Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/RW6wxE8PmfS_l7583dlKYTuULiM.roa
File:                     RW6wxE8PmfS_l7583dlKYTuULiM.roa (raw, json)
Hash identifier:          NA5N2aFRPb0HCLNpvXiULoI8i28V3/zHm+oTFj2hW9U=
Subject key identifier:   45:6E:B0:C4:4F:0F:99:F4:BF:97:BE:7C:DD:D9:4A:61:3B:94:2E:23
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       019421B21E7AD0CF132D45AF5213E800B901
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/RW6wxE8PmfS_l7583dlKYTuULiM.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198394
IP address blocks:        84.17.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1e:7a:d0:cf:13:2d:45:af:52:13:e8:00:b9:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=456eb0c44f0f99f4bf97be7cddd94a613b942e23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:8a:5b:10:5b:b2:0d:c9:6b:e9:5b:06:c9:f2:
                    b5:68:61:5a:32:b6:a8:8f:4c:e2:c2:0c:82:fb:0e:
                    41:70:b4:3b:a1:ae:5b:01:4f:e1:0f:69:a4:ee:48:
                    14:9b:65:3c:a3:cc:45:4e:c5:04:a2:ef:60:ae:2d:
                    85:6f:5b:b3:9b:fd:99:aa:97:ca:9a:62:e2:f5:cf:
                    8b:49:5f:10:d0:3d:2b:a4:8e:83:5e:f4:22:f1:e1:
                    4f:81:b7:bf:f4:ed:94:ad:7f:01:50:50:2c:4e:30:
                    10:fb:85:96:41:c3:df:fb:0d:3d:d7:73:92:02:44:
                    4e:fc:24:97:cf:a7:57:1c:c2:56:7a:0d:36:2f:58:
                    b6:e8:ad:a2:d9:5e:5a:3c:b4:42:b1:12:27:4c:7c:
                    61:fe:59:44:29:92:e3:fb:f9:29:70:d3:76:15:a2:
                    e0:cb:9d:04:f0:47:47:7c:fd:7c:13:07:9a:a7:04:
                    ca:8e:df:84:42:61:67:3e:e7:76:f5:02:3f:6d:58:
                    63:05:0d:74:29:81:d2:41:3c:03:fc:f5:54:da:bd:
                    00:9d:de:5f:6f:01:80:f3:87:2b:ab:73:b4:14:d8:
                    83:82:3a:3e:72:24:23:7f:d9:61:fd:05:33:68:45:
                    95:f1:ad:73:dc:8e:65:95:f9:28:16:99:b2:bc:1f:
                    be:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:6E:B0:C4:4F:0F:99:F4:BF:97:BE:7C:DD:D9:4A:61:3B:94:2E:23
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/RW6wxE8PmfS_l7583dlKYTuULiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:65:fc:19:78:27:91:29:71:2a:4c:a4:e7:88:60:16:59:96:
         08:45:13:87:45:4d:39:c5:6b:d2:b8:05:4a:f3:f5:50:e4:8d:
         b2:14:f8:55:0e:db:55:89:75:a3:6a:95:68:89:34:e4:2f:97:
         5b:b9:10:b6:37:bf:b3:26:c4:43:5e:bb:6f:92:37:cd:c9:1d:
         58:2c:13:a3:25:f8:f7:3a:f5:d8:66:0e:7e:6f:df:93:86:8a:
         dd:f3:2a:4e:b7:dc:82:b1:b2:4c:d0:b2:fa:bb:48:07:ab:ae:
         76:60:0b:46:de:d3:af:ae:4e:92:d8:eb:88:e6:ef:a8:29:33:
         75:27:8b:f8:46:ad:f5:4b:67:8b:d2:65:48:8c:d0:0d:95:58:
         48:db:27:e4:20:b6:46:b3:05:b8:d7:b0:38:ac:e9:57:ce:d8:
         21:5a:00:0f:ff:57:34:f6:d2:41:94:92:72:ac:a7:ba:3d:12:
         6d:37:4e:dc:8f:dd:f1:74:70:a3:0f:db:b9:39:af:31:d5:4b:
         d7:c1:e3:44:3a:12:8d:e3:6e:ff:12:65:a1:14:6c:b5:1b:98:
         b3:ef:4d:d9:e0:c7:ce:db:25:33:5f:13:9a:52:ae:88:4a:d7:
         0f:6b:ca:ed:b6:06:75:cf:b6:86:a1:b2:ca:b6:cd:ec:3c:95:
         a6:12:e1:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsh560M8TLUWvUhPoALkBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTZlYjBjNDRmMGY5OWY0YmY5N2JlN2NkZGQ5NGE2MTNiOTQyZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YpbEFuyDclr6VsGyfK1aGFaMrao
j0ziwgyC+w5BcLQ7oa5bAU/hD2mk7kgUm2U8o8xFTsUEou9gri2Fb1uzm/2ZqpfK
mmLi9c+LSV8Q0D0rpI6DXvQi8eFPgbe/9O2UrX8BUFAsTjAQ+4WWQcPf+w0913OS
AkRO/CSXz6dXHMJWeg02L1i26K2i2V5aPLRCsRInTHxh/llEKZLj+/kpcNN2FaLg
y50E8EdHfP18EweapwTKjt+EQmFnPud29QI/bVhjBQ10KYHSQTwD/PVU2r0And5f
bwGA84crq3O0FNiDgjo+ciQjf9lh/QUzaEWV8a1z3I5llfkoFpmyvB++nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVusMRPD5n0v5e+fN3ZSmE7lC4jMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvUlc2d3hFOFBtZlNfbDc1ODNkbEtZVHVVTGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFKMA0G
CSqGSIb3DQEBCwUAA4IBAQBMZfwZeCeRKXEqTKTniGAWWZYIRROHRU05xWvSuAVK
8/VQ5I2yFPhVDttViXWjapVoiTTkL5dbuRC2N7+zJsRDXrtvkjfNyR1YLBOjJfj3
OvXYZg5+b9+Thord8ypOt9yCsbJM0LL6u0gHq652YAtG3tOvrk6S2OuI5u+oKTN1
J4v4Rq31S2eL0mVIjNANlVhI2yfkILZGswW417A4rOlXztghWgAP/1c09tJBlJJy
rKe6PRJtN07cj93xdHCjD9u5Oa8x1UvXweNEOhKN427/EmWhFGy1G5iz703Z4MfO
2yUzXxOaUq6IStcPa8rttgZ1z7aGobLKts3sPJWmEuHc
-----END CERTIFICATE-----