Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Jt2aKBC1PVeInMTT1KwMlx1Fc6w.roa
File:                     Jt2aKBC1PVeInMTT1KwMlx1Fc6w.roa (raw, json)
Hash identifier:          lsVrPhZsJgL/XFR3lJxjYsxFIsOz19zviE13VNzJ70Q=
Subject key identifier:   26:DD:9A:28:10:B5:3D:57:88:9C:C4:D3:D4:AC:0C:97:1D:45:73:AC
Certificate issuer:       /CN=41ef4b060a8b79b2893d3309ad50d1cccb2b9e31
Certificate serial:       018D7AC82D4B1C1FA99EABBF958CF5BC7F41
Authority key identifier: 41:EF:4B:06:0A:8B:79:B2:89:3D:33:09:AD:50:D1:CC:CB:2B:9E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Jt2aKBC1PVeInMTT1KwMlx1Fc6w.roa
Signing time:             Mon 05 Feb 2024 19:39:15 +0000
ROA not before:           Mon 05 Feb 2024 19:39:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29404
IP address blocks:        217.73.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:c8:2d:4b:1c:1f:a9:9e:ab:bf:95:8c:f5:bc:7f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41ef4b060a8b79b2893d3309ad50d1cccb2b9e31
        Validity
            Not Before: Feb  5 19:39:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26dd9a2810b53d57889cc4d3d4ac0c971d4573ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b0:04:88:16:86:b9:6b:ff:5f:cb:68:77:f0:
                    19:ee:fc:68:9f:75:1b:4c:28:09:73:f1:ba:ba:e3:
                    07:93:df:48:53:9e:d2:71:e8:5f:92:c0:b9:63:55:
                    df:74:3b:72:c1:57:20:03:c1:9c:8a:c4:61:ac:9b:
                    7e:09:12:e5:dc:62:8e:6f:0c:c5:8e:ca:1f:a1:9d:
                    c0:3d:1c:b5:ba:06:27:4f:35:d4:85:7c:3b:af:c7:
                    f5:22:e2:d6:df:a0:ec:9a:86:df:c5:b0:c6:08:d6:
                    ef:53:76:21:88:95:3c:80:5d:24:95:ca:97:83:56:
                    54:84:d5:cf:6e:35:51:1f:b7:bf:37:07:81:f8:fa:
                    a9:c9:08:e4:f4:ab:23:8c:eb:fd:62:dc:b9:71:e5:
                    aa:07:e6:32:aa:d3:71:40:8b:90:27:9e:7e:f0:5c:
                    fc:b2:fb:56:fe:dd:9d:34:40:d8:46:50:0e:bf:ed:
                    c5:ed:81:54:d5:fb:36:c8:f0:f6:e8:1b:f7:d7:ae:
                    43:b4:be:c9:86:22:fe:b4:33:ad:5f:48:41:ff:93:
                    18:e9:36:c8:79:b0:2e:97:c9:3b:19:7c:c6:cd:55:
                    21:c2:d5:5f:a7:ad:fd:16:b2:45:4d:18:e6:78:2c:
                    01:87:00:08:31:0e:6e:9b:d8:0e:fa:10:2c:68:f0:
                    f7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:DD:9A:28:10:B5:3D:57:88:9C:C4:D3:D4:AC:0C:97:1D:45:73:AC
            X509v3 Authority Key Identifier:
                keyid:41:EF:4B:06:0A:8B:79:B2:89:3D:33:09:AD:50:D1:CC:CB:2B:9E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Jt2aKBC1PVeInMTT1KwMlx1Fc6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.73.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:0b:da:24:03:02:66:99:fa:36:e1:ca:ae:d5:8a:4c:fe:5e:
         e6:c6:48:5f:76:13:db:a3:ad:d2:69:68:00:35:57:37:14:ca:
         a0:70:40:6d:60:44:9e:20:63:5e:d0:4a:70:d6:41:f4:55:5f:
         8e:78:7e:e1:2b:4c:50:58:07:e3:16:20:33:5e:7e:17:c6:5e:
         70:64:4d:ab:28:b9:8d:45:28:1e:d9:c5:00:b6:70:85:87:8c:
         4c:a0:e4:f6:9c:d8:86:76:7f:d4:0b:85:89:dd:80:4f:b8:c3:
         93:90:2b:89:55:5f:27:1b:5a:f6:ec:14:e0:d9:09:29:d2:ac:
         d4:79:91:80:82:e3:5f:78:71:12:d3:1f:09:cd:2d:44:31:55:
         bd:f0:83:38:48:30:6f:3f:0a:a6:ef:63:de:50:dd:4e:32:7b:
         43:44:1b:88:22:51:f4:6f:10:ec:e1:b9:62:cb:8c:8a:cc:1f:
         0f:02:32:9f:08:f0:6a:a8:95:0d:54:49:6f:1d:01:c9:81:57:
         9b:e5:61:ad:2d:35:9d:ab:9c:94:7c:04:17:83:50:2f:d7:9b:
         ef:59:3a:19:6d:64:e3:56:79:ee:c6:45:66:b0:38:49:60:d9:
         d3:30:a0:89:d9:14:c1:61:55:f7:9a:39:6b:97:71:09:8e:14:
         de:e0:a5:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY16yC1LHB+pnqu/lYz1vH9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZWY0YjA2MGE4Yjc5YjI4OTNkMzMwOWFkNTBkMWNjY2Iy
YjllMzEwHhcNMjQwMjA1MTkzOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRkOWEyODEwYjUzZDU3ODg5Y2M0ZDNkNGFjMGM5NzFkNDU3M2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrAEiBaGuWv/X8tod/AZ7vxon3Ub
TCgJc/G6uuMHk99IU57ScehfksC5Y1XfdDtywVcgA8GcisRhrJt+CRLl3GKObwzF
jsofoZ3APRy1ugYnTzXUhXw7r8f1IuLW36DsmobfxbDGCNbvU3YhiJU8gF0klcqX
g1ZUhNXPbjVRH7e/NweB+PqpyQjk9KsjjOv9Yty5ceWqB+YyqtNxQIuQJ55+8Fz8
svtW/t2dNEDYRlAOv+3F7YFU1fs2yPD26Bv3165DtL7JhiL+tDOtX0hB/5MY6TbI
ebAul8k7GXzGzVUhwtVfp639FrJFTRjmeCwBhwAIMQ5um9gO+hAsaPD3mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbdmigQtT1XiJzE09SsDJcdRXOsMB8GA1UdIwQY
MBaAFEHvSwYKi3myiT0zCa1Q0czLK54xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWU5TEJncUxlYktKUFRNSnJWRFJ6TXNybmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xMTFiODEtYWE2Yy00MGRhLWJlZDEt
YmY4ZTVkODI2NWEyLzEvSnQyYUtCQzFQVmVJbk1UVDFLd01seDFGYzZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xMTFiODEtYWE2Yy00MGRhLWJlZDEtYmY4ZTVkODI2NWEy
LzEvUWU5TEJncUxlYktKUFRNSnJWRFJ6TXNybmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2UmUMA0G
CSqGSIb3DQEBCwUAA4IBAQB8C9okAwJmmfo24cqu1YpM/l7mxkhfdhPbo63SaWgA
NVc3FMqgcEBtYESeIGNe0Epw1kH0VV+OeH7hK0xQWAfjFiAzXn4Xxl5wZE2rKLmN
RSge2cUAtnCFh4xMoOT2nNiGdn/UC4WJ3YBPuMOTkCuJVV8nG1r27BTg2Qkp0qzU
eZGAguNfeHES0x8JzS1EMVW98IM4SDBvPwqm72PeUN1OMntDRBuIIlH0bxDs4bli
y4yKzB8PAjKfCPBqqJUNVElvHQHJgVeb5WGtLTWdq5yUfAQXg1Av15vvWToZbWTj
VnnuxkVmsDhJYNnTMKCJ2RTBYVX3mjlrl3EJjhTe4KUE
-----END CERTIFICATE-----