Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/Kh-0g0xLvh9MdYIvZuGKVVNjkb8.roa
File:                     Kh-0g0xLvh9MdYIvZuGKVVNjkb8.roa (raw, json)
Hash identifier:          IBnHmj9TO0kb1Fec3LoO+GCCdF37MwvsZIebn27n5Eg=
Subject key identifier:   2A:1F:B4:83:4C:4B:BE:1F:4C:75:82:2F:66:E1:8A:55:53:63:91:BF
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       018CC2DB5DCAC5B1FB2077315EE892A7A2EE
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/Kh-0g0xLvh9MdYIvZuGKVVNjkb8.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41933
IP address blocks:        84.17.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5d:ca:c5:b1:fb:20:77:31:5e:e8:92:a7:a2:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a1fb4834c4bbe1f4c75822f66e18a55536391bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9f:9a:65:2b:a2:78:fd:db:d9:c9:93:95:b5:
                    d7:55:d3:57:40:67:fe:1d:4c:1c:07:0a:a1:23:60:
                    63:0c:ef:5d:e8:35:bf:2e:43:ff:64:06:3b:2a:80:
                    b2:20:be:cf:37:be:4f:c5:e5:77:4e:f4:9c:75:2f:
                    26:97:41:c9:2f:48:0b:e2:88:4d:d5:7e:89:ca:9c:
                    b4:ef:5f:9e:91:1d:86:4a:53:aa:4d:fe:7c:21:53:
                    75:2e:d5:16:2b:40:11:43:94:82:79:00:c8:5c:cb:
                    e0:4d:41:35:86:fe:e8:ed:33:91:d9:e6:dc:0a:10:
                    a0:0a:a3:66:2d:5b:2c:97:21:8a:38:ad:c1:6d:b3:
                    01:60:76:03:83:ed:16:2b:59:61:e6:98:d6:6e:64:
                    08:d5:15:fd:36:46:0d:88:b7:6e:ea:a8:74:7c:aa:
                    26:41:60:84:5a:d4:c7:a9:78:28:a6:a3:90:4d:6b:
                    09:dd:ce:ec:df:7b:c8:b7:03:28:43:57:3d:ff:0f:
                    6d:7d:85:13:bb:75:b3:dd:cd:bb:01:83:fd:2e:8e:
                    72:be:0c:ca:97:28:58:07:16:f5:1e:7b:cf:15:b5:
                    e5:c2:e6:97:ef:ca:5f:39:c2:e8:65:62:20:87:1c:
                    01:3b:e0:22:5f:a1:63:80:f9:25:a8:ef:31:1f:ee:
                    37:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:1F:B4:83:4C:4B:BE:1F:4C:75:82:2F:66:E1:8A:55:53:63:91:BF
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/Kh-0g0xLvh9MdYIvZuGKVVNjkb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:15:32:81:7d:67:8f:74:91:49:e8:9c:a3:d8:3d:93:e8:95:
         84:8c:7e:12:e1:55:8e:d2:59:e1:87:a9:2e:1f:ed:a0:69:e4:
         39:d3:3b:db:af:44:7b:72:fa:1f:63:82:f6:72:2c:eb:67:c9:
         96:e3:f1:25:25:a2:61:99:64:83:d0:a3:89:f8:54:e2:98:b8:
         d6:68:11:3f:83:32:5a:f9:eb:46:1d:c3:bf:df:2d:2c:da:6f:
         da:98:2b:02:96:ca:af:dc:c4:2b:e4:bb:bf:0a:09:f3:b5:e1:
         e1:af:d4:d5:c0:32:8c:54:f1:b0:ce:19:7f:ce:e7:5e:a6:a5:
         4f:f2:81:b7:84:e5:04:14:9e:d8:da:01:a5:41:fe:9a:41:b2:
         07:de:d1:f4:bc:1a:1c:ae:8b:c2:df:81:4c:be:c6:4a:e5:38:
         7d:23:30:36:46:44:ed:9d:36:77:68:ca:c0:49:d0:34:d0:4d:
         44:f4:0d:39:36:4e:ba:8c:ab:6e:a5:5a:28:8c:30:8f:66:66:
         2e:c7:9d:d4:53:2e:28:0e:1e:f3:c4:b7:28:16:12:3e:66:fc:
         ea:61:8d:94:f3:86:80:28:c9:9b:e7:4d:c3:53:17:c0:9d:ae:
         86:c0:9a:41:7c:1a:9c:ed:87:d6:df:eb:1d:a4:18:21:1c:c1:
         4a:4a:e5:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC213KxbH7IHcxXuiSp6LuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTFmYjQ4MzRjNGJiZTFmNGM3NTgyMmY2NmUxOGE1NTUzNjM5MWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJ+aZSuieP3b2cmTlbXXVdNXQGf+
HUwcBwqhI2BjDO9d6DW/LkP/ZAY7KoCyIL7PN75PxeV3TvScdS8ml0HJL0gL4ohN
1X6Jypy071+ekR2GSlOqTf58IVN1LtUWK0ARQ5SCeQDIXMvgTUE1hv7o7TOR2ebc
ChCgCqNmLVsslyGKOK3BbbMBYHYDg+0WK1lh5pjWbmQI1RX9NkYNiLdu6qh0fKom
QWCEWtTHqXgopqOQTWsJ3c7s33vItwMoQ1c9/w9tfYUTu3Wz3c27AYP9Lo5yvgzK
lyhYBxb1HnvPFbXlwuaX78pfOcLoZWIghxwBO+AiX6FjgPklqO8xH+43kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoftINMS74fTHWCL2bhilVTY5G/MB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvS2gtMGcweEx2aDlNZFlJdlp1R0tWVk5qa2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFbMA0G
CSqGSIb3DQEBCwUAA4IBAQCGFTKBfWePdJFJ6Jyj2D2T6JWEjH4S4VWO0lnhh6ku
H+2gaeQ50zvbr0R7cvofY4L2cizrZ8mW4/ElJaJhmWSD0KOJ+FTimLjWaBE/gzJa
+etGHcO/3y0s2m/amCsClsqv3MQr5Lu/CgnzteHhr9TVwDKMVPGwzhl/zudepqVP
8oG3hOUEFJ7Y2gGlQf6aQbIH3tH0vBocrovC34FMvsZK5Th9IzA2RkTtnTZ3aMrA
SdA00E1E9A05Nk66jKtupVoojDCPZmYux53UUy4oDh7zxLcoFhI+ZvzqYY2U84aA
KMmb503DUxfAna6GwJpBfBqc7YfW3+sdpBghHMFKSuVz
-----END CERTIFICATE-----