Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/c27389-de12-4d13-9880-6bd844ea86c7/1/2hcTinjcpAKRKm_6dFI4nMxflFI.roa
File:                     2hcTinjcpAKRKm_6dFI4nMxflFI.roa (raw, json)
Hash identifier:          skggG2/1/w6mWKgEPT30i/Ts4MPJLeqkUCepjgH5424=
Subject key identifier:   DA:17:13:8A:78:DC:A4:02:91:2A:6F:FA:74:52:38:9C:CC:5F:94:52
Certificate issuer:       /CN=661e7174bf9e9ea1b64a92ba65ffcf1e931cce32
Certificate serial:       018CC94E5CF2F2EC71CF764EE7D85C84302E
Authority key identifier: 66:1E:71:74:BF:9E:9E:A1:B6:4A:92:BA:65:FF:CF:1E:93:1C:CE:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zh5xdL-enqG2SpK6Zf_PHpMczjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/c27389-de12-4d13-9880-6bd844ea86c7/1/2hcTinjcpAKRKm_6dFI4nMxflFI.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30875
IP address blocks:        185.101.108.0/22 maxlen: 22
                          185.101.111.240/28 maxlen: 28
                          2a06:1d00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/c27389-de12-4d13-9880-6bd844ea86c7/1/Zh5xdL-enqG2SpK6Zf_PHpMczjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/c27389-de12-4d13-9880-6bd844ea86c7/1/Zh5xdL-enqG2SpK6Zf_PHpMczjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zh5xdL-enqG2SpK6Zf_PHpMczjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5c:f2:f2:ec:71:cf:76:4e:e7:d8:5c:84:30:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=661e7174bf9e9ea1b64a92ba65ffcf1e931cce32
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da17138a78dca402912a6ffa7452389ccc5f9452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fe:ec:71:53:4e:f2:a3:cb:8a:e6:b0:5a:04:
                    b5:f4:8d:0e:98:3d:16:96:8f:d3:a7:eb:55:92:3c:
                    cf:dd:17:6e:d2:68:36:01:5a:98:d5:c2:03:e9:c7:
                    7e:52:a3:f8:41:a1:f2:40:48:de:fc:c8:e5:20:20:
                    39:86:4e:8a:2f:ad:35:7b:82:b8:64:3b:55:b5:53:
                    cd:91:fa:6d:70:1f:69:a9:80:1c:a9:16:24:02:dc:
                    d4:fe:cd:cb:37:11:27:02:39:de:ed:b5:d0:ad:10:
                    26:8d:f3:e6:c8:f5:16:ea:34:5e:cd:f1:71:56:99:
                    82:ef:b1:5e:a7:e6:0c:15:46:27:a3:91:5b:60:80:
                    9e:74:63:cf:1c:13:f7:91:ad:96:f3:5e:80:80:60:
                    b5:a5:f5:eb:d8:e0:ca:19:7c:10:3c:42:be:04:48:
                    39:51:d8:1d:23:0e:74:27:a0:83:9f:6b:42:7a:9c:
                    b7:dd:d3:bd:ba:94:9b:2b:14:2a:85:94:1c:44:0b:
                    a5:ab:d5:a2:3f:32:98:ea:3a:e5:0e:5b:04:45:7c:
                    cc:82:f5:3d:27:35:7d:44:2c:a8:25:76:99:23:f6:
                    e4:56:1d:d7:ba:a9:ac:0b:eb:f9:2c:50:8b:54:27:
                    f6:a3:6a:b3:72:1a:ae:c8:91:0c:b9:11:77:d1:a4:
                    07:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:17:13:8A:78:DC:A4:02:91:2A:6F:FA:74:52:38:9C:CC:5F:94:52
            X509v3 Authority Key Identifier:
                keyid:66:1E:71:74:BF:9E:9E:A1:B6:4A:92:BA:65:FF:CF:1E:93:1C:CE:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zh5xdL-enqG2SpK6Zf_PHpMczjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c27389-de12-4d13-9880-6bd844ea86c7/1/2hcTinjcpAKRKm_6dFI4nMxflFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c27389-de12-4d13-9880-6bd844ea86c7/1/Zh5xdL-enqG2SpK6Zf_PHpMczjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.108.0/22
                IPv6:
                  2a06:1d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:31:f6:32:a6:7b:ad:b0:67:30:8b:e6:59:8a:36:df:5e:df:
         32:6a:be:43:5c:76:28:9d:50:16:5d:45:fe:6f:a5:c1:6e:6a:
         e1:97:6b:a4:ab:6d:45:f5:5f:24:68:89:a2:3b:8f:c7:e1:ec:
         44:25:53:40:62:b8:9c:35:ea:33:c2:be:78:6d:ac:93:3d:5e:
         56:40:09:fe:63:e2:d9:ac:6a:98:10:0c:d5:b0:96:17:c1:d3:
         cb:b3:3c:d2:1d:c4:54:3d:4d:46:12:c3:99:9a:e4:55:22:e6:
         fe:20:a5:7a:f7:f9:5d:7d:bc:97:6a:d1:8e:28:d8:e9:38:2b:
         d7:be:1d:68:6b:ff:b5:0c:bc:8d:92:cb:c4:14:4b:1d:74:a0:
         ca:67:41:a0:c5:ad:bc:cf:69:c9:e7:3b:62:77:4e:ff:df:3a:
         f0:bf:0c:8f:0d:2f:d7:de:74:0a:a5:d2:dd:32:1d:70:20:da:
         ff:33:5f:4b:e8:33:e4:d1:ad:57:6c:26:79:24:fe:ee:b8:82:
         06:fb:c4:4e:5c:18:c9:16:30:be:f5:4e:e0:48:04:ca:8c:27:
         c1:1f:ca:ca:f9:93:6f:fb:36:41:c1:4f:fc:38:7f:d1:dd:f8:
         5c:e6:0f:79:47:e3:96:c8:60:c2:24:db:ec:ff:82:3c:a4:7d:
         a8:66:ce:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTlzy8uxxz3ZO59hchDAuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MWU3MTc0YmY5ZTllYTFiNjRhOTJiYTY1ZmZjZjFlOTMx
Y2NlMzIwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTE3MTM4YTc4ZGNhNDAyOTEyYTZmZmE3NDUyMzg5Y2NjNWY5NDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP7scVNO8qPLiuawWgS19I0OmD0W
lo/Tp+tVkjzP3Rdu0mg2AVqY1cID6cd+UqP4QaHyQEje/MjlICA5hk6KL601e4K4
ZDtVtVPNkfptcB9pqYAcqRYkAtzU/s3LNxEnAjne7bXQrRAmjfPmyPUW6jRezfFx
VpmC77Fep+YMFUYno5FbYICedGPPHBP3ka2W816AgGC1pfXr2ODKGXwQPEK+BEg5
UdgdIw50J6CDn2tCepy33dO9upSbKxQqhZQcRAulq9WiPzKY6jrlDlsERXzMgvU9
JzV9RCyoJXaZI/bkVh3XuqmsC+v5LFCLVCf2o2qzchquyJEMuRF30aQH1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNoXE4p43KQCkSpv+nRSOJzMX5RSMB8GA1UdIwQY
MBaAFGYecXS/np6htkqSumX/zx6THM4yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmg1eGRMLWVucUcyU3BLNlpmX1BIcE1jempJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9jMjczODktZGUxMi00ZDEzLTk4ODAt
NmJkODQ0ZWE4NmM3LzEvMmhjVGluamNwQUtSS21fNmRGSTRuTXhmbEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9jMjczODktZGUxMi00ZDEzLTk4ODAtNmJkODQ0ZWE4NmM3
LzEvWmg1eGRMLWVucUcyU3BLNlpmX1BIcE1jempJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWVsMA0E
AgACMAcDBQMqBh0AMA0GCSqGSIb3DQEBCwUAA4IBAQCpMfYypnutsGcwi+ZZijbf
Xt8yar5DXHYonVAWXUX+b6XBbmrhl2ukq21F9V8kaImiO4/H4exEJVNAYricNeoz
wr54bayTPV5WQAn+Y+LZrGqYEAzVsJYXwdPLszzSHcRUPU1GEsOZmuRVIub+IKV6
9/ldfbyXatGOKNjpOCvXvh1oa/+1DLyNksvEFEsddKDKZ0Ggxa28z2nJ5ztid07/
3zrwvwyPDS/X3nQKpdLdMh1wINr/M19L6DPk0a1XbCZ5JP7uuIIG+8ROXBjJFjC+
9U7gSATKjCfBH8rK+ZNv+zZBwU/8OH/R3fhc5g95R+OWyGDCJNvs/4I8pH2oZs4D
-----END CERTIFICATE-----