Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/hMfGc-wEmzwrPDdW6aT_41YgbMM.roa
File:                     hMfGc-wEmzwrPDdW6aT_41YgbMM.roa (raw, json)
Hash identifier:          hfZoUykf7x20R9zDmcTdYwgvkk0Tql+VrdNsCl+LJjY=
Subject key identifier:   84:C7:C6:73:EC:04:9B:3C:2B:3C:37:56:E9:A4:FF:E3:56:20:6C:C3
Certificate issuer:       /CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Certificate serial:       018CC5000A9F4B11F20667F78959A8C6EDAF
Authority key identifier: DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/hMfGc-wEmzwrPDdW6aT_41YgbMM.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        217.147.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0a:9f:4b:11:f2:06:67:f7:89:59:a8:c6:ed:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df9c64e170b7f255d7ca30035d6532c8957eb169
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84c7c673ec049b3c2b3c3756e9a4ffe356206cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0a:c9:a6:4d:88:00:0a:cb:06:61:19:a5:87:
                    e8:d1:e7:47:c6:52:fc:72:3f:b5:16:05:4d:e6:82:
                    3f:84:02:cd:05:3f:06:65:f2:0a:33:0d:87:dd:91:
                    bc:31:60:2f:d4:e8:15:5f:36:7b:af:7a:05:22:fa:
                    fe:ba:28:a0:88:0e:63:d3:23:82:6e:ff:e8:1d:32:
                    d5:c8:03:18:52:cd:21:47:1a:39:85:1e:37:17:70:
                    be:90:67:ae:d6:c3:eb:33:e4:0e:cc:2b:71:79:8a:
                    6d:3a:df:4d:87:44:5b:f1:bc:60:51:00:2e:aa:ca:
                    9d:9e:e3:17:a9:e3:31:29:18:42:e2:68:40:66:31:
                    26:08:6b:2f:f4:b1:2d:35:2b:f2:db:ba:43:f1:69:
                    85:ad:a6:5b:ac:2e:9c:8b:01:7d:14:00:92:6c:a9:
                    7c:b0:4b:7f:f2:4f:ad:65:1c:c7:87:4a:4c:e8:75:
                    a7:7d:60:63:00:4e:fd:14:67:83:75:ca:b6:11:40:
                    6c:62:fa:c1:e0:0c:74:e1:b9:03:98:b0:42:c1:e1:
                    ee:14:1f:7f:86:c7:94:4f:84:b0:55:39:ba:42:5d:
                    17:cc:96:10:02:09:6b:2c:59:51:95:85:bd:67:58:
                    43:e4:9c:21:fd:0d:55:ea:61:32:d0:88:1f:98:58:
                    cb:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C7:C6:73:EC:04:9B:3C:2B:3C:37:56:E9:A4:FF:E3:56:20:6C:C3
            X509v3 Authority Key Identifier:
                keyid:DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/hMfGc-wEmzwrPDdW6aT_41YgbMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:48:5e:2a:23:01:d6:e2:31:e8:9e:9a:cc:1b:bf:0c:da:e5:
         ec:d4:60:8a:0d:bd:9c:f4:74:18:c6:5c:88:bf:1b:88:cc:4d:
         8a:2b:f6:d9:d8:bb:3e:eb:66:05:33:81:6d:77:a2:d0:0c:2e:
         e9:54:34:a6:97:29:08:d6:27:12:ac:13:c2:3f:46:60:19:4d:
         56:58:23:c1:8c:62:f8:13:db:ed:8e:0a:73:e2:39:89:03:96:
         c9:4d:1c:b0:cb:65:00:41:e3:b4:f8:12:25:80:ad:8f:4a:8c:
         24:7c:3d:d6:1e:f3:32:ce:42:67:65:5d:6f:5f:13:15:29:b8:
         f2:40:92:ce:54:87:a6:08:4e:de:43:6d:fc:39:e0:20:57:a6:
         fc:91:93:eb:f7:45:ec:98:97:fc:ab:4e:68:27:6e:79:71:c7:
         c7:fa:c4:90:e6:4b:2a:cd:17:0b:75:75:a5:3a:37:db:ec:0a:
         7f:c4:ef:5f:f1:80:43:ea:e4:fb:b9:35:62:24:56:10:39:ee:
         f6:e9:7b:39:4e:27:8b:be:8b:c3:c8:b2:3e:a7:46:48:1d:63:
         94:87:a9:3f:70:30:7c:cf:d7:a0:42:9b:44:49:9d:eb:e1:5c:
         bd:11:96:98:2d:26:89:a7:2f:56:24:bc:83:f0:78:06:9c:5d:
         74:10:0c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAAqfSxHyBmf3iVmoxu2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOWM2NGUxNzBiN2YyNTVkN2NhMzAwMzVkNjUzMmM4OTU3
ZWIxNjkwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGM3YzY3M2VjMDQ5YjNjMmIzYzM3NTZlOWE0ZmZlMzU2MjA2Y2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwrJpk2IAArLBmEZpYfo0edHxlL8
cj+1FgVN5oI/hALNBT8GZfIKMw2H3ZG8MWAv1OgVXzZ7r3oFIvr+uiigiA5j0yOC
bv/oHTLVyAMYUs0hRxo5hR43F3C+kGeu1sPrM+QOzCtxeYptOt9Nh0Rb8bxgUQAu
qsqdnuMXqeMxKRhC4mhAZjEmCGsv9LEtNSvy27pD8WmFraZbrC6ciwF9FACSbKl8
sEt/8k+tZRzHh0pM6HWnfWBjAE79FGeDdcq2EUBsYvrB4Ax04bkDmLBCweHuFB9/
hseUT4SwVTm6Ql0XzJYQAglrLFlRlYW9Z1hD5Jwh/Q1V6mEy0IgfmFjLbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITHxnPsBJs8Kzw3Vumk/+NWIGzDMB8GA1UdIwQY
MBaAFN+cZOFwt/JV18owA11lMsiVfrFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTIt
MjhjYjNiYmYwNWFlLzEvaE1mR2Mtd0VtendyUERkVzZhVF80MVlnYk1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTItMjhjYjNiYmYwNWFl
LzEvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZMEMA0G
CSqGSIb3DQEBCwUAA4IBAQBmSF4qIwHW4jHonprMG78M2uXs1GCKDb2c9HQYxlyI
vxuIzE2KK/bZ2Ls+62YFM4Ftd6LQDC7pVDSmlykI1icSrBPCP0ZgGU1WWCPBjGL4
E9vtjgpz4jmJA5bJTRywy2UAQeO0+BIlgK2PSowkfD3WHvMyzkJnZV1vXxMVKbjy
QJLOVIemCE7eQ238OeAgV6b8kZPr90XsmJf8q05oJ255ccfH+sSQ5ksqzRcLdXWl
Ojfb7Ap/xO9f8YBD6uT7uTViJFYQOe726Xs5TieLvovDyLI+p0ZIHWOUh6k/cDB8
z9egQptESZ3r4Vy9EZaYLSaJpy9WJLyD8HgGnF10EAxK
-----END CERTIFICATE-----