Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/pRJUPtIRtZsDeXMk5fJ-2dwyDNQ.roa
File:                     pRJUPtIRtZsDeXMk5fJ-2dwyDNQ.roa (raw, json)
Hash identifier:          L830XiwJALuL5XwNI9NRCUKTCJ2VFxdn9zrBUEkOEsQ=
Subject key identifier:   A5:12:54:3E:D2:11:B5:9B:03:79:73:24:E5:F2:7E:D9:DC:32:0C:D4
Certificate issuer:       /CN=70a0b5aca731ea71f26d63d23c22c123b2bb120f
Certificate serial:       018CC794894367638D6C97AD0E80A499332B
Authority key identifier: 70:A0:B5:AC:A7:31:EA:71:F2:6D:63:D2:3C:22:C1:23:B2:BB:12:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cKC1rKcx6nHybWPSPCLBI7K7Eg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/pRJUPtIRtZsDeXMk5fJ-2dwyDNQ.roa
Signing time:             Tue 02 Jan 2024 00:30:49 +0000
ROA not before:           Tue 02 Jan 2024 00:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29003
IP address blocks:        192.162.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/cKC1rKcx6nHybWPSPCLBI7K7Eg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/cKC1rKcx6nHybWPSPCLBI7K7Eg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cKC1rKcx6nHybWPSPCLBI7K7Eg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:89:43:67:63:8d:6c:97:ad:0e:80:a4:99:33:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70a0b5aca731ea71f26d63d23c22c123b2bb120f
        Validity
            Not Before: Jan  2 00:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a512543ed211b59b03797324e5f27ed9dc320cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6c:f4:a4:66:d1:30:34:35:f2:ab:38:98:0c:
                    c8:30:c0:c7:9c:82:c5:fe:5f:ae:ad:c0:13:5b:de:
                    42:81:42:79:5c:ca:4c:15:68:2e:2c:8c:62:34:b5:
                    f9:87:40:e6:5f:ad:32:52:0f:11:a1:38:c2:13:e8:
                    da:5b:b4:c0:c3:e4:bb:9c:69:28:5d:0e:34:1e:5b:
                    e1:fd:0d:a4:ff:a8:e6:5f:d2:cf:7b:11:cf:6c:67:
                    81:b6:ca:2f:0a:9f:05:46:60:1c:79:e4:ed:90:16:
                    50:11:cb:e2:a9:d1:b4:ae:aa:52:a6:e0:a1:42:b7:
                    3c:26:38:a3:92:cf:64:e3:a6:d9:60:16:c8:05:a1:
                    85:5d:b4:57:e1:48:69:88:94:f3:bc:f8:dd:f9:d8:
                    91:dd:99:5c:fe:4f:b6:4a:00:0d:ef:e6:d3:e3:0e:
                    16:b4:71:c3:5d:63:00:5c:d9:df:12:17:66:ac:47:
                    3a:86:b4:de:c2:be:34:48:d6:9c:24:dd:e6:64:40:
                    56:d2:2f:0d:ec:84:ac:20:fd:61:91:59:7f:c0:a7:
                    03:4b:72:b7:76:1f:77:7b:01:1f:fa:c8:06:62:8c:
                    1e:42:8c:43:81:87:f6:29:b3:08:c2:a2:7a:bd:40:
                    6c:c9:d0:b3:bb:08:55:40:3f:46:0d:4c:ca:83:e2:
                    d3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:12:54:3E:D2:11:B5:9B:03:79:73:24:E5:F2:7E:D9:DC:32:0C:D4
            X509v3 Authority Key Identifier:
                keyid:70:A0:B5:AC:A7:31:EA:71:F2:6D:63:D2:3C:22:C1:23:B2:BB:12:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cKC1rKcx6nHybWPSPCLBI7K7Eg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/pRJUPtIRtZsDeXMk5fJ-2dwyDNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/cKC1rKcx6nHybWPSPCLBI7K7Eg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:79:a1:c5:70:ae:7a:c6:76:cc:77:75:81:b0:f4:2b:d6:eb:
         ae:5f:f2:7e:ef:9a:67:6d:95:52:6e:e4:72:80:2a:f9:1e:a5:
         60:72:d4:3e:18:d9:1d:40:25:ec:d0:db:0d:26:08:b3:d2:1c:
         ef:73:ed:2c:49:1f:46:f2:5c:21:8b:42:77:e1:59:d4:2a:91:
         d7:b2:4b:b4:1b:bc:8c:91:60:ae:36:7f:03:b0:26:c4:66:f2:
         5d:29:15:96:e4:4d:0e:01:39:ca:19:ff:8e:eb:e7:1b:f2:61:
         e6:8a:d8:f5:4f:52:8a:67:35:e3:e2:8f:c4:69:33:75:e1:02:
         6e:53:f1:c7:ea:a8:82:06:75:cf:af:38:a3:c9:a7:39:04:a9:
         3e:30:49:56:5c:66:23:a2:5c:dd:d3:7d:16:c5:0a:14:a9:ba:
         3e:fa:0c:63:70:a5:05:5b:f6:78:4c:d6:70:ec:a1:4e:8b:f3:
         d9:6d:54:eb:11:d4:0a:7a:07:9a:14:5e:f1:1e:63:34:17:cc:
         85:15:85:8a:63:f3:2b:c9:80:f9:70:f2:76:64:99:75:97:40:
         ef:00:81:68:15:e8:73:58:4f:ca:e3:23:b2:4c:ce:9c:2e:02:
         4a:41:67:22:23:7a:38:c4:db:e5:e9:d9:34:a3:f7:52:d4:8f:
         90:93:64:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlIlDZ2ONbJetDoCkmTMrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYTBiNWFjYTczMWVhNzFmMjZkNjNkMjNjMjJjMTIzYjJi
YjEyMGYwHhcNMjQwMTAyMDAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTEyNTQzZWQyMTFiNTliMDM3OTczMjRlNWYyN2VkOWRjMzIwY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGz0pGbRMDQ18qs4mAzIMMDHnILF
/l+urcATW95CgUJ5XMpMFWguLIxiNLX5h0DmX60yUg8RoTjCE+jaW7TAw+S7nGko
XQ40Hlvh/Q2k/6jmX9LPexHPbGeBtsovCp8FRmAceeTtkBZQEcviqdG0rqpSpuCh
Qrc8Jjijks9k46bZYBbIBaGFXbRX4UhpiJTzvPjd+diR3Zlc/k+2SgAN7+bT4w4W
tHHDXWMAXNnfEhdmrEc6hrTewr40SNacJN3mZEBW0i8N7ISsIP1hkVl/wKcDS3K3
dh93ewEf+sgGYoweQoxDgYf2KbMIwqJ6vUBsydCzuwhVQD9GDUzKg+LTKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUSVD7SEbWbA3lzJOXyftncMgzUMB8GA1UdIwQY
MBaAFHCgtaynMepx8m1j0jwiwSOyuxIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0tDMXJLY3g2bkh5YldQU1BDTEJJN0s3RWc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9mNjQ5ZTUtYTdjYi00MjE4LTkzZTAt
NDNlMzE4MDBkZjBjLzEvcFJKVVB0SVJ0WnNEZVhNazVmSi0yZHd5RE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9mNjQ5ZTUtYTdjYi00MjE4LTkzZTAtNDNlMzE4MDBkZjBj
LzEvY0tDMXJLY3g2bkh5YldQU1BDTEJJN0s3RWc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKIRMA0G
CSqGSIb3DQEBCwUAA4IBAQAQeaHFcK56xnbMd3WBsPQr1uuuX/J+75pnbZVSbuRy
gCr5HqVgctQ+GNkdQCXs0NsNJgiz0hzvc+0sSR9G8lwhi0J34VnUKpHXsku0G7yM
kWCuNn8DsCbEZvJdKRWW5E0OATnKGf+O6+cb8mHmitj1T1KKZzXj4o/EaTN14QJu
U/HH6qiCBnXPrzijyac5BKk+MElWXGYjolzd030WxQoUqbo++gxjcKUFW/Z4TNZw
7KFOi/PZbVTrEdQKegeaFF7xHmM0F8yFFYWKY/MryYD5cPJ2ZJl1l0DvAIFoFehz
WE/K4yOyTM6cLgJKQWciI3o4xNvl6dk0o/dS1I+Qk2TZ
-----END CERTIFICATE-----