Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/238486-3e8d-4bc3-a19d-0a768b24125a/1/DB4wjBrwL2eZkVrmW1g38rjMqpw.roa
File:                     DB4wjBrwL2eZkVrmW1g38rjMqpw.roa (raw, json)
Hash identifier:          NThAzVn94D7QV7ccQk/9DFSXn/42WWXrBGFCNqEdMdk=
Subject key identifier:   0C:1E:30:8C:1A:F0:2F:67:99:91:5A:E6:5B:58:37:F2:B8:CC:AA:9C
Certificate issuer:       /CN=b0a13336c38eeba10cbac9c28caf1efcf44ac863
Certificate serial:       018CC86F6B38E89C1FDA7D8902081E7C138E
Authority key identifier: B0:A1:33:36:C3:8E:EB:A1:0C:BA:C9:C2:8C:AF:1E:FC:F4:4A:C8:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sKEzNsOO66EMusnCjK8e_PRKyGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/238486-3e8d-4bc3-a19d-0a768b24125a/1/DB4wjBrwL2eZkVrmW1g38rjMqpw.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197883
IP address blocks:        83.97.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/238486-3e8d-4bc3-a19d-0a768b24125a/1/sKEzNsOO66EMusnCjK8e_PRKyGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/238486-3e8d-4bc3-a19d-0a768b24125a/1/sKEzNsOO66EMusnCjK8e_PRKyGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sKEzNsOO66EMusnCjK8e_PRKyGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6b:38:e8:9c:1f:da:7d:89:02:08:1e:7c:13:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0a13336c38eeba10cbac9c28caf1efcf44ac863
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c1e308c1af02f6799915ae65b5837f2b8ccaa9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c3:57:1c:62:fa:de:dd:5e:32:39:af:25:6f:
                    c2:13:7d:d5:77:7e:66:c9:10:3b:a6:6d:52:41:07:
                    36:73:1d:94:40:bd:62:ac:50:37:ce:5a:7d:02:76:
                    4c:47:ad:d7:51:cd:97:9b:a4:de:fa:1a:6a:a7:16:
                    5c:97:c9:02:31:b9:39:95:fa:b2:57:bb:5f:90:e8:
                    07:05:8e:57:c1:d5:7c:db:33:9d:88:b7:50:77:73:
                    d5:e4:c8:c1:ec:56:cf:b2:b6:50:ff:25:5e:2d:e5:
                    4b:63:ab:3c:b0:77:54:5f:83:6d:40:d2:b2:c9:5b:
                    b8:98:aa:0a:77:b6:95:d2:16:68:44:fa:9c:fd:ae:
                    03:94:4e:60:8f:d0:43:27:7b:1f:c0:87:0c:10:5d:
                    94:9f:fc:f1:a3:8e:15:6f:db:bc:67:18:51:8e:cb:
                    a9:85:70:9a:1f:a6:b8:a0:6f:cf:7f:05:2d:17:74:
                    00:52:63:75:06:38:3f:66:cd:91:c5:16:db:3b:88:
                    60:ac:c3:28:c9:38:5e:9e:be:4c:0e:e3:c5:ad:80:
                    68:78:d7:08:02:94:3e:43:7b:c2:69:05:14:99:16:
                    f3:b4:eb:e1:53:f3:ec:96:53:29:c0:83:d3:19:36:
                    4e:8a:eb:82:3a:d6:d7:b5:5f:b2:22:60:8d:00:9e:
                    27:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:1E:30:8C:1A:F0:2F:67:99:91:5A:E6:5B:58:37:F2:B8:CC:AA:9C
            X509v3 Authority Key Identifier:
                keyid:B0:A1:33:36:C3:8E:EB:A1:0C:BA:C9:C2:8C:AF:1E:FC:F4:4A:C8:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sKEzNsOO66EMusnCjK8e_PRKyGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/238486-3e8d-4bc3-a19d-0a768b24125a/1/DB4wjBrwL2eZkVrmW1g38rjMqpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/238486-3e8d-4bc3-a19d-0a768b24125a/1/sKEzNsOO66EMusnCjK8e_PRKyGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:56:ee:46:5a:2f:54:fc:53:2b:74:1a:95:c9:bb:85:62:98:
         35:83:cc:3c:8e:58:0d:5c:fb:7f:d0:37:3f:0c:8d:d7:6e:83:
         83:77:9b:1c:e6:88:3a:f5:83:18:37:14:bb:86:d8:d4:a6:92:
         e9:c0:fe:7b:60:7c:82:21:d0:2b:e3:a8:5c:4d:0a:83:32:59:
         8c:80:50:60:af:87:5d:3d:2f:b1:81:a1:25:5a:c0:09:b4:de:
         52:83:48:b1:26:f7:94:ba:47:3d:85:00:65:24:8d:fd:7c:30:
         1e:a7:0b:3a:f2:6c:ac:61:f7:f9:dd:63:57:36:55:c3:03:45:
         b0:03:79:2c:60:a9:84:8b:2d:58:c0:29:56:e3:93:5b:bd:4e:
         6b:ff:25:ff:f4:3a:ad:53:0f:90:1f:dc:fb:db:d9:f0:99:17:
         a5:f1:15:04:49:07:40:6c:2c:56:7c:ce:25:25:bd:20:c0:95:
         11:0a:89:41:1c:0c:a6:65:fd:26:bd:2f:ae:f9:9f:cc:7a:bf:
         22:65:d4:86:8c:04:ac:68:21:aa:c1:f5:eb:9f:80:c5:d4:24:
         1c:c4:64:47:b4:fa:27:41:87:86:c7:04:b9:59:f9:81:fb:48:
         67:42:38:43:3a:a8:1a:f7:4e:83:3a:b6:96:44:73:c3:0e:03:
         c1:b1:4e:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2s46Jwf2n2JAggefBOOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYTEzMzM2YzM4ZWViYTEwY2JhYzljMjhjYWYxZWZjZjQ0
YWM4NjMwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzFlMzA4YzFhZjAyZjY3OTk5MTVhZTY1YjU4MzdmMmI4Y2NhYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsNXHGL63t1eMjmvJW/CE33Vd35m
yRA7pm1SQQc2cx2UQL1irFA3zlp9AnZMR63XUc2Xm6Te+hpqpxZcl8kCMbk5lfqy
V7tfkOgHBY5XwdV82zOdiLdQd3PV5MjB7FbPsrZQ/yVeLeVLY6s8sHdUX4NtQNKy
yVu4mKoKd7aV0hZoRPqc/a4DlE5gj9BDJ3sfwIcMEF2Un/zxo44Vb9u8ZxhRjsup
hXCaH6a4oG/PfwUtF3QAUmN1Bjg/Zs2RxRbbO4hgrMMoyThenr5MDuPFrYBoeNcI
ApQ+Q3vCaQUUmRbztOvhU/PsllMpwIPTGTZOiuuCOtbXtV+yImCNAJ4nfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAweMIwa8C9nmZFa5ltYN/K4zKqcMB8GA1UdIwQY
MBaAFLChMzbDjuuhDLrJwoyvHvz0SshjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0tFek5zT082NkVNdXNuQ2pLOGVfUFJLeUdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8yMzg0ODYtM2U4ZC00YmMzLWExOWQt
MGE3NjhiMjQxMjVhLzEvREI0d2pCcndMMmVaa1ZybVcxZzM4cmpNcXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8yMzg0ODYtM2U4ZC00YmMzLWExOWQtMGE3NjhiMjQxMjVh
LzEvc0tFek5zT082NkVNdXNuQ2pLOGVfUFJLeUdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU2FKMA0G
CSqGSIb3DQEBCwUAA4IBAQB1Vu5GWi9U/FMrdBqVybuFYpg1g8w8jlgNXPt/0Dc/
DI3XboODd5sc5og69YMYNxS7htjUppLpwP57YHyCIdAr46hcTQqDMlmMgFBgr4dd
PS+xgaElWsAJtN5Sg0ixJveUukc9hQBlJI39fDAepws68mysYff53WNXNlXDA0Ww
A3ksYKmEiy1YwClW45NbvU5r/yX/9DqtUw+QH9z729nwmRel8RUESQdAbCxWfM4l
Jb0gwJURColBHAymZf0mvS+u+Z/Mer8iZdSGjASsaCGqwfXrn4DF1CQcxGRHtPon
QYeGxwS5WfmB+0hnQjhDOqga906DOraWRHPDDgPBsU7S
-----END CERTIFICATE-----