Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/xDsz_EXiCuxqXinIhJm8wZBpNRo.roa
File:                     xDsz_EXiCuxqXinIhJm8wZBpNRo.roa (raw, json)
Hash identifier:          5ALLZjxS8p6i9HKiTMp9NvHlxTqJHFYm1JKbeypM0BE=
Subject key identifier:   C4:3B:33:FC:45:E2:0A:EC:6A:5E:29:C8:84:99:BC:C1:90:69:35:1A
Certificate issuer:       /CN=9b632edb635aa8f9c40a0495a7a63bb6539580bb
Certificate serial:       018CC26D87EB234FAE5B66F31519B70E0A4F
Authority key identifier: 9B:63:2E:DB:63:5A:A8:F9:C4:0A:04:95:A7:A6:3B:B6:53:95:80:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m2Mu22NaqPnECgSVp6Y7tlOVgLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/xDsz_EXiCuxqXinIhJm8wZBpNRo.roa
Signing time:             Mon 01 Jan 2024 00:30:07 +0000
ROA not before:           Mon 01 Jan 2024 00:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57837
IP address blocks:        84.201.98.0/24 maxlen: 24
                          2a00:1348:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/m2Mu22NaqPnECgSVp6Y7tlOVgLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/m2Mu22NaqPnECgSVp6Y7tlOVgLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m2Mu22NaqPnECgSVp6Y7tlOVgLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:87:eb:23:4f:ae:5b:66:f3:15:19:b7:0e:0a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b632edb635aa8f9c40a0495a7a63bb6539580bb
        Validity
            Not Before: Jan  1 00:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c43b33fc45e20aec6a5e29c88499bcc19069351a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f7:82:0f:0a:f8:8a:4f:19:7f:a6:52:64:04:
                    cc:7a:71:3e:29:3e:d8:fa:57:7d:40:e4:6b:a2:38:
                    57:34:ca:28:64:31:ec:de:b8:c2:0b:9e:b8:92:8a:
                    44:e4:dd:1b:dd:9a:e8:2a:e7:75:ff:c2:d1:ab:e6:
                    36:77:db:26:19:8a:11:fd:c8:0e:c9:3b:03:25:da:
                    d3:bd:b4:ae:4a:8b:a5:ac:19:5f:1b:ec:24:17:2e:
                    82:45:f2:3e:3b:b4:87:7f:d3:d0:8a:d5:0e:43:95:
                    f2:b8:d3:3d:58:84:e3:26:35:2c:60:de:22:a5:41:
                    0b:fa:f2:b5:66:7e:a8:31:41:d6:3f:9b:a6:b5:76:
                    da:d2:1f:00:03:c5:94:d3:a2:44:1c:a8:5a:c9:fe:
                    c2:9c:d1:86:fc:98:26:a8:72:15:a1:d5:9b:17:45:
                    a3:9a:e6:e8:72:7b:ff:fd:13:28:66:68:c2:c1:98:
                    a3:db:1d:05:43:48:a6:0a:09:0f:16:3a:93:0c:99:
                    19:a5:b4:63:ea:10:24:54:71:65:7a:d6:ff:86:6b:
                    3f:38:a8:4e:58:58:ac:82:c4:13:b7:be:c2:0d:29:
                    7f:e7:e5:55:c7:11:ac:95:6e:b1:ca:a2:71:8b:a7:
                    82:b1:df:92:10:58:5b:f4:5f:04:7b:de:56:b5:af:
                    88:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:3B:33:FC:45:E2:0A:EC:6A:5E:29:C8:84:99:BC:C1:90:69:35:1A
            X509v3 Authority Key Identifier:
                keyid:9B:63:2E:DB:63:5A:A8:F9:C4:0A:04:95:A7:A6:3B:B6:53:95:80:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m2Mu22NaqPnECgSVp6Y7tlOVgLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/xDsz_EXiCuxqXinIhJm8wZBpNRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/m2Mu22NaqPnECgSVp6Y7tlOVgLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.201.98.0/24
                IPv6:
                  2a00:1348:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:9e:93:aa:6e:f9:de:89:71:76:ce:b8:1c:58:33:7c:41:3b:
         53:b6:95:ef:3e:8a:df:9c:55:2f:a4:f8:03:7a:9d:4d:c0:b6:
         14:f3:50:fc:db:d5:b3:26:3f:9e:e6:67:92:2d:ee:38:79:5e:
         78:52:51:6b:30:04:33:e4:d5:bf:f5:3a:bc:85:d8:81:1f:42:
         1a:71:fc:a4:8a:54:e8:1f:5a:76:32:ca:77:0b:88:38:4f:c3:
         50:8a:0f:37:43:ac:1f:81:a0:17:24:ab:04:d8:1f:4a:1c:7e:
         78:93:00:6a:e4:2f:82:82:70:71:6e:e2:74:74:80:83:40:3a:
         e5:a7:f6:91:08:18:9c:74:b6:0b:ba:ba:51:df:46:6b:42:3c:
         70:04:a4:d8:16:60:da:00:fd:c1:27:04:a0:8b:50:22:a1:b9:
         bb:2e:54:0b:ed:78:6d:b5:36:f7:47:63:49:ca:08:5c:f5:71:
         8a:6e:ab:5c:ed:88:91:5d:1f:37:b7:64:82:f3:11:02:84:45:
         30:a4:9e:2d:a5:de:27:fa:9f:a6:d8:3c:76:fd:ab:b0:85:6b:
         f5:42:a9:ec:41:7a:7e:69:a1:e8:23:1c:a1:a0:5f:2b:f3:4f:
         11:d1:81:6b:66:2e:94:bc:12:f2:34:bd:dd:88:9d:bf:b1:e5:
         83:d9:88:82
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbYfrI0+uW2bzFRm3DgpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNjMyZWRiNjM1YWE4ZjljNDBhMDQ5NWE3YTYzYmI2NTM5
NTgwYmIwHhcNMjQwMTAxMDAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDNiMzNmYzQ1ZTIwYWVjNmE1ZTI5Yzg4NDk5YmNjMTkwNjkzNTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/eCDwr4ik8Zf6ZSZATMenE+KT7Y
+ld9QORrojhXNMooZDHs3rjCC564kopE5N0b3ZroKud1/8LRq+Y2d9smGYoR/cgO
yTsDJdrTvbSuSoulrBlfG+wkFy6CRfI+O7SHf9PQitUOQ5XyuNM9WITjJjUsYN4i
pUEL+vK1Zn6oMUHWP5umtXba0h8AA8WU06JEHKhayf7CnNGG/JgmqHIVodWbF0Wj
mubocnv//RMoZmjCwZij2x0FQ0imCgkPFjqTDJkZpbRj6hAkVHFletb/hms/OKhO
WFisgsQTt77CDSl/5+VVxxGslW6xyqJxi6eCsd+SEFhb9F8Ee95Wta+IDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMQ7M/xF4grsal4pyISZvMGQaTUaMB8GA1UdIwQY
MBaAFJtjLttjWqj5xAoElaemO7ZTlYC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTJNdTIyTmFxUG5FQ2dTVnA2WTd0bE9WZ0xzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kMDI5ODMtYjExYy00YmY3LWI0YjUt
ZThjOWFkNWYwNTFhLzEveERzel9FWGlDdXhxWGluSWhKbTh3WkJwTlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kMDI5ODMtYjExYy00YmY3LWI0YjUtZThjOWFkNWYwNTFh
LzEvbTJNdTIyTmFxUG5FQ2dTVnA2WTd0bE9WZ0xzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVMliMA8E
AgACMAkDBwAqABNIABAwDQYJKoZIhvcNAQELBQADggEBADmek6pu+d6JcXbOuBxY
M3xBO1O2le8+it+cVS+k+AN6nU3AthTzUPzb1bMmP57mZ5It7jh5XnhSUWswBDPk
1b/1OryF2IEfQhpx/KSKVOgfWnYyyncLiDhPw1CKDzdDrB+BoBckqwTYH0ocfniT
AGrkL4KCcHFu4nR0gINAOuWn9pEIGJx0tgu6ulHfRmtCPHAEpNgWYNoA/cEnBKCL
UCKhubsuVAvteG21NvdHY0nKCFz1cYpuq1ztiJFdHze3ZILzEQKERTCkni2l3if6
n6bYPHb9q7CFa/VCqexBen5poegjHKGgXyvzTxHRgWtmLpS8EvI0vd2Inb+x5YPZ
iII=
-----END CERTIFICATE-----