Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/02HcPtPfECDB46FwVnUKldpukZQ.roa
File:                     02HcPtPfECDB46FwVnUKldpukZQ.roa (raw, json)
Hash identifier:          TtOufFcg2LX67lD1gmfZ6Uhk8HaY0JyuUZA2t3vQtn8=
Subject key identifier:   D3:61:DC:3E:D3:DF:10:20:C1:E3:A1:70:56:75:0A:95:DA:6E:91:94
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D4364E4D2803C6BD8C56CEB78C94
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/02HcPtPfECDB46FwVnUKldpukZQ.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44152
IP address blocks:        217.110.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d4:36:4e:4d:28:03:c6:bd:8c:56:ce:b7:8c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d361dc3ed3df1020c1e3a17056750a95da6e9194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:91:41:ce:cf:d4:d4:ba:4e:21:26:8b:7c:81:
                    6f:b8:6b:5c:e8:ff:61:c8:6f:28:d2:69:de:63:f9:
                    54:db:29:14:19:c7:58:4e:91:02:c0:87:52:1c:38:
                    b2:c7:01:25:81:32:a1:a5:68:ad:bb:a9:ac:89:a4:
                    91:a8:6e:99:c1:c4:98:94:d8:7e:8f:c7:9c:d0:c5:
                    6b:a6:d4:3c:50:c9:95:5e:02:9d:8a:c3:03:cf:fb:
                    51:25:1e:70:fe:13:27:1a:6a:8a:47:f0:69:65:69:
                    f2:4b:a1:bb:dd:dc:18:f2:02:b9:a6:b3:e5:73:46:
                    d6:88:7c:0f:a1:ae:aa:b2:32:bc:0b:d2:94:28:9e:
                    b1:79:56:2a:b9:53:f6:0f:49:0e:65:ff:18:bc:0e:
                    6b:99:71:39:7e:6d:e7:25:69:d6:1c:0d:9c:c7:77:
                    ed:16:86:1d:dc:e3:2a:e0:de:d0:c0:1b:d0:0d:20:
                    e7:03:ef:ec:6a:b2:6c:d6:c7:e7:9b:2f:77:54:0b:
                    65:8b:4c:dd:5c:3b:a5:5e:96:7d:f0:cf:6b:0b:46:
                    f3:30:74:a5:5e:fd:17:bc:f9:00:08:89:9a:08:22:
                    a7:a1:b6:a3:20:f3:81:b1:26:9a:2b:93:86:52:f5:
                    64:a3:87:e6:9c:4a:d8:c1:f6:b4:5b:c6:e5:3b:16:
                    5a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:61:DC:3E:D3:DF:10:20:C1:E3:A1:70:56:75:0A:95:DA:6E:91:94
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/02HcPtPfECDB46FwVnUKldpukZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.110.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:7c:8b:5f:de:fe:6d:dd:98:2e:53:a7:b6:ef:ce:76:a4:18:
         21:12:3e:4e:c7:7f:7a:3f:86:f6:01:64:d4:d9:9b:95:e5:03:
         56:c8:cb:b8:0b:65:17:57:93:71:78:92:71:82:90:82:e9:c9:
         e9:d8:57:e8:e5:46:37:49:e6:62:e3:15:63:aa:87:60:f7:8e:
         87:b5:90:e9:28:a8:21:a5:42:d7:be:51:06:b2:6e:1b:e8:39:
         d2:21:70:96:36:7d:64:4a:dd:96:47:55:69:ec:6a:1f:21:63:
         0e:1c:a4:c1:07:03:5e:1e:96:fb:0c:b8:29:8e:6e:8d:02:a4:
         3b:f4:77:3a:c6:31:aa:a8:b2:c9:00:68:43:9b:94:68:56:02:
         71:34:fc:bf:88:68:2b:3d:e1:84:03:31:61:90:7c:63:1b:d7:
         d4:12:d9:16:66:c4:25:a0:06:9e:e3:aa:32:86:59:4e:35:61:
         4e:53:9f:cf:c4:af:80:04:a4:95:f3:c2:22:ef:ae:d0:bc:80:
         61:33:34:58:3f:22:00:98:b2:60:72:1e:a1:8e:2d:dd:78:8b:
         42:d1:d1:05:67:ce:a4:5c:65:2e:6e:9e:de:c9:b3:94:0d:2b:
         6f:4b:d0:63:eb:42:48:f1:09:25:1d:2e:db:e5:4c:5b:3d:0a:
         ce:4c:e3:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttQ2Tk0oA8a9jFbOt4yUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzYxZGMzZWQzZGYxMDIwYzFlM2ExNzA1Njc1MGE5NWRhNmU5MTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZFBzs/U1LpOISaLfIFvuGtc6P9h
yG8o0mneY/lU2ykUGcdYTpECwIdSHDiyxwElgTKhpWitu6msiaSRqG6ZwcSYlNh+
j8ec0MVrptQ8UMmVXgKdisMDz/tRJR5w/hMnGmqKR/BpZWnyS6G73dwY8gK5prPl
c0bWiHwPoa6qsjK8C9KUKJ6xeVYquVP2D0kOZf8YvA5rmXE5fm3nJWnWHA2cx3ft
FoYd3OMq4N7QwBvQDSDnA+/sarJs1sfnmy93VAtli0zdXDulXpZ98M9rC0bzMHSl
Xv0XvPkACImaCCKnobajIPOBsSaaK5OGUvVko4fmnErYwfa0W8blOxZa+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNh3D7T3xAgweOhcFZ1CpXabpGUMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvMDJIY1B0UGZFQ0RCNDZGd1ZuVUtsZHB1a1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2W4sMA0G
CSqGSIb3DQEBCwUAA4IBAQBofItf3v5t3ZguU6e27852pBghEj5Ox396P4b2AWTU
2ZuV5QNWyMu4C2UXV5NxeJJxgpCC6cnp2Ffo5UY3SeZi4xVjqodg946HtZDpKKgh
pULXvlEGsm4b6DnSIXCWNn1kSt2WR1Vp7GofIWMOHKTBBwNeHpb7DLgpjm6NAqQ7
9Hc6xjGqqLLJAGhDm5RoVgJxNPy/iGgrPeGEAzFhkHxjG9fUEtkWZsQloAae46oy
hllONWFOU5/PxK+ABKSV88Ii767QvIBhMzRYPyIAmLJgch6hji3deItC0dEFZ86k
XGUubp7eybOUDStvS9Bj60JI8QklHS7b5UxbPQrOTOND
-----END CERTIFICATE-----