Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/84Rjpqogdovosf2wvByCLvTjQPY.roa
File:                     84Rjpqogdovosf2wvByCLvTjQPY.roa (raw, json)
Hash identifier:          vu8PDSGplln/jSDXjczHei4yffxix5OAjycGu7LoKfg=
Subject key identifier:   F3:84:63:A6:AA:20:76:8B:E8:B1:FD:B0:BC:1C:82:2E:F4:E3:40:F6
Certificate issuer:       /CN=8e1feb6b044bbf6111775bca038d65e6d2230f14
Certificate serial:       018CC870330BC7EE197D71B6CF5FFF54DEE6
Authority key identifier: 8E:1F:EB:6B:04:4B:BF:61:11:77:5B:CA:03:8D:65:E6:D2:23:0F:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jh_rawRLv2ERd1vKA41l5tIjDxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/84Rjpqogdovosf2wvByCLvTjQPY.roa
Signing time:             Tue 02 Jan 2024 04:30:45 +0000
ROA not before:           Tue 02 Jan 2024 04:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204076
IP address blocks:        88.210.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/jh_rawRLv2ERd1vKA41l5tIjDxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/jh_rawRLv2ERd1vKA41l5tIjDxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jh_rawRLv2ERd1vKA41l5tIjDxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:33:0b:c7:ee:19:7d:71:b6:cf:5f:ff:54:de:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1feb6b044bbf6111775bca038d65e6d2230f14
        Validity
            Not Before: Jan  2 04:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f38463a6aa20768be8b1fdb0bc1c822ef4e340f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d4:ab:47:2f:20:c2:26:6c:b7:3d:69:95:a6:
                    4c:95:67:52:cd:e1:55:dc:a6:4a:59:c4:ee:53:ab:
                    90:ba:da:94:12:6a:8d:65:55:7b:5e:bb:08:fc:11:
                    41:10:7b:c0:40:26:3a:0e:99:7f:ab:c4:ad:de:99:
                    13:d8:b9:74:59:51:e8:91:5b:b3:a8:3d:a7:7b:55:
                    10:bb:8c:01:44:17:65:fd:74:b8:38:b1:26:9d:68:
                    16:e4:2f:b1:7f:27:6a:df:ff:78:39:dc:aa:21:5d:
                    ea:dd:a2:fd:72:9d:a3:00:31:e5:4c:f2:73:19:84:
                    50:64:7d:a0:4d:93:6d:6a:83:04:fb:59:44:92:08:
                    41:ea:d0:ee:3b:fb:81:0d:0e:07:00:01:29:39:0c:
                    39:b4:ea:19:a3:86:54:fa:3b:c8:d9:fe:17:86:3f:
                    0f:a4:e0:a9:97:93:9b:b8:81:7d:52:18:db:77:46:
                    f0:b6:91:e3:44:33:76:6c:54:7e:9c:48:7b:03:f6:
                    f0:d1:cc:85:25:f0:08:1e:dc:48:01:33:0d:72:d7:
                    37:11:62:5a:54:60:d8:36:13:ca:1c:2c:c2:d8:4d:
                    41:e9:e2:de:61:02:f7:01:42:db:da:7b:08:2f:ee:
                    70:62:7f:4c:a3:ad:e7:d8:fb:d3:49:b2:06:14:6b:
                    a8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:84:63:A6:AA:20:76:8B:E8:B1:FD:B0:BC:1C:82:2E:F4:E3:40:F6
            X509v3 Authority Key Identifier:
                keyid:8E:1F:EB:6B:04:4B:BF:61:11:77:5B:CA:03:8D:65:E6:D2:23:0F:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jh_rawRLv2ERd1vKA41l5tIjDxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/84Rjpqogdovosf2wvByCLvTjQPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/jh_rawRLv2ERd1vKA41l5tIjDxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.210.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:23:2e:c9:26:b6:ba:87:81:d9:0a:2e:7f:f5:87:81:26:87:
         ee:d6:f9:1e:20:1b:47:30:d4:20:13:42:c6:63:85:61:d9:3b:
         4c:e0:87:2b:4b:57:11:23:91:2d:fd:2e:a6:fa:33:b5:cb:59:
         56:32:29:73:0b:46:8a:32:80:10:59:3a:b8:af:e5:cd:08:d7:
         c1:b5:60:0c:b4:3e:30:49:7f:bf:59:e4:bc:e0:0d:51:75:84:
         c1:2a:d5:df:e0:2c:cd:be:bb:6d:ce:9d:55:af:74:71:3e:cf:
         e6:4c:e5:9f:9a:5f:cf:49:b3:f3:5f:50:e3:ce:6a:9b:86:77:
         9e:bc:63:c1:38:92:d6:71:5f:ce:f1:f7:9f:b8:44:d8:0d:86:
         de:68:84:a7:3b:46:a3:2b:5c:9a:7e:0e:87:d9:10:1b:6d:2a:
         c9:31:18:36:8e:39:09:16:17:63:2b:f1:38:64:52:ee:6f:ed:
         78:64:e1:39:4c:f9:63:26:a5:55:70:d0:fe:f0:f7:8a:68:c6:
         9b:b3:55:b0:aa:d9:59:6b:2b:2e:5f:8e:ff:86:3f:5e:cc:f8:
         5d:a8:c1:81:4a:28:3a:2a:7d:0b:7e:5a:19:8e:a4:31:7e:1f:
         c0:d3:72:16:15:79:68:4e:bc:d0:e1:d6:f6:3f:91:f9:de:62:
         d2:1a:6e:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcDMLx+4ZfXG2z1//VN7mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWZlYjZiMDQ0YmJmNjExMTc3NWJjYTAzOGQ2NWU2ZDIy
MzBmMTQwHhcNMjQwMTAyMDQzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzg0NjNhNmFhMjA3NjhiZThiMWZkYjBiYzFjODIyZWY0ZTM0MGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNSrRy8gwiZstz1plaZMlWdSzeFV
3KZKWcTuU6uQutqUEmqNZVV7XrsI/BFBEHvAQCY6Dpl/q8St3pkT2Ll0WVHokVuz
qD2ne1UQu4wBRBdl/XS4OLEmnWgW5C+xfydq3/94OdyqIV3q3aL9cp2jADHlTPJz
GYRQZH2gTZNtaoME+1lEkghB6tDuO/uBDQ4HAAEpOQw5tOoZo4ZU+jvI2f4Xhj8P
pOCpl5ObuIF9Uhjbd0bwtpHjRDN2bFR+nEh7A/bw0cyFJfAIHtxIATMNctc3EWJa
VGDYNhPKHCzC2E1B6eLeYQL3AULb2nsIL+5wYn9Mo63n2PvTSbIGFGuozwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOEY6aqIHaL6LH9sLwcgi7040D2MB8GA1UdIwQY
MBaAFI4f62sES79hEXdbygONZebSIw8UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamhfcmF3Ukx2MkVSZDF2S0E0MWw1dElqRHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi83ZjFmMjktMTI0Mi00MWY0LWEwOTAt
MGQ4ZmNlM2ViZmJiLzEvODRSanBxb2dkb3Zvc2Yyd3ZCeUNMdlRqUVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi83ZjFmMjktMTI0Mi00MWY0LWEwOTAtMGQ4ZmNlM2ViZmJi
LzEvamhfcmF3Ukx2MkVSZDF2S0E0MWw1dElqRHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNIqMA0G
CSqGSIb3DQEBCwUAA4IBAQBzIy7JJra6h4HZCi5/9YeBJofu1vkeIBtHMNQgE0LG
Y4Vh2TtM4IcrS1cRI5Et/S6m+jO1y1lWMilzC0aKMoAQWTq4r+XNCNfBtWAMtD4w
SX+/WeS84A1RdYTBKtXf4CzNvrttzp1Vr3RxPs/mTOWfml/PSbPzX1Djzmqbhnee
vGPBOJLWcV/O8fefuETYDYbeaISnO0ajK1yafg6H2RAbbSrJMRg2jjkJFhdjK/E4
ZFLub+14ZOE5TPljJqVVcND+8PeKaMabs1WwqtlZaysuX47/hj9ezPhdqMGBSig6
Kn0LfloZjqQxfh/A03IWFXloTrzQ4db2P5H53mLSGm5Y
-----END CERTIFICATE-----