Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/xte_zZL6qDViq-RXAwMu9HyRPUI.roa
File:                     xte_zZL6qDViq-RXAwMu9HyRPUI.roa (raw, json)
Hash identifier:          z798amzVLPdwPm1RNpBKehVKSE6ZDaxq0jwir1l/4zk=
Subject key identifier:   C6:D7:BF:CD:92:FA:A8:35:62:AB:E4:57:03:03:2E:F4:7C:91:3D:42
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D2D6E2330397C6AD062D48653AFE
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/xte_zZL6qDViq-RXAwMu9HyRPUI.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27447
IP address blocks:        217.111.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d2:d6:e2:33:03:97:c6:ad:06:2d:48:65:3a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6d7bfcd92faa83562abe45703032ef47c913d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:63:72:a4:54:f0:d5:2f:12:ff:cc:74:b6:da:
                    16:4b:d6:d4:23:1a:01:10:69:2f:e2:32:97:ba:79:
                    42:aa:c4:8a:67:f3:f8:65:c8:48:74:3b:b1:a3:18:
                    ca:07:d0:f9:65:85:26:43:e0:d8:df:d3:74:cf:4b:
                    b6:c1:fd:65:e0:0f:cd:8c:6d:b4:ec:25:19:30:09:
                    42:2b:a3:8a:ba:19:09:23:80:a8:de:1e:9d:f3:2c:
                    1f:1d:1d:4d:c6:2e:35:8b:a2:f7:31:f9:27:c6:be:
                    fa:48:47:42:53:94:d3:ec:b0:a6:8d:f6:52:15:b4:
                    3e:a9:f1:7e:a9:af:87:69:04:5e:0e:cf:27:88:b7:
                    2e:9f:c9:af:ec:f8:d0:e9:15:f5:1f:c2:11:a2:a6:
                    f7:e9:67:d0:48:79:c3:02:eb:63:6e:51:32:85:af:
                    10:e3:93:01:91:fc:d1:08:bb:bc:28:a1:6f:df:ec:
                    d3:a0:ed:18:4e:c8:99:fb:77:d8:81:1b:a4:c9:33:
                    92:f3:fc:17:4c:3d:6c:de:f0:52:26:af:c6:7d:aa:
                    1d:01:6d:7e:02:76:13:56:b4:ea:f8:12:97:f6:f8:
                    2d:80:aa:bb:3c:0d:f0:c2:6c:38:bd:ea:42:ed:51:
                    f5:d2:10:62:41:52:a3:a4:71:01:9e:5c:f2:0d:f4:
                    88:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D7:BF:CD:92:FA:A8:35:62:AB:E4:57:03:03:2E:F4:7C:91:3D:42
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/xte_zZL6qDViq-RXAwMu9HyRPUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.111.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:95:9d:59:6c:3b:c1:76:18:d2:b3:54:7e:c2:4b:bb:96:ae:
         f5:82:b0:3f:7d:8d:1f:d8:f8:fb:9a:57:3a:f0:9f:02:af:a0:
         d7:22:fd:59:5c:05:bc:1c:93:d7:06:3f:a0:e8:72:20:13:5c:
         c0:74:bc:f2:0f:85:0b:39:69:38:80:45:28:aa:16:22:f4:e7:
         08:d4:89:1b:e0:57:6d:0e:f8:8e:bb:3f:ab:37:28:d1:54:ce:
         2d:7d:db:6d:16:ac:86:7c:65:36:37:bc:35:d0:df:46:70:06:
         30:c0:23:6c:c6:6d:27:d7:6b:68:8f:64:1a:be:67:57:60:dd:
         54:57:ec:fb:2f:70:0f:5d:fd:40:53:9d:1a:00:1e:fd:85:60:
         cd:78:df:ab:c7:7d:93:f6:58:2d:7e:cb:b8:5f:f4:bf:50:9b:
         95:0b:e7:d8:ea:c3:74:84:d0:90:13:74:bf:f4:0a:f1:30:22:
         17:ed:7a:51:35:66:61:4a:f8:bd:01:ab:f1:0b:be:0d:76:4a:
         5d:b5:e7:96:95:f8:43:2d:ed:d5:8b:dd:bc:f0:65:b0:6d:56:
         83:e2:e1:6b:de:97:d5:63:2f:b6:82:b6:52:21:99:f4:f9:34:
         7e:14:81:7f:f4:8f:e8:fd:d7:12:7f:65:43:8a:5e:a1:fb:38:
         0d:56:fb:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttLW4jMDl8atBi1IZTr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQ3YmZjZDkyZmFhODM1NjJhYmU0NTcwMzAzMmVmNDdjOTEzZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGNypFTw1S8S/8x0ttoWS9bUIxoB
EGkv4jKXunlCqsSKZ/P4ZchIdDuxoxjKB9D5ZYUmQ+DY39N0z0u2wf1l4A/NjG20
7CUZMAlCK6OKuhkJI4Co3h6d8ywfHR1Nxi41i6L3Mfknxr76SEdCU5TT7LCmjfZS
FbQ+qfF+qa+HaQReDs8niLcun8mv7PjQ6RX1H8IRoqb36WfQSHnDAutjblEyha8Q
45MBkfzRCLu8KKFv3+zToO0YTsiZ+3fYgRukyTOS8/wXTD1s3vBSJq/GfaodAW1+
AnYTVrTq+BKX9vgtgKq7PA3wwmw4vepC7VH10hBiQVKjpHEBnlzyDfSI9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbXv82S+qg1YqvkVwMDLvR8kT1CMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEveHRlX3paTDZxRFZpcS1SWEF3TXU5SHlSUFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2W/GMA0G
CSqGSIb3DQEBCwUAA4IBAQAYlZ1ZbDvBdhjSs1R+wku7lq71grA/fY0f2Pj7mlc6
8J8Cr6DXIv1ZXAW8HJPXBj+g6HIgE1zAdLzyD4ULOWk4gEUoqhYi9OcI1Ikb4Fdt
DviOuz+rNyjRVM4tfdttFqyGfGU2N7w10N9GcAYwwCNsxm0n12toj2QavmdXYN1U
V+z7L3APXf1AU50aAB79hWDNeN+rx32T9lgtfsu4X/S/UJuVC+fY6sN0hNCQE3S/
9ArxMCIX7XpRNWZhSvi9AavxC74NdkpdteeWlfhDLe3Vi9288GWwbVaD4uFr3pfV
Yy+2grZSIZn0+TR+FIF/9I/o/dcSf2VDil6h+zgNVvuq
-----END CERTIFICATE-----