Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/RBOOkFxFc0p9LWV_CjFPX94hluM.roa
File:                     RBOOkFxFc0p9LWV_CjFPX94hluM.roa (raw, json)
Hash identifier:          S0lnIUS3asa7DwZ0nnu/fNJ4FByWqbYsam7arcnp6os=
Subject key identifier:   44:13:8E:90:5C:45:73:4A:7D:2D:65:7F:0A:31:4F:5F:DE:21:96:E3
Certificate issuer:       /CN=4d70af1a99886c9101d135f54bd2bdef358b266e
Certificate serial:       018CC7955F1583A067E0FF9F99A037D4EC5E
Authority key identifier: 4D:70:AF:1A:99:88:6C:91:01:D1:35:F5:4B:D2:BD:EF:35:8B:26:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/RBOOkFxFc0p9LWV_CjFPX94hluM.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51970
IP address blocks:        84.247.22.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5f:15:83:a0:67:e0:ff:9f:99:a0:37:d4:ec:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d70af1a99886c9101d135f54bd2bdef358b266e
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44138e905c45734a7d2d657f0a314f5fde2196e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b5:7e:29:18:60:8c:42:ab:05:76:e2:53:46:
                    bd:ec:a1:dd:38:8e:96:c4:e8:3f:8f:c2:df:82:80:
                    5a:9b:c4:1d:28:21:4b:2d:6b:61:f5:e8:41:2f:b1:
                    6d:89:12:61:e9:f9:37:38:31:4a:a2:d4:61:3d:81:
                    43:97:e6:e3:3c:92:96:9a:59:a3:56:b6:e0:03:5f:
                    85:25:c4:a0:b5:8c:b0:19:46:86:8b:51:6d:f1:60:
                    21:8f:85:24:9d:2e:94:81:ba:1b:a8:96:d2:27:72:
                    a8:f8:ac:b6:5f:cf:8d:0b:b3:aa:d8:3c:28:e8:b4:
                    d6:2d:77:fd:1e:c5:a7:90:62:7b:c7:a2:09:c3:45:
                    5e:d4:00:0f:60:47:c1:4d:32:20:a6:01:a4:48:5e:
                    63:ac:60:57:57:a2:35:76:68:e8:24:2a:e4:67:2c:
                    1c:30:97:16:33:b8:30:fc:ad:36:89:bd:e2:9e:9a:
                    4f:c1:5d:62:53:71:a8:2f:2a:ef:33:46:6a:e3:cc:
                    a6:25:d7:5f:e5:05:c5:9d:d6:ed:f9:dd:f3:0c:14:
                    f6:c3:40:c3:fe:22:57:b5:b2:b3:87:82:aa:f7:58:
                    7d:67:65:1a:89:22:e4:a6:c3:e8:9a:f0:a3:10:15:
                    6c:7a:36:93:41:c7:52:0d:2c:4a:00:63:f2:9c:05:
                    07:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:13:8E:90:5C:45:73:4A:7D:2D:65:7F:0A:31:4F:5F:DE:21:96:E3
            X509v3 Authority Key Identifier:
                keyid:4D:70:AF:1A:99:88:6C:91:01:D1:35:F5:4B:D2:BD:EF:35:8B:26:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/RBOOkFxFc0p9LWV_CjFPX94hluM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:93:79:61:63:4a:fb:c5:a4:c6:5d:bd:9d:1a:c1:f4:d4:0f:
         94:0d:a3:a8:7c:a6:df:aa:f5:72:d1:a8:c4:84:30:b2:d2:f5:
         e7:fa:ba:d0:17:8b:ad:01:ae:26:7a:6a:c7:e9:76:cc:fd:4f:
         d8:93:79:ac:5e:eb:ef:97:30:28:f0:1a:d9:0b:0a:66:c1:94:
         43:c0:ce:30:f6:33:34:c8:47:bd:1e:e5:69:98:c1:7b:4c:19:
         42:f7:24:9e:ec:33:28:52:3b:ee:97:11:85:3a:c6:81:21:ac:
         93:b2:ac:19:46:80:51:c0:37:62:e0:a7:07:06:70:04:10:95:
         ac:87:b1:4f:1b:ac:c4:78:55:49:f3:83:e7:e9:c9:f9:a1:2f:
         13:22:e8:75:c7:41:41:0d:e7:c7:63:ea:48:fd:b3:f5:0b:48:
         b8:d7:01:e3:b5:0c:a5:c8:a7:a6:53:ef:19:ce:57:56:19:09:
         a5:af:08:ac:ac:db:48:af:1b:29:3f:2b:88:c9:bc:bb:3d:66:
         46:4d:3b:6e:5a:1b:d2:96:9d:20:77:9b:96:0c:6c:47:9b:8c:
         76:5d:8f:25:3b:21:de:a5:63:f7:ee:28:29:a7:86:8e:05:e0:
         41:58:8a:30:bd:98:65:eb:e2:8e:e9:03:89:74:ab:79:18:43:
         90:0b:db:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlV8Vg6Bn4P+fmaA31OxeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNzBhZjFhOTk4ODZjOTEwMWQxMzVmNTRiZDJiZGVmMzU4
YjI2NmUwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDEzOGU5MDVjNDU3MzRhN2QyZDY1N2YwYTMxNGY1ZmRlMjE5NmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrV+KRhgjEKrBXbiU0a97KHdOI6W
xOg/j8LfgoBam8QdKCFLLWth9ehBL7FtiRJh6fk3ODFKotRhPYFDl+bjPJKWmlmj
VrbgA1+FJcSgtYywGUaGi1Ft8WAhj4UknS6UgbobqJbSJ3Ko+Ky2X8+NC7Oq2Dwo
6LTWLXf9HsWnkGJ7x6IJw0Ve1AAPYEfBTTIgpgGkSF5jrGBXV6I1dmjoJCrkZywc
MJcWM7gw/K02ib3inppPwV1iU3GoLyrvM0Zq48ymJddf5QXFndbt+d3zDBT2w0DD
/iJXtbKzh4Kq91h9Z2UaiSLkpsPomvCjEBVsejaTQcdSDSxKAGPynAUHawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQTjpBcRXNKfS1lfwoxT1/eIZbjMB8GA1UdIwQY
MBaAFE1wrxqZiGyRAdE19UvSve81iyZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFhDdkdwbUliSkVCMFRYMVM5Szk3eldMSm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hOThmYzctNzkzNS00ZWFlLTk2MmEt
NDYxYWIwZWNlZTAxLzEvUkJPT2tGeEZjMHA5TFdWX0NqRlBYOTRobHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hOThmYzctNzkzNS00ZWFlLTk2MmEtNDYxYWIwZWNlZTAx
LzEvVFhDdkdwbUliSkVCMFRYMVM5Szk3eldMSm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPcWMA0G
CSqGSIb3DQEBCwUAA4IBAQCLk3lhY0r7xaTGXb2dGsH01A+UDaOofKbfqvVy0ajE
hDCy0vXn+rrQF4utAa4memrH6XbM/U/Yk3msXuvvlzAo8BrZCwpmwZRDwM4w9jM0
yEe9HuVpmMF7TBlC9ySe7DMoUjvulxGFOsaBIayTsqwZRoBRwDdi4KcHBnAEEJWs
h7FPG6zEeFVJ84Pn6cn5oS8TIuh1x0FBDefHY+pI/bP1C0i41wHjtQylyKemU+8Z
zldWGQmlrwisrNtIrxspPyuIyby7PWZGTTtuWhvSlp0gd5uWDGxHm4x2XY8lOyHe
pWP37igpp4aOBeBBWIowvZhl6+KO6QOJdKt5GEOQC9sS
-----END CERTIFICATE-----