Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/F_R_Jm9IhutamwyNcJ2YXO6Y27E.roa
File:                     F_R_Jm9IhutamwyNcJ2YXO6Y27E.roa (raw, json)
Hash identifier:          6n6ViEjqcdKZtD/PHOi21b5RaPhasIGtuO6fXvu4Xuc=
Subject key identifier:   17:F4:7F:26:6F:48:86:EB:5A:9B:0C:8D:70:9D:98:5C:EE:98:DB:B1
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       018CC2DB5E24EDE4F042967036861BF33540
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/F_R_Jm9IhutamwyNcJ2YXO6Y27E.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198394
IP address blocks:        84.17.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5e:24:ed:e4:f0:42:96:70:36:86:1b:f3:35:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17f47f266f4886eb5a9b0c8d709d985cee98dbb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a9:0c:a8:90:a8:c6:22:5c:2e:ea:27:bd:99:
                    62:36:4b:d2:d4:94:dc:41:4d:1c:24:0b:e0:3f:3a:
                    fd:a5:1e:ea:1c:1a:c2:d6:c5:61:f0:1f:2b:f6:8a:
                    52:21:8b:e7:09:bf:be:ec:81:30:cc:56:06:03:ae:
                    fa:55:cb:9b:8f:88:2b:5c:0f:8c:5c:bc:17:c3:4d:
                    e0:a7:59:a4:0d:8a:11:97:be:a5:52:89:72:e6:cc:
                    43:ce:20:48:87:c2:06:c4:af:a9:cd:86:07:31:b9:
                    11:b4:8b:29:94:94:85:db:8a:1d:2d:18:85:54:ad:
                    9f:6e:72:b1:5f:9f:86:42:69:37:e8:c5:08:34:58:
                    d3:c9:86:28:eb:cc:ce:7e:03:fa:a9:71:5b:4c:48:
                    fd:13:93:61:bd:f3:bf:c3:e1:6f:98:63:0e:29:cd:
                    e0:af:62:b6:29:ca:76:f6:74:93:02:36:04:e5:74:
                    c6:4c:30:eb:dc:58:a6:2a:5f:eb:ff:d0:0e:52:5f:
                    61:39:84:81:b7:68:63:50:b1:71:af:e3:cd:cf:28:
                    d7:9d:13:5a:87:b6:23:1f:7b:b0:91:fb:ef:d4:8e:
                    b0:e1:48:ed:05:03:5d:2d:b7:2c:b7:64:d7:ad:cc:
                    c9:97:94:d4:1f:9a:db:e5:77:96:d0:fa:f3:2d:ad:
                    8c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F4:7F:26:6F:48:86:EB:5A:9B:0C:8D:70:9D:98:5C:EE:98:DB:B1
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/F_R_Jm9IhutamwyNcJ2YXO6Y27E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:43:df:5c:b6:5b:69:d3:84:74:13:95:a0:5e:74:d3:41:7e:
         1c:03:61:4d:f8:47:a7:a2:2c:c2:34:81:9d:fd:4c:54:b2:3c:
         b6:32:3a:86:70:ef:1d:fb:ae:c3:0f:23:b8:4b:c2:ee:b8:86:
         65:f6:5a:69:19:6b:ff:9a:e1:bf:3b:40:8c:78:fe:43:d0:ce:
         2a:f5:29:7b:2a:e4:12:5c:b8:23:fb:bc:04:96:3a:e6:97:14:
         6c:b8:ee:2e:e9:a6:33:1a:7e:f4:c0:a2:5c:93:32:a7:7e:63:
         cd:49:04:1d:77:05:46:ac:a1:dd:12:3b:2d:1a:90:8c:3c:64:
         92:57:07:40:fd:58:04:f7:f8:e7:03:07:a8:67:5a:e9:9f:e4:
         9d:76:89:b9:a8:32:92:5b:1b:0e:91:5f:c2:2e:02:51:6c:6f:
         3c:db:f8:c9:fe:13:63:40:6e:b1:83:90:21:93:ea:ad:c8:a0:
         36:cd:80:21:e7:1d:d1:91:df:a5:90:1a:71:fd:af:14:95:3a:
         8d:27:0c:02:a3:cc:63:1f:f0:59:1a:fc:b0:3e:bc:8f:88:01:
         ce:b7:e2:28:23:64:27:c3:81:c1:98:ae:cf:13:66:d5:7f:74:
         6c:dd:f9:ea:d4:33:58:d2:f1:29:9d:86:55:ee:db:d7:2c:e9:
         b4:54:06:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC214k7eTwQpZwNoYb8zVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Y0N2YyNjZmNDg4NmViNWE5YjBjOGQ3MDlkOTg1Y2VlOThkYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2KkMqJCoxiJcLuonvZliNkvS1JTc
QU0cJAvgPzr9pR7qHBrC1sVh8B8r9opSIYvnCb++7IEwzFYGA676Vcubj4grXA+M
XLwXw03gp1mkDYoRl76lUoly5sxDziBIh8IGxK+pzYYHMbkRtIsplJSF24odLRiF
VK2fbnKxX5+GQmk36MUINFjTyYYo68zOfgP6qXFbTEj9E5NhvfO/w+FvmGMOKc3g
r2K2Kcp29nSTAjYE5XTGTDDr3FimKl/r/9AOUl9hOYSBt2hjULFxr+PNzyjXnRNa
h7YjH3uwkfvv1I6w4UjtBQNdLbcst2TXrczJl5TUH5rb5XeW0PrzLa2M/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBf0fyZvSIbrWpsMjXCdmFzumNuxMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvRl9SX0ptOUlodXRhbXd5TmNKMllYTzZZMjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFKMA0G
CSqGSIb3DQEBCwUAA4IBAQBFQ99ctltp04R0E5WgXnTTQX4cA2FN+EenoizCNIGd
/UxUsjy2MjqGcO8d+67DDyO4S8LuuIZl9lppGWv/muG/O0CMeP5D0M4q9Sl7KuQS
XLgj+7wEljrmlxRsuO4u6aYzGn70wKJckzKnfmPNSQQddwVGrKHdEjstGpCMPGSS
VwdA/VgE9/jnAweoZ1rpn+Sddom5qDKSWxsOkV/CLgJRbG882/jJ/hNjQG6xg5Ah
k+qtyKA2zYAh5x3Rkd+lkBpx/a8UlTqNJwwCo8xjH/BZGvywPryPiAHOt+IoI2Qn
w4HBmK7PE2bVf3Rs3fnq1DNY0vEpnYZV7tvXLOm0VAb1
-----END CERTIFICATE-----