Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/koOcvQxtcVZl3eWhSSs7N_ciN7w.roa
File:                     koOcvQxtcVZl3eWhSSs7N_ciN7w.roa (raw, json)
Hash identifier:          WV7HpPci6vmkQkb0+9TH+yYUKrDcBnz8IYJbr47vShE=
Subject key identifier:   92:83:9C:BD:0C:6D:71:56:65:DD:E5:A1:49:2B:3B:37:F7:22:37:BC
Certificate issuer:       /CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Certificate serial:       018CC4252FE445F6789ABFCEE0679A3CBE6E
Authority key identifier: 30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/koOcvQxtcVZl3eWhSSs7N_ciN7w.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197732
IP address blocks:        217.119.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2f:e4:45:f6:78:9a:bf:ce:e0:67:9a:3c:be:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92839cbd0c6d715665dde5a1492b3b37f72237bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:68:d6:83:45:86:51:17:63:ed:c6:82:a2:89:
                    fc:03:a0:ed:66:83:4e:41:b3:39:23:e3:f0:51:cc:
                    81:d9:75:b9:f5:68:84:b4:d4:27:e3:20:ce:88:f9:
                    47:0c:aa:f9:3c:c9:aa:2b:6d:8b:77:20:15:6d:1b:
                    69:b6:fd:0b:ae:b3:a7:14:f2:f2:28:df:b0:4c:6e:
                    80:d6:a7:95:82:22:93:46:87:8b:50:5f:65:2a:65:
                    09:07:6a:60:60:3d:51:c1:e2:1f:10:e6:8e:bd:1c:
                    02:7e:ab:c8:34:77:22:33:3a:1d:07:5f:20:07:ef:
                    22:f8:56:c4:44:dc:b1:04:71:58:8b:65:5d:d0:19:
                    35:bf:04:e1:e0:90:10:4d:82:96:bb:df:54:24:92:
                    7d:f2:e7:70:5c:e8:ef:2b:70:6b:97:ce:91:f0:80:
                    aa:f4:80:bf:a2:aa:5d:1c:af:f2:8a:f4:bb:1d:62:
                    16:97:11:a9:8a:89:6a:32:93:6f:81:b7:85:57:5a:
                    d0:de:ae:11:b0:01:ba:2b:97:f5:b9:8e:4a:55:a4:
                    8e:7e:22:86:b2:54:13:2d:cf:87:42:b2:74:24:ab:
                    07:1d:c3:4a:30:8f:5a:1c:a5:e1:3f:62:e0:be:ca:
                    0e:21:6c:14:bc:12:dd:d0:d5:62:73:f2:5f:bc:e2:
                    c1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:83:9C:BD:0C:6D:71:56:65:DD:E5:A1:49:2B:3B:37:F7:22:37:BC
            X509v3 Authority Key Identifier:
                keyid:30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/koOcvQxtcVZl3eWhSSs7N_ciN7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.119.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:e5:fd:13:23:26:fe:fb:b6:0c:99:2d:85:9c:bb:ff:31:fa:
         ba:bb:be:11:a9:36:f2:3c:29:d5:ba:f7:b0:57:99:be:3b:e3:
         8a:f6:32:9f:2e:42:ff:3b:ef:b6:34:46:72:c0:e4:f4:90:f1:
         39:8c:93:3b:5b:bd:89:98:2f:93:49:5e:a7:57:0b:bc:59:c1:
         69:48:c5:f2:9a:aa:d8:27:e5:45:71:81:d8:c8:49:3e:8e:7f:
         76:74:35:30:14:03:24:95:28:c5:7e:b2:d6:62:59:f2:1a:fd:
         83:82:7b:ea:bf:48:8a:93:ca:f0:3e:79:2b:9d:4f:06:5c:bf:
         32:49:b3:98:e0:c6:1f:eb:cc:5f:5f:f7:ed:cd:f2:9a:1f:12:
         ef:a2:a9:bc:7b:28:05:68:04:27:ba:37:64:d6:e3:39:96:ab:
         15:ba:a3:5e:a6:21:50:b7:f8:39:4c:b1:41:69:bb:f1:cd:65:
         08:75:7a:54:fb:f1:88:e6:74:35:7a:af:9c:6f:e3:80:2c:fc:
         99:0b:cc:ed:3d:08:1b:58:a8:66:67:44:3b:ee:9e:cd:d4:b1:
         81:f9:73:4b:28:89:fc:33:bb:03:0e:41:fc:8c:4c:12:8e:5e:
         6e:76:2c:e4:0d:7a:d3:d2:ea:40:ce:2e:2f:4f:dd:62:c1:f9:
         3a:bc:c8:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJS/kRfZ4mr/O4GeaPL5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Q4ODdjMDJlMDdjOWU0NzRkMWY4ZTIxMDQ5Y2FhNmNl
M2ZiZDMwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjgzOWNiZDBjNmQ3MTU2NjVkZGU1YTE0OTJiM2IzN2Y3MjIzN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomjWg0WGURdj7caCoon8A6DtZoNO
QbM5I+PwUcyB2XW59WiEtNQn4yDOiPlHDKr5PMmqK22LdyAVbRtptv0LrrOnFPLy
KN+wTG6A1qeVgiKTRoeLUF9lKmUJB2pgYD1RweIfEOaOvRwCfqvINHciMzodB18g
B+8i+FbERNyxBHFYi2Vd0Bk1vwTh4JAQTYKWu99UJJJ98udwXOjvK3Brl86R8ICq
9IC/oqpdHK/yivS7HWIWlxGpiolqMpNvgbeFV1rQ3q4RsAG6K5f1uY5KVaSOfiKG
slQTLc+HQrJ0JKsHHcNKMI9aHKXhP2LgvsoOIWwUvBLd0NVic/JfvOLB5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKDnL0MbXFWZd3loUkrOzf3Ije8MB8GA1UdIwQY
MBaAFDB9iHwC4HyeR00fjiEEnKps4/vTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMt
MWE1ZTVmMTkxYmZhLzEva29PY3ZReHRjVlpsM2VXaFNTczdOX2NpTjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMtMWE1ZTVmMTkxYmZh
LzEvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2Xe0MA0G
CSqGSIb3DQEBCwUAA4IBAQC55f0TIyb++7YMmS2FnLv/Mfq6u74RqTbyPCnVuvew
V5m+O+OK9jKfLkL/O++2NEZywOT0kPE5jJM7W72JmC+TSV6nVwu8WcFpSMXymqrY
J+VFcYHYyEk+jn92dDUwFAMklSjFfrLWYlnyGv2Dgnvqv0iKk8rwPnkrnU8GXL8y
SbOY4MYf68xfX/ftzfKaHxLvoqm8eygFaAQnujdk1uM5lqsVuqNepiFQt/g5TLFB
abvxzWUIdXpU+/GI5nQ1eq+cb+OALPyZC8ztPQgbWKhmZ0Q77p7N1LGB+XNLKIn8
M7sDDkH8jEwSjl5udizkDXrT0upAzi4vT91iwfk6vMh3
-----END CERTIFICATE-----