Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/RH_kO6elQJFTx1PocQv0Z--BVd4.roa
File:                     RH_kO6elQJFTx1PocQv0Z--BVd4.roa (raw, json)
Hash identifier:          ggybE4+sLWjUk2WTinMNZvmPj/oPPQivH0HOl7gAwLw=
Subject key identifier:   44:7F:E4:3B:A7:A5:40:91:53:C7:53:E8:71:0B:F4:67:EF:81:55:DE
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DA7B60F737DB724AE9E783081AA4
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/RH_kO6elQJFTx1PocQv0Z--BVd4.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47803
IP address blocks:        217.192.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:da:7b:60:f7:37:db:72:4a:e9:e7:83:08:1a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=447fe43ba7a5409153c753e8710bf467ef8155de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:df:72:9a:3e:4d:72:c7:3b:e1:b9:23:6e:86:
                    30:fb:e0:1e:93:e8:16:26:2b:d7:c8:bf:8c:38:06:
                    ed:7f:4c:ac:7c:57:e5:73:bb:a9:96:af:10:7f:fe:
                    9e:05:bd:9c:63:4d:98:21:aa:51:e4:6d:33:3a:9d:
                    dc:b2:df:45:5d:95:78:09:e6:8c:4c:0b:bd:ed:9a:
                    40:9e:46:bf:84:d5:af:fd:2e:b2:d5:a6:e0:9c:a6:
                    55:39:83:df:70:1a:5e:b4:9c:e7:21:0b:c0:8b:30:
                    46:79:d5:d9:23:51:7b:be:56:73:a1:ae:e1:fb:71:
                    19:be:db:8c:ec:86:ff:61:49:af:33:7a:43:1a:03:
                    fe:41:e4:57:84:87:8c:17:0b:f9:74:e4:f1:84:ba:
                    70:ce:37:bc:97:51:08:2e:53:99:e5:ec:6c:18:da:
                    e6:5a:02:f9:db:b3:69:59:05:29:52:a8:e2:aa:f2:
                    43:86:69:6f:0c:0b:50:08:15:66:5a:24:07:e7:25:
                    cd:44:3a:bf:e6:f7:a9:d5:af:59:00:a6:e3:9b:bb:
                    2a:2d:1e:77:5e:52:2d:67:55:34:99:75:cd:19:e1:
                    3d:86:73:79:a7:3a:b3:49:d6:c5:b1:ae:78:aa:d1:
                    de:77:99:70:bd:61:bf:a6:43:03:95:fc:0f:33:46:
                    06:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:7F:E4:3B:A7:A5:40:91:53:C7:53:E8:71:0B:F4:67:EF:81:55:DE
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/RH_kO6elQJFTx1PocQv0Z--BVd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.192.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:2a:cc:8b:fe:62:26:09:46:e9:37:54:04:42:76:0f:65:19:
         6d:95:da:9a:19:09:4e:48:51:02:4d:d2:5a:b1:70:ac:dd:2e:
         23:a2:24:70:a3:b6:0c:bb:99:6b:38:b2:99:83:1b:c4:32:15:
         1f:1b:f7:60:86:a5:d1:8a:47:d1:72:86:11:a5:2e:a1:18:80:
         cd:d5:b5:f6:35:b2:3b:34:ef:6c:de:af:d6:bb:3d:1b:99:32:
         56:b4:fa:1e:2d:9e:71:84:4e:c1:5e:5b:6b:46:ed:f5:ab:96:
         95:41:1e:61:5d:d9:c4:2e:92:68:68:43:7d:06:78:2f:76:f7:
         64:84:2b:9e:94:3a:a1:06:56:29:b9:db:43:13:53:8c:8a:1e:
         2b:cb:58:4c:49:8e:1d:ff:f1:72:cd:59:19:93:99:f8:e5:2b:
         47:e4:4f:40:65:a0:c9:fe:56:05:6e:26:13:d3:66:35:40:d1:
         9a:3d:ea:ad:f6:08:06:02:d2:c4:7f:13:39:61:19:3c:08:aa:
         80:c4:6f:c5:7e:08:79:86:b0:58:c7:c0:da:e5:a9:ac:9d:36:
         a6:d1:b8:fa:c6:70:48:30:8f:40:e5:27:86:31:7d:1e:10:e6:
         08:d0:5d:4c:af:c8:0e:ff:06:f4:00:46:03:fe:b2:f5:a7:03:
         2b:2c:7f:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNp7YPc323JK6eeDCBqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDdmZTQzYmE3YTU0MDkxNTNjNzUzZTg3MTBiZjQ2N2VmODE1NWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt9ymj5Ncsc74bkjboYw++Aek+gW
JivXyL+MOAbtf0ysfFflc7uplq8Qf/6eBb2cY02YIapR5G0zOp3cst9FXZV4CeaM
TAu97ZpAnka/hNWv/S6y1abgnKZVOYPfcBpetJznIQvAizBGedXZI1F7vlZzoa7h
+3EZvtuM7Ib/YUmvM3pDGgP+QeRXhIeMFwv5dOTxhLpwzje8l1EILlOZ5exsGNrm
WgL527NpWQUpUqjiqvJDhmlvDAtQCBVmWiQH5yXNRDq/5vep1a9ZAKbjm7sqLR53
XlItZ1U0mXXNGeE9hnN5pzqzSdbFsa54qtHed5lwvWG/pkMDlfwPM0YGPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFER/5DunpUCRU8dT6HEL9GfvgVXeMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvUkhfa082ZWxRSkZUeDFQb2NRdjBaLS1CVmQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cBcMA0G
CSqGSIb3DQEBCwUAA4IBAQAtKsyL/mImCUbpN1QEQnYPZRltldqaGQlOSFECTdJa
sXCs3S4joiRwo7YMu5lrOLKZgxvEMhUfG/dghqXRikfRcoYRpS6hGIDN1bX2NbI7
NO9s3q/Wuz0bmTJWtPoeLZ5xhE7BXltrRu31q5aVQR5hXdnELpJoaEN9Bngvdvdk
hCuelDqhBlYpudtDE1OMih4ry1hMSY4d//FyzVkZk5n45StH5E9AZaDJ/lYFbiYT
02Y1QNGaPeqt9ggGAtLEfxM5YRk8CKqAxG/Ffgh5hrBYx8Da5amsnTam0bj6xnBI
MI9A5SeGMX0eEOYI0F1Mr8gO/wb0AEYD/rL1pwMrLH99
-----END CERTIFICATE-----