Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/hG2EIs_D_kwiW5-m6AD1TU4j_nU.roa
File:                     hG2EIs_D_kwiW5-m6AD1TU4j_nU.roa (raw, json)
Hash identifier:          rmlUyKnQxaHl5WmeNaq25mqokGivwMOQUnXm1m4iZ48=
Subject key identifier:   84:6D:84:22:CF:C3:FE:4C:22:5B:9F:A6:E8:00:F5:4D:4E:23:FE:75
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFAB685151445F29DDBE32DA243583
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/hG2EIs_D_kwiW5-m6AD1TU4j_nU.roa
Signing time:             Tue 02 Jan 2024 06:32:30 +0000
ROA not before:           Tue 02 Jan 2024 06:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211252
IP address blocks:        85.92.113.0/24 maxlen: 24
                          193.107.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ab:68:51:51:44:5f:29:dd:be:32:da:24:35:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=846d8422cfc3fe4c225b9fa6e800f54d4e23fe75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1c:9d:64:40:6a:3e:c2:fd:d3:7e:94:64:24:
                    8d:0d:c6:0e:30:f5:64:5c:5e:6e:55:58:f7:35:74:
                    4f:5c:a7:ee:cb:db:3e:5a:7d:3b:d7:54:13:82:a5:
                    c9:c1:13:37:11:64:18:3c:f1:40:3f:9b:a5:cd:93:
                    f1:8f:76:69:26:ba:b0:01:87:e0:08:b6:c0:61:ad:
                    5c:d0:82:33:b4:10:63:ac:ee:87:4c:48:e8:80:b0:
                    7a:b8:47:d9:d1:5a:eb:c5:42:03:f1:ac:7d:8b:09:
                    04:3c:78:97:80:e0:08:b7:51:a4:c1:98:8e:f8:dc:
                    3c:5f:0b:d6:67:fb:16:c6:23:91:17:13:c6:da:bf:
                    f1:d5:c1:04:81:2d:eb:04:d2:ce:96:c2:4e:cf:77:
                    63:7b:d2:70:8e:80:63:f8:ba:34:a5:e1:7a:13:2f:
                    37:fa:8a:95:e0:d7:26:a0:e9:3c:2c:a2:6b:0d:3f:
                    6b:0e:50:e8:fd:f6:c5:5a:1c:61:37:b2:fd:ec:9d:
                    b7:84:21:cb:6b:5f:32:9f:62:d7:0d:60:6a:37:4c:
                    31:1d:a0:0e:01:6f:ec:6b:5b:e8:58:a4:0b:1e:2f:
                    90:90:f5:f5:17:68:6b:a0:74:ef:7e:f2:80:90:c8:
                    51:8f:93:b8:e5:a6:6b:80:12:72:cb:3b:20:36:b6:
                    6f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:6D:84:22:CF:C3:FE:4C:22:5B:9F:A6:E8:00:F5:4D:4E:23:FE:75
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/hG2EIs_D_kwiW5-m6AD1TU4j_nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.92.113.0/24
                  193.107.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:81:f6:59:7c:a2:2a:75:44:7d:1a:1b:50:54:29:c0:0b:e1:
         d9:fa:00:4b:5d:a8:37:b8:58:1b:53:cc:e4:13:eb:be:17:5a:
         a6:fa:18:bb:bf:8a:48:ea:9f:ca:6c:24:e9:c2:98:93:2c:42:
         26:7a:81:b5:9e:f8:18:79:2a:98:e5:1d:15:43:61:66:13:18:
         32:c2:06:c8:ae:0c:93:58:98:a3:75:f9:ea:f8:34:90:3c:9d:
         4a:83:64:c5:20:73:14:9d:2c:bf:38:4a:b1:4e:87:9e:4d:f9:
         7a:0c:76:40:bd:c5:2f:b2:ac:4b:41:63:5b:21:d4:9c:28:4a:
         1a:c4:22:61:9c:1e:2a:2e:b8:b4:7e:54:96:0b:76:30:5c:dc:
         a6:bc:f0:5d:78:02:61:d3:ec:e1:16:2a:47:bf:d3:03:3f:2a:
         3f:8c:60:46:eb:7a:7e:83:61:fc:29:ef:ac:d9:0d:5c:1d:e7:
         4b:45:fc:5c:e4:bf:e2:4a:c0:9a:74:79:46:c3:75:40:a5:13:
         5c:91:c7:87:f2:ac:e6:3d:78:f7:0a:41:ea:14:e0:4d:82:2e:
         cb:ce:f9:5b:37:de:36:08:2e:a9:3d:a9:c5:82:ee:c7:52:dd:
         72:5e:55:bb:00:0b:d2:bf:80:87:e4:84:c9:a9:00:de:54:be:
         55:60:d8:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI36toUVFEXyndvjLaJDWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDZkODQyMmNmYzNmZTRjMjI1YjlmYTZlODAwZjU0ZDRlMjNmZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhydZEBqPsL9036UZCSNDcYOMPVk
XF5uVVj3NXRPXKfuy9s+Wn0711QTgqXJwRM3EWQYPPFAP5ulzZPxj3ZpJrqwAYfg
CLbAYa1c0IIztBBjrO6HTEjogLB6uEfZ0VrrxUID8ax9iwkEPHiXgOAIt1GkwZiO
+Nw8XwvWZ/sWxiORFxPG2r/x1cEEgS3rBNLOlsJOz3dje9JwjoBj+Lo0peF6Ey83
+oqV4NcmoOk8LKJrDT9rDlDo/fbFWhxhN7L97J23hCHLa18yn2LXDWBqN0wxHaAO
AW/sa1voWKQLHi+QkPX1F2hroHTvfvKAkMhRj5O45aZrgBJyyzsgNrZvaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIRthCLPw/5MIlufpugA9U1OI/51MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvaEcyRUlzX0Rfa3dpVzUtbTZBRDFUVTRqX25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVVxxAwQA
wWvZMA0GCSqGSIb3DQEBCwUAA4IBAQAagfZZfKIqdUR9GhtQVCnAC+HZ+gBLXag3
uFgbU8zkE+u+F1qm+hi7v4pI6p/KbCTpwpiTLEImeoG1nvgYeSqY5R0VQ2FmExgy
wgbIrgyTWJijdfnq+DSQPJ1Kg2TFIHMUnSy/OEqxToeeTfl6DHZAvcUvsqxLQWNb
IdScKEoaxCJhnB4qLri0flSWC3YwXNymvPBdeAJh0+zhFipHv9MDPyo/jGBG63p+
g2H8Ke+s2Q1cHedLRfxc5L/iSsCadHlGw3VApRNckceH8qzmPXj3CkHqFOBNgi7L
zvlbN942CC6pPanFgu7HUt1yXlW7AAvSv4CH5ITJqQDeVL5VYNiX
-----END CERTIFICATE-----