Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/uPsq1YyVeix3vnYDoIkJXHaPtXw.roa
File:                     uPsq1YyVeix3vnYDoIkJXHaPtXw.roa (raw, json)
Hash identifier:          lPLh3qW6/g/+FJbZY0jibQz04D2LZ9DNEehz3o6NsCw=
Subject key identifier:   B8:FB:2A:D5:8C:95:7A:2C:77:BE:76:03:A0:89:09:5C:76:8F:B5:7C
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       018CC2DB5D33C0F78D27BC10B0382BE67452
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/uPsq1YyVeix3vnYDoIkJXHaPtXw.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        84.17.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 10:03:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5d:33:c0:f7:8d:27:bc:10:b0:38:2b:e6:74:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8fb2ad58c957a2c77be7603a089095c768fb57c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:26:b6:04:6e:a2:74:64:c9:69:7f:f5:06:9e:
                    00:b9:8f:64:e0:a0:a1:73:a3:e5:c9:15:b0:56:3c:
                    71:bf:1f:55:77:f4:0d:2e:47:fe:5c:23:ae:80:44:
                    fa:34:f8:04:f7:b3:19:4c:82:bf:1e:52:2f:3f:02:
                    19:fe:53:d5:0c:75:4f:c8:12:74:a9:7e:9e:10:f7:
                    4b:ca:23:43:3a:a6:a0:af:38:44:ef:16:8e:a9:e3:
                    0f:0d:23:f4:33:ba:a5:ba:cb:aa:de:9f:41:6f:56:
                    bd:ad:8a:45:3c:2a:1e:34:10:a5:ad:95:56:95:38:
                    4b:8d:44:fe:b7:ad:7b:54:d2:c2:32:f6:08:a7:46:
                    9a:c8:5a:dd:fa:ca:ca:c3:c4:9b:a3:11:4e:ff:55:
                    05:3f:c4:1f:08:a5:3b:fe:3b:20:ba:9a:ee:c6:fb:
                    cc:1e:8a:92:6d:f2:7b:e3:2e:90:45:cf:78:b0:77:
                    36:43:0c:d1:1b:60:c4:62:c0:83:85:cd:7e:af:36:
                    6b:2c:3e:59:75:8b:01:86:bc:c9:8f:a9:d1:de:fe:
                    37:47:a5:17:5f:56:ec:5a:38:05:c4:5b:4b:bf:3e:
                    2f:86:d0:a3:a1:26:81:02:74:98:05:ed:8a:63:36:
                    65:2e:1c:7f:ff:a9:ec:38:20:17:c1:f5:02:6a:f2:
                    0b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:FB:2A:D5:8C:95:7A:2C:77:BE:76:03:A0:89:09:5C:76:8F:B5:7C
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/uPsq1YyVeix3vnYDoIkJXHaPtXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:a4:eb:78:2d:87:e3:49:22:cc:69:d0:13:06:1c:74:25:73:
         e8:58:a6:d3:7c:7d:cb:b3:bd:3d:78:ec:38:18:ef:b3:10:ee:
         49:6b:d3:ac:dc:ed:54:71:df:bc:e3:14:53:35:01:d9:ea:4c:
         9f:25:db:99:55:f5:d3:c2:aa:24:36:2d:a9:fa:22:68:12:01:
         a7:3f:29:fa:75:d8:76:19:7e:4c:27:2a:fa:4e:b0:dd:7d:e0:
         7e:35:8d:35:85:c4:46:2c:ce:ee:40:01:55:94:86:52:09:af:
         17:06:0e:a9:3b:14:fc:f3:1b:7c:f0:7f:5d:4c:fa:60:ae:82:
         d9:6c:22:a4:1d:c5:f1:cb:55:a7:97:27:f9:9b:f7:07:99:91:
         57:ed:88:47:3a:aa:cf:e0:7d:ea:ed:d2:19:d1:5c:7e:6c:92:
         ec:f1:75:20:22:9f:cc:ac:78:99:ed:dc:0f:af:c5:50:f3:8b:
         31:f5:41:5b:9d:2a:88:23:8f:79:bf:fa:85:c9:67:da:2f:f1:
         7e:fa:56:ed:45:fb:06:ff:dd:50:77:7e:98:43:fc:c6:89:a5:
         ee:70:ce:4e:f6:9b:d1:a9:6f:fb:76:35:38:e1:8c:43:3b:e4:
         19:7e:73:1f:c8:6f:3d:0d:39:39:a2:ff:99:61:dc:70:f5:ee:
         92:82:ef:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC210zwPeNJ7wQsDgr5nRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGZiMmFkNThjOTU3YTJjNzdiZTc2MDNhMDg5MDk1Yzc2OGZiNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCa2BG6idGTJaX/1Bp4AuY9k4KCh
c6PlyRWwVjxxvx9Vd/QNLkf+XCOugET6NPgE97MZTIK/HlIvPwIZ/lPVDHVPyBJ0
qX6eEPdLyiNDOqagrzhE7xaOqeMPDSP0M7qlusuq3p9Bb1a9rYpFPCoeNBClrZVW
lThLjUT+t617VNLCMvYIp0aayFrd+srKw8SboxFO/1UFP8QfCKU7/jsgupruxvvM
HoqSbfJ74y6QRc94sHc2QwzRG2DEYsCDhc1+rzZrLD5ZdYsBhrzJj6nR3v43R6UX
X1bsWjgFxFtLvz4vhtCjoSaBAnSYBe2KYzZlLhx//6nsOCAXwfUCavILDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLj7KtWMlXosd752A6CJCVx2j7V8MB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvdVBzcTFZeVZlaXgzdm5ZRG9Ja0pYSGFQdFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFBMA0G
CSqGSIb3DQEBCwUAA4IBAQBSpOt4LYfjSSLMadATBhx0JXPoWKbTfH3Ls709eOw4
GO+zEO5Ja9Os3O1Ucd+84xRTNQHZ6kyfJduZVfXTwqokNi2p+iJoEgGnPyn6ddh2
GX5MJyr6TrDdfeB+NY01hcRGLM7uQAFVlIZSCa8XBg6pOxT88xt88H9dTPpgroLZ
bCKkHcXxy1Wnlyf5m/cHmZFX7YhHOqrP4H3q7dIZ0Vx+bJLs8XUgIp/MrHiZ7dwP
r8VQ84sx9UFbnSqII495v/qFyWfaL/F++lbtRfsG/91Qd36YQ/zGiaXucM5O9pvR
qW/7djU44YxDO+QZfnMfyG89DTk5ov+ZYdxw9e6Sgu9y
-----END CERTIFICATE-----