Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zOqD4vbiOHVWSPdXIUTyx-4uqPQ.roa
File:                     zOqD4vbiOHVWSPdXIUTyx-4uqPQ.roa (raw, json)
Hash identifier:          uG+KbmZ6XdtBa4aDD3jsBn5LnipBpkEuBhjriUfESQY=
Subject key identifier:   CC:EA:83:E2:F6:E2:38:75:56:48:F7:57:21:44:F2:C7:EE:2E:A8:F4
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E594183393BD78DE7948B9993C68
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zOqD4vbiOHVWSPdXIUTyx-4uqPQ.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208836
IP address blocks:        217.192.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e5:94:18:33:93:bd:78:de:79:48:b9:99:3c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccea83e2f6e238755648f7572144f2c7ee2ea8f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d6:6b:02:b0:49:91:e1:56:fe:e7:5b:0e:17:
                    49:35:6e:f6:69:e5:d3:65:13:41:23:66:5a:b3:61:
                    cf:35:e0:b7:8c:21:f8:13:b6:d1:3b:45:76:90:d0:
                    86:a9:82:d3:d4:4b:21:67:65:d9:c7:6b:4f:a3:f5:
                    e9:06:64:5c:24:b2:2f:3f:3c:8a:10:d7:67:8f:cf:
                    66:af:dc:93:20:2c:72:67:e5:b4:2e:d2:c3:a0:85:
                    e3:57:2d:94:bf:c9:1e:8d:52:f5:8b:43:93:64:19:
                    1c:76:dd:36:7f:0e:5b:9b:9f:a3:e4:9c:d0:9d:09:
                    3f:1a:e4:c1:8a:df:7d:3a:cc:59:59:33:c5:45:dd:
                    95:12:96:82:32:e3:ad:21:7d:36:9d:36:24:89:bb:
                    7a:89:1a:1f:20:75:5d:85:e2:c9:b6:de:fa:4e:5e:
                    b2:90:c5:17:d1:48:bb:95:4b:54:80:fd:e9:57:79:
                    14:87:36:a2:2f:cc:57:3c:73:5f:37:7d:6d:57:58:
                    58:98:d6:a9:3f:fe:e0:ac:84:30:35:57:4f:87:db:
                    f8:48:0e:43:94:ae:76:ab:83:99:e8:e5:c6:06:70:
                    42:b4:4a:98:64:82:52:e4:e4:eb:4a:3f:10:61:df:
                    67:da:74:a7:f6:80:d9:5d:ac:c1:8d:34:30:96:2d:
                    f1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EA:83:E2:F6:E2:38:75:56:48:F7:57:21:44:F2:C7:EE:2E:A8:F4
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zOqD4vbiOHVWSPdXIUTyx-4uqPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.192.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:20:bb:0f:fc:38:cd:bb:5d:eb:6e:5e:27:6a:72:bf:e7:18:
         9a:d0:ad:2b:c2:3d:61:fc:45:cb:66:a6:ed:ed:8a:62:16:33:
         b2:de:5e:46:c8:22:af:9a:97:6e:8c:41:05:78:4d:7a:43:9a:
         a8:3f:a6:89:eb:87:4e:ad:a6:58:f4:93:e5:06:c2:34:0e:ae:
         65:0b:ac:c5:89:8c:5c:ea:73:e7:6b:2a:78:0f:79:3d:4b:e3:
         af:54:da:6f:b0:83:6d:81:4a:ef:88:7b:ad:a5:e3:3e:85:6b:
         dd:ce:32:36:46:ab:d2:fb:f0:cb:3c:90:69:1d:47:97:8d:20:
         61:aa:12:b9:67:d8:51:d6:44:81:55:53:d4:a4:3a:87:1d:e8:
         ec:28:f6:ef:56:d3:18:41:cc:06:64:06:d5:b0:4b:dd:67:75:
         1a:14:74:64:0c:1f:05:00:ce:a7:3b:d6:4e:c2:a2:8f:92:15:
         45:0d:42:ae:de:58:1f:38:56:6c:5d:17:cb:56:cf:76:6d:4d:
         f0:65:2d:0d:1d:5e:8e:56:5f:cb:fa:73:a4:1e:32:cf:41:21:
         41:38:62:95:95:26:35:c9:f4:53:0c:09:99:4c:5f:cd:ad:22:
         c4:d0:4e:4e:87:e2:80:2f:00:bf:c7:f1:16:90:1d:5b:61:00:
         20:af:96:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOWUGDOTvXjeeUi5mTxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2VhODNlMmY2ZTIzODc1NTY0OGY3NTcyMTQ0ZjJjN2VlMmVhOGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNZrArBJkeFW/udbDhdJNW72aeXT
ZRNBI2Zas2HPNeC3jCH4E7bRO0V2kNCGqYLT1EshZ2XZx2tPo/XpBmRcJLIvPzyK
ENdnj89mr9yTICxyZ+W0LtLDoIXjVy2Uv8kejVL1i0OTZBkcdt02fw5bm5+j5JzQ
nQk/GuTBit99OsxZWTPFRd2VEpaCMuOtIX02nTYkibt6iRofIHVdheLJtt76Tl6y
kMUX0Ui7lUtUgP3pV3kUhzaiL8xXPHNfN31tV1hYmNapP/7grIQwNVdPh9v4SA5D
lK52q4OZ6OXGBnBCtEqYZIJS5OTrSj8QYd9n2nSn9oDZXazBjTQwli3x/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzqg+L24jh1Vkj3VyFE8sfuLqj0MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvek9xRDR2YmlPSFZXU1BkWElVVHl4LTR1cVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cAeMA0G
CSqGSIb3DQEBCwUAA4IBAQCuILsP/DjNu13rbl4nanK/5xia0K0rwj1h/EXLZqbt
7YpiFjOy3l5GyCKvmpdujEEFeE16Q5qoP6aJ64dOraZY9JPlBsI0Dq5lC6zFiYxc
6nPnayp4D3k9S+OvVNpvsINtgUrviHutpeM+hWvdzjI2RqvS+/DLPJBpHUeXjSBh
qhK5Z9hR1kSBVVPUpDqHHejsKPbvVtMYQcwGZAbVsEvdZ3UaFHRkDB8FAM6nO9ZO
wqKPkhVFDUKu3lgfOFZsXRfLVs92bU3wZS0NHV6OVl/L+nOkHjLPQSFBOGKVlSY1
yfRTDAmZTF/NrSLE0E5Oh+KALwC/x/EWkB1bYQAgr5a8
-----END CERTIFICATE-----