Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/POtqDp-uNr2xhVOvytwoisQsuC0.roa
File:                     POtqDp-uNr2xhVOvytwoisQsuC0.roa (raw, json)
Hash identifier:          sqoPPrxe2RJxQ7fSAL55+fer/bU3keZN/k8nanE/tyE=
Subject key identifier:   3C:EB:6A:0E:9F:AE:36:BD:B1:85:53:AF:CA:DC:28:8A:C4:2C:B8:2D
Certificate issuer:       /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial:       018CCA2A06C4D8DCBD6A49EFD75F7C350555
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/POtqDp-uNr2xhVOvytwoisQsuC0.roa
Signing time:             Tue 02 Jan 2024 12:33:21 +0000
ROA not before:           Tue 02 Jan 2024 12:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35638
IP address blocks:        84.239.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 04:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:06:c4:d8:dc:bd:6a:49:ef:d7:5f:7c:35:05:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
        Validity
            Not Before: Jan  2 12:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ceb6a0e9fae36bdb18553afcadc288ac42cb82d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d8:cb:60:85:b3:0e:6e:d9:ea:16:9c:60:88:
                    46:32:8c:ed:f1:12:b3:46:bc:90:98:f3:53:be:30:
                    28:0f:6b:8f:07:d5:81:e4:aa:4d:fb:97:bf:1f:79:
                    ba:f5:70:12:7b:34:db:be:ae:9c:42:21:a4:c2:c6:
                    72:19:61:33:01:7a:ac:16:79:3c:fe:f0:a6:a7:47:
                    1d:96:0d:70:c4:2e:a2:e6:9f:f9:8d:32:23:34:2c:
                    c4:7d:27:03:73:b1:f6:00:6b:4d:c0:a3:42:1c:44:
                    bc:c7:0b:7e:c6:a0:41:ba:c4:3f:3b:80:88:88:e3:
                    d4:e5:24:66:4c:db:f8:85:69:8d:1b:e5:00:52:fd:
                    ce:2b:57:d7:ca:5f:ed:42:09:d2:13:a7:c2:c6:93:
                    cd:09:20:89:4b:9a:89:5a:4a:0d:93:38:15:ef:7a:
                    94:8c:c3:9e:08:51:1c:76:40:80:c3:46:e0:77:cb:
                    7c:12:73:38:d3:cc:a7:a9:92:8e:31:f6:a5:91:ac:
                    a7:8c:c8:af:4e:a7:0f:b2:c9:ed:af:62:7f:81:28:
                    a5:51:f8:f2:74:ed:b9:c1:91:cc:a7:bf:29:73:82:
                    e1:fa:88:ef:bf:9a:c5:e4:56:69:a5:b6:17:cc:82:
                    fc:d6:e7:4b:b5:a0:dd:2e:00:d7:22:c1:47:b6:29:
                    8c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:EB:6A:0E:9F:AE:36:BD:B1:85:53:AF:CA:DC:28:8A:C4:2C:B8:2D
            X509v3 Authority Key Identifier:
                keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/POtqDp-uNr2xhVOvytwoisQsuC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.239.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:1d:dc:95:c4:f4:c5:0d:d1:ba:79:ac:bb:94:b7:b4:01:44:
         5b:79:72:86:03:85:65:cd:c5:5e:15:20:19:ef:b9:28:7f:f5:
         71:8f:de:10:9e:88:a2:15:30:12:f6:f2:f2:9d:f3:85:2d:84:
         d6:ff:03:69:f7:6a:70:21:6c:72:57:d6:00:a4:8c:66:ec:fa:
         63:5c:66:27:d9:29:f6:83:90:6e:13:0d:18:bf:76:22:79:8f:
         b7:75:63:f0:3e:72:dd:45:11:6e:18:5f:5d:e1:b5:0f:fc:cd:
         b6:60:37:bc:b5:4a:f6:a2:22:fe:73:34:13:9b:fe:d8:85:d2:
         c6:56:74:31:43:4c:de:65:89:f8:f5:19:b5:b1:c1:b2:8a:b5:
         f4:af:19:13:84:3e:42:a5:c3:40:64:15:54:17:01:a9:0f:b2:
         2a:0f:90:04:cd:22:92:7b:37:3f:25:58:cb:3c:06:89:18:7f:
         02:24:fd:8d:38:1d:96:1c:6b:83:99:70:82:31:88:d9:7d:86:
         db:a3:d6:47:01:03:8c:af:22:56:45:0c:ed:a2:a4:6e:41:ff:
         86:2e:f2:a6:c9:08:ce:6c:a3:28:77:a1:09:a6:f1:32:fd:24:
         d4:02:34:a2:50:8b:8d:91:63:49:7f:6f:1c:9d:ea:6f:7e:32:
         c6:e0:95:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgbE2Ny9aknv1198NQVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjQwMTAyMTIzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ViNmEwZTlmYWUzNmJkYjE4NTUzYWZjYWRjMjg4YWM0MmNiODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNjLYIWzDm7Z6hacYIhGMozt8RKz
RryQmPNTvjAoD2uPB9WB5KpN+5e/H3m69XASezTbvq6cQiGkwsZyGWEzAXqsFnk8
/vCmp0cdlg1wxC6i5p/5jTIjNCzEfScDc7H2AGtNwKNCHES8xwt+xqBBusQ/O4CI
iOPU5SRmTNv4hWmNG+UAUv3OK1fXyl/tQgnSE6fCxpPNCSCJS5qJWkoNkzgV73qU
jMOeCFEcdkCAw0bgd8t8EnM408ynqZKOMfalkaynjMivTqcPssntr2J/gSilUfjy
dO25wZHMp78pc4Lh+ojvv5rF5FZppbYXzIL81udLtaDdLgDXIsFHtimMOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzrag6frja9sYVTr8rcKIrELLgtMB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvUE90cURwLXVOcjJ4aFZPdnl0d29pc1FzdUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVO8VMA0G
CSqGSIb3DQEBCwUAA4IBAQCMHdyVxPTFDdG6eay7lLe0AURbeXKGA4VlzcVeFSAZ
77kof/Vxj94QnoiiFTAS9vLynfOFLYTW/wNp92pwIWxyV9YApIxm7PpjXGYn2Sn2
g5BuEw0Yv3YieY+3dWPwPnLdRRFuGF9d4bUP/M22YDe8tUr2oiL+czQTm/7YhdLG
VnQxQ0zeZYn49Rm1scGyirX0rxkThD5CpcNAZBVUFwGpD7IqD5AEzSKSezc/JVjL
PAaJGH8CJP2NOB2WHGuDmXCCMYjZfYbbo9ZHAQOMryJWRQztoqRuQf+GLvKmyQjO
bKMod6EJpvEy/STUAjSiUIuNkWNJf28cnepvfjLG4JX0
-----END CERTIFICATE-----