Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/mfdKgo1ufmdsezfxwH5zF_n6Xd0.roa
File:                     mfdKgo1ufmdsezfxwH5zF_n6Xd0.roa (raw, json)
Hash identifier:          lBg4+HuvSqXiLG5GY583+dZqMTmkksxYuMG3gh+YMPU=
Subject key identifier:   99:F7:4A:82:8D:6E:7E:67:6C:7B:37:F1:C0:7E:73:17:F9:FA:5D:DD
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       018CC2DB5EC56E952D54803C7D122EE44844
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/mfdKgo1ufmdsezfxwH5zF_n6Xd0.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198504
IP address blocks:        84.17.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5e:c5:6e:95:2d:54:80:3c:7d:12:2e:e4:48:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99f74a828d6e7e676c7b37f1c07e7317f9fa5ddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c8:28:d0:c6:45:a1:a2:55:68:a9:0d:89:7b:
                    17:bc:e7:65:fa:e7:3e:a8:67:c2:79:21:aa:9d:a8:
                    05:24:60:d2:fd:8c:a3:4b:7a:2e:3e:f0:d1:4f:dd:
                    6b:67:34:71:81:84:89:3f:f9:f8:b1:1b:bb:91:5e:
                    39:4c:9a:4f:f6:fd:e5:a9:41:99:9d:0d:64:0c:4a:
                    05:5f:a0:64:fb:a2:82:98:f3:d0:70:c5:9b:6d:a3:
                    4a:65:f5:cf:60:b3:49:8b:8c:4a:2c:db:97:4b:0f:
                    1d:37:60:0a:16:ce:8b:d7:49:56:c9:7d:07:46:d4:
                    0b:70:4e:55:a6:ae:b0:0b:c9:2b:f6:79:20:70:07:
                    ab:90:5f:2d:09:ef:25:0f:18:67:c2:8d:96:b4:34:
                    b3:49:c1:6d:c5:75:7d:bd:8b:9f:9d:05:56:a4:ee:
                    6d:11:2c:ec:42:a3:51:0d:68:63:23:c0:5c:38:7a:
                    86:86:60:99:07:1a:12:16:d5:86:51:73:98:b3:45:
                    c9:fc:9f:f8:02:28:31:67:55:6a:60:a3:9e:7a:94:
                    f4:cc:47:74:99:c3:81:84:47:b1:ee:e3:c7:86:2a:
                    1e:78:65:b6:c2:2f:c7:8a:84:0f:27:e0:4f:e2:8d:
                    e7:12:b7:8c:15:32:c3:33:f5:36:b1:b0:da:8a:6d:
                    36:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F7:4A:82:8D:6E:7E:67:6C:7B:37:F1:C0:7E:73:17:F9:FA:5D:DD
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/mfdKgo1ufmdsezfxwH5zF_n6Xd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f1:a2:25:eb:6f:81:ee:cc:21:f0:35:c0:16:32:07:94:d1:
         88:33:bf:de:e2:b0:70:5f:2a:80:a7:66:27:5f:c4:74:09:3f:
         54:84:6f:0e:aa:9f:99:ca:86:09:b9:f7:c2:92:80:4c:02:2b:
         d5:1e:3b:23:13:43:86:24:05:ac:04:de:03:9c:51:15:34:33:
         95:25:0d:66:60:a4:6d:7d:61:4a:af:4a:d0:b8:b3:1a:81:60:
         17:e3:1a:20:5f:f0:4d:09:71:81:be:df:6e:c9:d3:33:eb:ff:
         97:7c:80:40:a3:ab:a7:f8:88:5c:e5:2d:eb:e1:c0:e5:07:8e:
         de:1a:ed:54:b9:52:60:42:fa:4f:2e:54:8b:32:12:bf:8b:4c:
         75:41:f6:d7:7c:15:74:97:0c:53:e4:4a:e7:8f:d9:f6:54:27:
         5d:c0:87:41:ed:73:8f:b2:e1:0b:98:81:39:cc:a5:74:a5:7e:
         47:ab:c6:65:db:e3:cd:37:7c:fc:0a:94:1d:5e:96:26:5c:d4:
         7a:c4:3b:9e:9f:e7:ea:aa:bc:97:c9:8c:58:26:8f:f8:d5:3d:
         a9:78:3b:cc:61:2f:f4:94:43:d6:1a:d4:ec:de:6e:bd:d0:78:
         d4:6a:58:6a:e3:49:30:08:7e:4d:9b:52:27:ea:23:14:2c:ff:
         c4:88:ba:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC217FbpUtVIA8fRIu5EhEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWY3NGE4MjhkNmU3ZTY3NmM3YjM3ZjFjMDdlNzMxN2Y5ZmE1ZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8go0MZFoaJVaKkNiXsXvOdl+uc+
qGfCeSGqnagFJGDS/YyjS3ouPvDRT91rZzRxgYSJP/n4sRu7kV45TJpP9v3lqUGZ
nQ1kDEoFX6Bk+6KCmPPQcMWbbaNKZfXPYLNJi4xKLNuXSw8dN2AKFs6L10lWyX0H
RtQLcE5Vpq6wC8kr9nkgcAerkF8tCe8lDxhnwo2WtDSzScFtxXV9vYufnQVWpO5t
ESzsQqNRDWhjI8BcOHqGhmCZBxoSFtWGUXOYs0XJ/J/4AigxZ1VqYKOeepT0zEd0
mcOBhEex7uPHhioeeGW2wi/HioQPJ+BP4o3nEreMFTLDM/U2sbDaim02TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJn3SoKNbn5nbHs38cB+cxf5+l3dMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvbWZkS2dvMXVmbWRzZXpmeHdINXpGX242WGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFJMA0G
CSqGSIb3DQEBCwUAA4IBAQAz8aIl62+B7swh8DXAFjIHlNGIM7/e4rBwXyqAp2Yn
X8R0CT9UhG8Oqp+ZyoYJuffCkoBMAivVHjsjE0OGJAWsBN4DnFEVNDOVJQ1mYKRt
fWFKr0rQuLMagWAX4xogX/BNCXGBvt9uydMz6/+XfIBAo6un+Ihc5S3r4cDlB47e
Gu1UuVJgQvpPLlSLMhK/i0x1QfbXfBV0lwxT5Ernj9n2VCddwIdB7XOPsuELmIE5
zKV0pX5Hq8Zl2+PNN3z8CpQdXpYmXNR6xDuen+fqqryXyYxYJo/41T2peDvMYS/0
lEPWGtTs3m690HjUalhq40kwCH5Nm1In6iMULP/EiLrS
-----END CERTIFICATE-----