Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f3a28b-377e-43c7-b9fd-b7a1b4ae1511/1/itHc_2_H0HmDbTSBaEWMRs4UwNo.roa
File:                     itHc_2_H0HmDbTSBaEWMRs4UwNo.roa (raw, json)
Hash identifier:          gQvISVaf9ax//AGZSLHyL1E+HiQnNDIxsfNNCWKhsGQ=
Subject key identifier:   8A:D1:DC:FF:6F:C7:D0:79:83:6D:34:81:68:45:8C:46:CE:14:C0:DA
Certificate issuer:       /CN=e2abf6d3df539bb7c1684fb4f46179d0da06b083
Certificate serial:       018CC4250681B680172D98D25698C3B89B07
Authority key identifier: E2:AB:F6:D3:DF:53:9B:B7:C1:68:4F:B4:F4:61:79:D0:DA:06:B0:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4qv2099Tm7fBaE-09GF50NoGsIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f3a28b-377e-43c7-b9fd-b7a1b4ae1511/1/itHc_2_H0HmDbTSBaEWMRs4UwNo.roa
Signing time:             Mon 01 Jan 2024 08:30:09 +0000
ROA not before:           Mon 01 Jan 2024 08:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        91.226.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f3a28b-377e-43c7-b9fd-b7a1b4ae1511/1/4qv2099Tm7fBaE-09GF50NoGsIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f3a28b-377e-43c7-b9fd-b7a1b4ae1511/1/4qv2099Tm7fBaE-09GF50NoGsIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4qv2099Tm7fBaE-09GF50NoGsIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:06:81:b6:80:17:2d:98:d2:56:98:c3:b8:9b:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2abf6d3df539bb7c1684fb4f46179d0da06b083
        Validity
            Not Before: Jan  1 08:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ad1dcff6fc7d079836d348168458c46ce14c0da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:40:a7:8a:55:b8:dc:09:98:cb:57:6d:e6:11:
                    1e:0d:a2:05:cf:33:fa:2d:e0:94:e7:c6:90:38:9e:
                    2b:9d:56:fa:23:b2:3f:ff:fa:60:c6:9b:4b:7f:58:
                    82:58:a8:d5:5b:93:78:88:b2:69:01:67:a6:cd:a5:
                    74:d0:bf:f8:99:e0:70:d8:ac:11:e7:0a:aa:cf:29:
                    09:e8:4e:0f:fb:23:1b:9e:c0:ee:87:59:ad:41:11:
                    05:d9:a5:3b:72:4a:71:c3:e1:8e:98:11:fd:fd:17:
                    66:db:a5:29:60:1d:49:e4:88:23:9d:c9:45:b7:7a:
                    d7:27:25:1a:94:d0:35:b4:cf:c5:b1:8d:6f:76:b6:
                    b3:e5:2c:6d:1b:d7:2c:e5:4f:e2:07:92:fe:e8:1d:
                    8e:91:77:db:0e:76:47:d8:02:44:5f:e2:49:02:ad:
                    17:dc:0f:35:2c:67:31:be:8e:e2:6a:c3:c4:ca:c0:
                    a3:0f:ad:78:b6:98:f8:cb:3c:46:92:5c:d3:6d:12:
                    34:fc:60:3f:4b:21:32:2a:c7:1e:da:c3:e3:4f:3b:
                    fa:6a:6c:e7:d4:ff:94:13:37:52:ad:d8:14:fb:f2:
                    74:83:61:06:e4:f4:2b:46:98:d0:f6:ab:c0:53:0b:
                    17:84:e3:52:97:3a:9f:f1:e8:bd:57:39:dc:cb:43:
                    4c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D1:DC:FF:6F:C7:D0:79:83:6D:34:81:68:45:8C:46:CE:14:C0:DA
            X509v3 Authority Key Identifier:
                keyid:E2:AB:F6:D3:DF:53:9B:B7:C1:68:4F:B4:F4:61:79:D0:DA:06:B0:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4qv2099Tm7fBaE-09GF50NoGsIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f3a28b-377e-43c7-b9fd-b7a1b4ae1511/1/itHc_2_H0HmDbTSBaEWMRs4UwNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f3a28b-377e-43c7-b9fd-b7a1b4ae1511/1/4qv2099Tm7fBaE-09GF50NoGsIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:e8:c3:ae:b9:2b:03:41:21:a4:80:2a:e0:26:21:11:8d:60:
         66:cb:fc:35:04:74:91:36:7b:05:88:11:1d:fd:78:bb:be:4a:
         57:08:4d:0b:b8:8d:82:ba:ab:8e:06:b9:bc:aa:db:be:a4:e1:
         51:37:9b:2e:b0:ef:db:18:0f:1d:06:29:73:cb:b1:bd:7a:ac:
         20:b0:09:e0:9b:df:cb:9e:ff:13:88:04:27:06:15:31:bf:32:
         60:ac:75:2e:79:26:27:3d:6f:a0:af:24:02:76:cc:84:cd:e0:
         94:91:80:64:89:50:5d:2c:f9:0f:03:46:5c:82:79:dd:ce:e8:
         b5:e6:6a:12:eb:0a:7b:2f:a4:52:21:ce:5b:94:3c:29:ea:50:
         13:be:65:52:26:82:8a:98:99:67:ab:92:f9:d1:ba:86:c8:a4:
         d3:4d:e3:97:28:92:a6:17:13:7b:67:59:36:df:9a:e8:d4:14:
         dd:4f:12:57:31:3a:d0:24:73:6c:e6:6f:b9:62:9b:ce:08:7a:
         db:9a:9f:00:50:a5:46:e0:42:79:bc:a4:c1:be:06:c9:11:eb:
         81:4b:b3:56:c3:2b:2f:40:10:e2:26:fb:17:34:71:ac:d3:2d:
         c1:90:af:3b:41:f2:40:54:d6:89:07:e0:ab:55:cf:4b:a1:a7:
         11:86:2d:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQaBtoAXLZjSVpjDuJsHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYWJmNmQzZGY1MzliYjdjMTY4NGZiNGY0NjE3OWQwZGEw
NmIwODMwHhcNMjQwMTAxMDgzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQxZGNmZjZmYzdkMDc5ODM2ZDM0ODE2ODQ1OGM0NmNlMTRjMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApECnilW43AmYy1dt5hEeDaIFzzP6
LeCU58aQOJ4rnVb6I7I///pgxptLf1iCWKjVW5N4iLJpAWemzaV00L/4meBw2KwR
5wqqzykJ6E4P+yMbnsDuh1mtQREF2aU7ckpxw+GOmBH9/Rdm26UpYB1J5IgjnclF
t3rXJyUalNA1tM/FsY1vdraz5SxtG9cs5U/iB5L+6B2OkXfbDnZH2AJEX+JJAq0X
3A81LGcxvo7iasPEysCjD614tpj4yzxGklzTbRI0/GA/SyEyKsce2sPjTzv6amzn
1P+UEzdSrdgU+/J0g2EG5PQrRpjQ9qvAUwsXhONSlzqf8ei9Vzncy0NMcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrR3P9vx9B5g200gWhFjEbOFMDaMB8GA1UdIwQY
MBaAFOKr9tPfU5u3wWhPtPRhedDaBrCDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHF2MjA5OVRtN2ZCYUUtMDlHRjUwTm9Hc0lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mM2EyOGItMzc3ZS00M2M3LWI5ZmQt
YjdhMWI0YWUxNTExLzEvaXRIY18yX0gwSG1EYlRTQmFFV01SczRVd05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mM2EyOGItMzc3ZS00M2M3LWI5ZmQtYjdhMWI0YWUxNTEx
LzEvNHF2MjA5OVRtN2ZCYUUtMDlHRjUwTm9Hc0lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+LKMA0G
CSqGSIb3DQEBCwUAA4IBAQCB6MOuuSsDQSGkgCrgJiERjWBmy/w1BHSRNnsFiBEd
/Xi7vkpXCE0LuI2CuquOBrm8qtu+pOFRN5susO/bGA8dBilzy7G9eqwgsAngm9/L
nv8TiAQnBhUxvzJgrHUueSYnPW+gryQCdsyEzeCUkYBkiVBdLPkPA0Zcgnndzui1
5moS6wp7L6RSIc5blDwp6lATvmVSJoKKmJlnq5L50bqGyKTTTeOXKJKmFxN7Z1k2
35ro1BTdTxJXMTrQJHNs5m+5YpvOCHrbmp8AUKVG4EJ5vKTBvgbJEeuBS7NWwysv
QBDiJvsXNHGs0y3BkK87QfJAVNaJB+CrVc9LoacRhi3C
-----END CERTIFICATE-----