Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/itdrrrOTlxn4mTtEh4MerAyqNQE.roa
File:                     itdrrrOTlxn4mTtEh4MerAyqNQE.roa (raw, json)
Hash identifier:          CYXrk7xFPX0YQqMuz92ZFoL+Bs8PNJK658WXq+VYIwI=
Subject key identifier:   8A:D7:6B:AE:B3:93:97:19:F8:99:3B:44:87:83:1E:AC:0C:AA:35:01
Certificate issuer:       /CN=73b81640e1b64f51d2ba7d78f6777c056d1154bf
Certificate serial:       018CC64B4826A285768E4BC48F61806B3B36
Authority key identifier: 73:B8:16:40:E1:B6:4F:51:D2:BA:7D:78:F6:77:7C:05:6D:11:54:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c7gWQOG2T1HSun149nd8BW0RVL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/itdrrrOTlxn4mTtEh4MerAyqNQE.roa
Signing time:             Mon 01 Jan 2024 18:31:11 +0000
ROA not before:           Mon 01 Jan 2024 18:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61234
IP address blocks:        84.39.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/c7gWQOG2T1HSun149nd8BW0RVL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/c7gWQOG2T1HSun149nd8BW0RVL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c7gWQOG2T1HSun149nd8BW0RVL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:48:26:a2:85:76:8e:4b:c4:8f:61:80:6b:3b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73b81640e1b64f51d2ba7d78f6777c056d1154bf
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ad76baeb3939719f8993b4487831eac0caa3501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6c:1f:20:d6:c4:39:c9:ec:0a:63:02:07:92:
                    13:8c:7a:96:be:14:3e:7d:ec:f0:f9:8b:4c:ee:f8:
                    df:e6:d5:87:42:24:92:88:99:89:fc:55:3e:e2:44:
                    d7:81:fd:d4:a6:7a:30:91:32:75:ef:97:8b:cb:50:
                    88:2d:f7:1d:f0:b7:1f:03:c7:c0:02:2d:01:1d:01:
                    05:51:71:38:85:a0:f4:37:7b:aa:e5:4f:03:5c:4a:
                    1a:e7:8e:c6:2d:cd:6b:a7:3d:28:29:5c:b6:ee:be:
                    f9:99:51:8d:15:36:5a:46:17:e0:18:f6:c5:e3:50:
                    08:33:80:00:6f:fa:50:3d:e1:fd:aa:84:6e:f5:bd:
                    7d:94:a0:61:89:0f:63:00:89:d1:c6:00:2f:26:5e:
                    2f:0e:49:a4:00:f4:d0:b3:13:d2:0f:f8:9c:5e:26:
                    03:d0:02:b8:ab:40:23:3b:2e:65:81:3a:5c:e8:49:
                    5c:69:3b:b5:8d:7e:8d:f7:ba:89:60:21:4f:e4:55:
                    65:44:06:9e:86:49:27:a7:b3:4a:02:1d:c1:d3:7e:
                    40:f0:3d:de:9c:5d:f4:04:43:71:b4:88:13:e3:bc:
                    3e:ba:e3:8c:ab:54:32:c4:a3:e0:2a:a2:6e:4d:59:
                    a4:bc:0d:d0:a8:d9:4a:c1:1d:b8:e4:bb:1c:06:0f:
                    32:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D7:6B:AE:B3:93:97:19:F8:99:3B:44:87:83:1E:AC:0C:AA:35:01
            X509v3 Authority Key Identifier:
                keyid:73:B8:16:40:E1:B6:4F:51:D2:BA:7D:78:F6:77:7C:05:6D:11:54:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7gWQOG2T1HSun149nd8BW0RVL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/itdrrrOTlxn4mTtEh4MerAyqNQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/c7gWQOG2T1HSun149nd8BW0RVL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:0b:b6:1f:3f:95:61:3a:62:92:40:15:f5:de:57:55:42:f6:
         30:7d:f3:99:69:d3:fb:b9:6f:5a:fc:1e:0b:02:60:83:d0:cc:
         ef:45:8c:cd:f8:d9:fd:61:f7:37:7e:50:88:11:65:79:24:e6:
         e6:30:ff:ba:d4:69:d0:9f:78:07:17:93:b4:7b:58:28:65:8b:
         31:e9:cb:f9:db:fb:1a:04:93:53:67:d9:05:ac:17:ab:52:17:
         ee:a2:5f:05:8a:de:34:02:8f:8a:c3:a6:60:ec:fd:62:e9:c8:
         04:6f:92:25:d7:bc:ae:b8:53:e5:9d:41:d0:ba:58:98:d3:4b:
         b7:07:0e:59:4b:8b:a7:f6:6d:3b:c5:a1:f5:fe:bc:12:3d:43:
         a6:50:de:ac:d6:72:e8:89:95:23:65:e6:95:9b:08:ff:42:d1:
         3b:6c:31:66:0f:8e:f7:a4:7d:bb:d9:8c:bd:4d:d6:0c:3c:80:
         31:a8:1a:87:27:df:3b:d0:5f:76:b4:19:7d:7f:55:c8:8b:d8:
         c0:f7:91:d3:ca:31:35:0c:9a:dc:6c:37:b8:a7:54:5a:37:87:
         5f:2d:94:30:a8:8d:38:70:99:dd:51:d3:7e:fb:9a:2b:c6:5f:
         8b:73:1b:6d:ff:71:81:c8:84:42:21:03:f2:e9:8a:d1:fd:55:
         58:eb:37:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0gmooV2jkvEj2GAazs2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYjgxNjQwZTFiNjRmNTFkMmJhN2Q3OGY2Nzc3YzA1NmQx
MTU0YmYwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQ3NmJhZWIzOTM5NzE5Zjg5OTNiNDQ4NzgzMWVhYzBjYWEzNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2wfINbEOcnsCmMCB5ITjHqWvhQ+
fezw+YtM7vjf5tWHQiSSiJmJ/FU+4kTXgf3UpnowkTJ175eLy1CILfcd8LcfA8fA
Ai0BHQEFUXE4haD0N3uq5U8DXEoa547GLc1rpz0oKVy27r75mVGNFTZaRhfgGPbF
41AIM4AAb/pQPeH9qoRu9b19lKBhiQ9jAInRxgAvJl4vDkmkAPTQsxPSD/icXiYD
0AK4q0AjOy5lgTpc6ElcaTu1jX6N97qJYCFP5FVlRAaehkknp7NKAh3B035A8D3e
nF30BENxtIgT47w+uuOMq1QyxKPgKqJuTVmkvA3QqNlKwR245LscBg8yOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrXa66zk5cZ+Jk7RIeDHqwMqjUBMB8GA1UdIwQY
MBaAFHO4FkDhtk9R0rp9ePZ3fAVtEVS/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzdnV1FPRzJUMUhTdW4xNDluZDhCVzBSVkw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9hYmIxNTMtNTFiMy00ODQ5LTg5ODUt
ZDMwZjkxNjhmODAxLzEvaXRkcnJyT1RseG40bVR0RWg0TWVyQXlxTlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9hYmIxNTMtNTFiMy00ODQ5LTg5ODUtZDMwZjkxNjhmODAx
LzEvYzdnV1FPRzJUMUhTdW4xNDluZDhCVzBSVkw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCeZMA0G
CSqGSIb3DQEBCwUAA4IBAQASC7YfP5VhOmKSQBX13ldVQvYwffOZadP7uW9a/B4L
AmCD0MzvRYzN+Nn9Yfc3flCIEWV5JObmMP+61GnQn3gHF5O0e1goZYsx6cv52/sa
BJNTZ9kFrBerUhfuol8Fit40Ao+Kw6Zg7P1i6cgEb5Il17yuuFPlnUHQuliY00u3
Bw5ZS4un9m07xaH1/rwSPUOmUN6s1nLoiZUjZeaVmwj/QtE7bDFmD473pH272Yy9
TdYMPIAxqBqHJ9870F92tBl9f1XIi9jA95HTyjE1DJrcbDe4p1RaN4dfLZQwqI04
cJndUdN++5orxl+Lcxtt/3GByIRCIQPy6YrR/VVY6ze2
-----END CERTIFICATE-----