Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/RGjFpwL3OehFHYP1o4exW09zqVo.roa
File:                     RGjFpwL3OehFHYP1o4exW09zqVo.roa (raw, json)
Hash identifier:          5impTieFEuLqiEL0htZ6n5eFOygfS54JGefzsZnno14=
Subject key identifier:   44:68:C5:A7:02:F7:39:E8:45:1D:83:F5:A3:87:B1:5B:4F:73:A9:5A
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BBE461E2F7923619FF9B95376D9E5
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/RGjFpwL3OehFHYP1o4exW09zqVo.roa
Signing time:             Tue 02 Jan 2024 12:35:13 +0000
ROA not before:           Tue 02 Jan 2024 12:35:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200088
IP address blocks:        217.149.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:be:46:1e:2f:79:23:61:9f:f9:b9:53:76:d9:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4468c5a702f739e8451d83f5a387b15b4f73a95a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a5:7b:36:8f:e2:fe:9f:90:54:21:8f:13:c0:
                    21:a7:2d:51:e8:a7:81:8d:8a:6a:8f:d2:41:c3:5d:
                    39:13:a2:e5:43:6f:7d:bd:6e:3b:86:c7:1a:b0:79:
                    d1:e4:5f:94:09:ce:1e:05:be:27:27:fe:ce:e5:65:
                    71:79:4b:f2:b9:9b:93:16:90:c6:06:71:62:6a:0a:
                    7e:09:3f:a3:1a:0e:51:72:f7:da:e5:bc:7b:29:00:
                    c8:05:be:eb:c8:01:ab:87:6e:80:07:c0:69:b1:2c:
                    f3:4d:57:3a:ac:db:65:2d:69:b8:d6:db:6c:a0:45:
                    c4:e3:21:b5:27:b7:ff:5a:30:9b:60:bb:dd:a3:12:
                    81:24:23:e8:1f:ef:6e:9e:c6:ab:2a:9f:bd:17:90:
                    c5:69:a1:73:6f:17:de:fe:a1:d0:86:dc:c2:b2:00:
                    fb:4a:25:7e:2d:c3:0b:15:5e:3c:7d:b7:67:01:36:
                    86:5d:de:ca:42:4c:5e:ec:d5:9b:87:8b:b4:ae:bc:
                    8e:bd:43:8f:d5:1e:e8:f7:a7:2b:80:bd:6a:7f:74:
                    12:96:ee:ed:7e:a6:8f:53:75:99:22:6a:ed:01:4e:
                    d5:24:b0:d9:ce:b9:9e:b0:98:ec:9b:10:9c:44:c0:
                    3d:d0:25:1c:67:c5:2d:50:0e:f8:e0:c3:8d:5e:22:
                    87:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:68:C5:A7:02:F7:39:E8:45:1D:83:F5:A3:87:B1:5B:4F:73:A9:5A
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/RGjFpwL3OehFHYP1o4exW09zqVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.149.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:72:fe:a7:fb:95:21:45:d9:f8:c3:e3:b6:28:a5:78:f5:1d:
         01:7d:78:66:03:ed:7c:5d:84:a9:18:4d:76:67:d8:87:2e:57:
         28:06:1d:67:6d:9a:c6:6e:35:03:0f:64:87:94:9a:55:16:f0:
         8e:72:35:3c:89:3a:05:05:54:d3:50:01:5f:1b:d3:b2:b8:00:
         d8:f1:e4:99:f8:be:ea:8d:00:e2:35:4b:3f:a0:84:19:7c:78:
         0f:27:03:e8:fd:04:47:b1:32:ec:fa:32:85:2b:b7:aa:c5:75:
         8e:5f:66:93:e4:9d:6f:7a:77:34:de:ab:d0:f8:7f:5c:3a:78:
         90:a3:5d:c4:0c:b6:2b:04:22:88:bb:8d:4c:7c:02:64:c3:34:
         a1:2f:a9:5e:61:bd:b2:8e:69:04:96:f1:f4:3d:2c:a1:0c:75:
         b4:22:94:d0:6c:07:a3:bd:5d:e8:64:0c:4a:da:54:44:a1:cb:
         a1:f0:53:1b:e0:8e:d0:16:77:bd:b1:4f:33:79:79:71:de:ca:
         75:0b:0f:8b:8d:23:63:45:09:8b:e6:e3:51:96:ec:40:78:7d:
         45:95:35:09:a5:6b:39:8f:6e:d3:2e:3a:41:dc:6e:3e:dd:2d:
         3d:75:6f:d7:f1:12:b1:a3:ce:8a:65:de:16:86:34:81:98:2e:
         ae:d5:8f:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK75GHi95I2Gf+blTdtnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDY4YzVhNzAyZjczOWU4NDUxZDgzZjVhMzg3YjE1YjRmNzNhOTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKV7No/i/p+QVCGPE8Ahpy1R6KeB
jYpqj9JBw105E6LlQ299vW47hscasHnR5F+UCc4eBb4nJ/7O5WVxeUvyuZuTFpDG
BnFiagp+CT+jGg5Rcvfa5bx7KQDIBb7ryAGrh26AB8BpsSzzTVc6rNtlLWm41tts
oEXE4yG1J7f/WjCbYLvdoxKBJCPoH+9unsarKp+9F5DFaaFzbxfe/qHQhtzCsgD7
SiV+LcMLFV48fbdnATaGXd7KQkxe7NWbh4u0rryOvUOP1R7o96crgL1qf3QSlu7t
fqaPU3WZImrtAU7VJLDZzrmesJjsmxCcRMA90CUcZ8UtUA744MONXiKHkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERoxacC9znoRR2D9aOHsVtPc6laMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvUkdqRnB3TDNPZWhGSFlQMW80ZXhXMDl6cVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZXwMA0G
CSqGSIb3DQEBCwUAA4IBAQAVcv6n+5UhRdn4w+O2KKV49R0BfXhmA+18XYSpGE12
Z9iHLlcoBh1nbZrGbjUDD2SHlJpVFvCOcjU8iToFBVTTUAFfG9OyuADY8eSZ+L7q
jQDiNUs/oIQZfHgPJwPo/QRHsTLs+jKFK7eqxXWOX2aT5J1venc03qvQ+H9cOniQ
o13EDLYrBCKIu41MfAJkwzShL6leYb2yjmkElvH0PSyhDHW0IpTQbAejvV3oZAxK
2lREocuh8FMb4I7QFne9sU8zeXlx3sp1Cw+LjSNjRQmL5uNRluxAeH1FlTUJpWs5
j27TLjpB3G4+3S09dW/X8RKxo86KZd4WhjSBmC6u1Y8C
-----END CERTIFICATE-----