Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5e1be9-e4ea-4c84-a8b7-d0d476f41fd6/1/2AtAeT6b0EREVWAz4TyDqgda270.roa
File:                     2AtAeT6b0EREVWAz4TyDqgda270.roa (raw, json)
Hash identifier:          Q/7eaOka/Ws0Q/uF7WZdfce00cpXZCjid8J3VVDnCqA=
Subject key identifier:   D8:0B:40:79:3E:9B:D0:44:44:55:60:33:E1:3C:83:AA:07:5A:DB:BD
Certificate issuer:       /CN=744dcb72e8cb478cfc4b25aeb1f03b406266375c
Certificate serial:       018CC26D70E7C23852E38846AA085F64DFB4
Authority key identifier: 74:4D:CB:72:E8:CB:47:8C:FC:4B:25:AE:B1:F0:3B:40:62:66:37:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dE3LcujLR4z8SyWusfA7QGJmN1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5e1be9-e4ea-4c84-a8b7-d0d476f41fd6/1/2AtAeT6b0EREVWAz4TyDqgda270.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12350
IP address blocks:        193.246.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5e1be9-e4ea-4c84-a8b7-d0d476f41fd6/1/dE3LcujLR4z8SyWusfA7QGJmN1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5e1be9-e4ea-4c84-a8b7-d0d476f41fd6/1/dE3LcujLR4z8SyWusfA7QGJmN1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dE3LcujLR4z8SyWusfA7QGJmN1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:70:e7:c2:38:52:e3:88:46:aa:08:5f:64:df:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=744dcb72e8cb478cfc4b25aeb1f03b406266375c
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d80b40793e9bd04444556033e13c83aa075adbbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:cf:07:f7:92:9f:ad:0f:7d:6f:30:61:92:b6:
                    f1:cf:ab:3e:e3:91:1c:1c:ea:e3:9b:e9:b3:ec:0e:
                    27:dd:49:34:2e:bc:69:4f:0f:8e:fb:ef:28:76:09:
                    ef:3f:b4:f6:1d:fe:61:b7:5c:18:df:a6:36:7b:a8:
                    a4:a2:3c:d0:44:43:a4:cf:6d:6c:2f:d0:35:cd:96:
                    6b:8a:2d:a7:ba:13:d3:5d:b1:c6:cc:18:0f:c8:92:
                    43:a8:37:0a:1f:2d:b4:75:43:e3:4c:e2:af:e9:02:
                    10:90:9e:b7:ae:80:e0:03:df:1c:74:55:11:f0:56:
                    b9:9c:32:3c:e8:47:a0:c5:ef:85:70:52:f2:f8:ac:
                    a0:4f:6d:74:f4:c7:a3:88:ae:e1:03:f6:e6:22:59:
                    ab:6e:6a:0c:a1:ac:68:f6:61:60:b7:39:57:2c:95:
                    f8:d2:e4:c1:ae:59:e9:c9:70:6d:7e:cc:71:aa:0d:
                    fc:6c:b3:19:28:10:7c:5f:2b:99:02:98:40:31:ba:
                    c5:65:18:93:6d:47:b4:60:f3:14:37:ee:d4:8d:80:
                    c8:69:c2:84:e6:c7:0f:9a:b2:80:0f:48:27:d0:87:
                    ec:35:fe:e1:bf:03:84:69:ef:62:a1:f4:94:57:10:
                    f1:9e:60:4a:6d:f3:2b:be:63:9e:6d:57:f2:68:51:
                    e2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:0B:40:79:3E:9B:D0:44:44:55:60:33:E1:3C:83:AA:07:5A:DB:BD
            X509v3 Authority Key Identifier:
                keyid:74:4D:CB:72:E8:CB:47:8C:FC:4B:25:AE:B1:F0:3B:40:62:66:37:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dE3LcujLR4z8SyWusfA7QGJmN1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5e1be9-e4ea-4c84-a8b7-d0d476f41fd6/1/2AtAeT6b0EREVWAz4TyDqgda270.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5e1be9-e4ea-4c84-a8b7-d0d476f41fd6/1/dE3LcujLR4z8SyWusfA7QGJmN1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:e5:c8:90:80:e6:a6:00:b6:32:a6:0b:6f:43:e8:36:d4:5e:
         58:61:61:34:56:9f:5a:24:38:b7:6d:7d:e8:41:3b:e3:ca:a4:
         a2:0c:1d:a6:07:6e:a4:16:15:d2:6d:26:88:64:aa:73:f3:c2:
         28:d4:0e:1b:0f:21:c7:ef:c4:eb:a5:30:5a:02:62:b4:c9:3e:
         a2:11:ce:d3:b7:97:45:63:90:89:97:ad:21:58:61:10:05:c3:
         13:32:68:82:4b:09:a1:03:64:59:f6:00:79:c6:7a:35:0d:b9:
         a6:ec:78:69:1c:50:06:52:b1:4e:61:73:6c:f5:91:7a:2b:0b:
         ea:2f:53:98:69:dc:ff:f7:8f:82:c9:23:d9:15:c8:1c:48:56:
         ba:72:a6:d3:d4:3c:67:41:fc:79:b8:52:44:7a:cc:89:f2:0a:
         b1:f1:0d:34:21:6d:40:08:ae:2a:93:f9:49:ba:5e:6b:6c:26:
         ae:7a:ce:16:f7:a8:15:6f:b9:f1:70:74:a3:49:94:4c:6d:83:
         35:d2:c5:f2:42:a7:47:48:50:ed:07:05:7d:fe:99:a2:20:56:
         d2:4f:d0:76:18:65:ea:70:a8:9b:ea:6d:c2:16:ee:19:2a:3e:
         90:d4:6a:a9:98:0c:5b:7c:29:91:a2:18:8d:07:5e:15:5b:c3:
         23:4e:e3:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXDnwjhS44hGqghfZN+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NGRjYjcyZThjYjQ3OGNmYzRiMjVhZWIxZjAzYjQwNjI2
NjM3NWMwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODBiNDA3OTNlOWJkMDQ0NDQ1NTYwMzNlMTNjODNhYTA3NWFkYmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis8H95KfrQ99bzBhkrbxz6s+45Ec
HOrjm+mz7A4n3Uk0LrxpTw+O++8odgnvP7T2Hf5ht1wY36Y2e6ikojzQREOkz21s
L9A1zZZrii2nuhPTXbHGzBgPyJJDqDcKHy20dUPjTOKv6QIQkJ63roDgA98cdFUR
8Fa5nDI86Eegxe+FcFLy+KygT2109MejiK7hA/bmIlmrbmoMoaxo9mFgtzlXLJX4
0uTBrlnpyXBtfsxxqg38bLMZKBB8XyuZAphAMbrFZRiTbUe0YPMUN+7UjYDIacKE
5scPmrKAD0gn0IfsNf7hvwOEae9iofSUVxDxnmBKbfMrvmOebVfyaFHi9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgLQHk+m9BERFVgM+E8g6oHWtu9MB8GA1UdIwQY
MBaAFHRNy3Loy0eM/EslrrHwO0BiZjdcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEUzTGN1akxSNHo4U3lXdXNmQTdRR0ptTjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81ZTFiZTktZTRlYS00Yzg0LWE4Yjct
ZDBkNDc2ZjQxZmQ2LzEvMkF0QWVUNmIwRVJFVldBejRUeURxZ2RhMjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81ZTFiZTktZTRlYS00Yzg0LWE4YjctZDBkNDc2ZjQxZmQ2
LzEvZEUzTGN1akxSNHo4U3lXdXNmQTdRR0ptTjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfbPMA0G
CSqGSIb3DQEBCwUAA4IBAQCl5ciQgOamALYypgtvQ+g21F5YYWE0Vp9aJDi3bX3o
QTvjyqSiDB2mB26kFhXSbSaIZKpz88Io1A4bDyHH78TrpTBaAmK0yT6iEc7Tt5dF
Y5CJl60hWGEQBcMTMmiCSwmhA2RZ9gB5xno1Dbmm7HhpHFAGUrFOYXNs9ZF6Kwvq
L1OYadz/94+CySPZFcgcSFa6cqbT1DxnQfx5uFJEesyJ8gqx8Q00IW1ACK4qk/lJ
ul5rbCaues4W96gVb7nxcHSjSZRMbYM10sXyQqdHSFDtBwV9/pmiIFbST9B2GGXq
cKib6m3CFu4ZKj6Q1GqpmAxbfCmRohiNB14VW8MjTuNw
-----END CERTIFICATE-----