7d:a0:65:a6:b1:1e:d7:28:
                    b5:ee:ee:1f:6a:0c:38:cb:fe:d8:7c:41:7f:d6:ed:
                    9e:47:68:fe:5d:75:40:58:cf:d0:78:40:f1:eb:b5:
                    be:44:60:ad:3a:09:0f:d5:5f:68:a9:d1:2b:9d:56:
                    9a:24:d1:55:0b:a6:03:d6:69:e0:e4:a1:dc:4d:92:
                    01:5b:6b:a6:44:b5:75:a7:02:20:c1:51:bf:df:30:
                    07:ab:4c:39:af:da:cd:ad:3b:69:c5:91:cc:da:21:
                    c1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1E:17:D5:AD:9E:A6:C9:0E:C4:8C:11:F7:A2:41:97:DE:10:97:18
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/xh4X1a2epskOxIwR96JBl94Qlxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.43.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:3f:36:33:4a:6f:4f:82:a9:73:5b:12:dc:e4:ba:e6:7f:98:
         9e:0d:51:28:33:87:af:93:68:b4:40:6f:57:05:30:c1:fb:68:
         b4:b4:43:82:b1:30:e6:e0:f2:36:e4:7b:b7:5d:0d:a3:86:35:
         06:f3:50:b9:e8:fc:9d:fe:31:1d:be:7c:de:7f:f9:5e:03:6f:
         24:5f:ab:a7:52:7a:43:24:13:1d:d9:28:e4:4e:fd:1f:70:56:
         83:2f:c2:e0:a4:c6:62:66:f2:4a:57:43:b8:f2:ab:f1:67:86:
         55:1f:6c:48:95:8c:42:e2:4b:9b:fa:47:35:b4:2e:47:17:7b:
         92:5e:10:aa:8f:93:33:bb:07:d1:63:40:28:e3:71:f3:55:a3:
         e2:11:4c:62:5c:5e:b8:0e:a5:3e:b4:b3:bd:9d:1d:a6:f5:16:
         f7:04:e9:cd:05:8e:c3:1f:9a:6e:87:fa:d4:bc:bd:a0:39:04:
         34:9d:c9:02:c3:c2:61:23:d8:44:6f:d6:5b:56:b3:f4:db:ca:
         1f:25:8b:b0:56:e6:54:85:0d:09:18:f2:3b:89:78:88:78:96:
         69:a2:f7:df:3b:f6:ee:ae:6f:3a:ea:6d:e9:e8:40:4a:72:11:
         50:89:15:d6:90:ba:0c:14:06:8b:c7:88:0c:2c:6d:5f:5c:7c:
         16:d8:f0:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVrli2R+ujksRv53M0FvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjFlMTdkNWFkOWVhNmM5MGVjNDhjMTFmN2EyNDE5N2RlMTA5NzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQGaqnuA7KVPFfZiLikfzlXeLUMV
WLvG+3Qh+AeqvZ1l0Su+aOhNoW6O+4QUOR3P3Vb5n2jgx3i1jaBSFDIB0hURb5dY
deY4YA6GCw15+bijER8waIPaSYLyNXZHfd3Vr9hobvj4/DnqJEY99n+NTriJlHPB
NiDbzsYJ6nALzy/qA0fHghlJ+szSPBQ9MXxwSAyA3HB+1SwUOjgofaBlprEe1yi1
7u4fagw4y/7YfEF/1u2eR2j+XXVAWM/QeEDx67W+RGCtOgkP1V9oqdErnVaaJNFV
C6YD1mng5KHcTZIBW2umRLV1pwIgwVG/3zAHq0w5r9rNrTtpxZHM2iHBLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYeF9WtnqbJDsSMEfeiQZfeEJcYMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEveGg0WDFhMmVwc2tPeEl3Ujk2SkJsOTRRbHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXyvVMA0G
CSqGSIb3DQEBCwUAA4IBAQAjPzYzSm9PgqlzWxLc5Lrmf5ieDVEoM4evk2i0QG9X
BTDB+2i0tEOCsTDm4PI25Hu3XQ2jhjUG81C56Pyd/jEdvnzef/leA28kX6unUnpD
JBMd2SjkTv0fcFaDL8LgpMZiZvJKV0O48qvxZ4ZVH2xIlYxC4kub+kc1tC5HF3uS
XhCqj5MzuwfRY0Ao43HzVaPiEUxiXF64DqU+tLO9nR2m9Rb3BOnNBY7DH5puh/rU
vL2gOQQ0nckCw8JhI9hEb9ZbVrP028ofJYuwVuZUhQ0JGPI7iXiIeJZpovffO/bu
rm866m3p6EBKchFQiRXWkLoMFAaLx4gMLG1fXHwW2PDs
-----END CERTIFICATE-----