Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/b_KA0pe_3SV4b4OIrpWiYpPfqCQ.roa
File:                     b_KA0pe_3SV4b4OIrpWiYpPfqCQ.roa (raw, json)
Hash identifier:          9qaURqUCpqCLxfGkQ5oErMtxlZU5r6GR8dAUbTuWkUg=
Subject key identifier:   6F:F2:80:D2:97:BF:DD:25:78:6F:83:88:AE:95:A2:62:93:DF:A8:24
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4938FE2E3F843AEE9FFD50261DB0B17
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/b_KA0pe_3SV4b4OIrpWiYpPfqCQ.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42093
IP address blocks:        217.170.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8f:e2:e3:f8:43:ae:e9:ff:d5:02:61:db:0b:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ff280d297bfdd25786f8388ae95a26293dfa824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:bc:42:c2:f1:f8:f3:2f:c3:9f:6e:4b:5e:4c:
                    53:a8:58:97:c9:ce:67:56:1e:4b:04:6b:75:1e:93:
                    58:91:72:fb:99:bd:a0:38:d0:68:39:3a:9c:43:bc:
                    0f:9c:db:f6:cd:df:68:62:04:8f:01:eb:3f:d1:5f:
                    bd:99:dd:67:a5:7f:33:9f:7a:0d:e6:20:48:4d:55:
                    a1:f3:06:d9:6d:ff:d7:40:5d:17:6d:a1:d7:58:a1:
                    5f:c0:c7:41:80:39:d5:a3:83:ce:9d:71:15:b4:2a:
                    01:f8:2c:98:09:5d:13:40:a7:78:1b:1e:bb:f5:8a:
                    77:6c:41:37:2b:cd:54:f9:56:00:a0:4f:e6:3d:60:
                    64:04:9c:3f:ff:a2:8c:b6:72:ec:62:ad:fd:eb:51:
                    d7:72:a1:e2:73:f8:3d:41:65:60:10:e2:e4:c8:a3:
                    25:06:49:52:4b:23:22:f0:dd:51:26:ee:f8:5b:b3:
                    e8:9a:a4:7f:df:dc:ba:80:e3:dd:85:45:3f:3e:e4:
                    86:8d:05:a3:1c:cd:99:a8:fe:e2:04:4c:e6:e1:0c:
                    9a:bf:49:4f:dc:76:7f:47:ac:8c:e7:f9:0f:20:9c:
                    ee:08:43:1a:1d:e5:c0:01:b8:e3:05:df:d2:5c:ca:
                    42:ba:e0:f9:b5:5b:44:50:29:0f:a9:ad:c8:0f:64:
                    39:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F2:80:D2:97:BF:DD:25:78:6F:83:88:AE:95:A2:62:93:DF:A8:24
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/b_KA0pe_3SV4b4OIrpWiYpPfqCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:74:34:45:b8:83:c6:f4:7b:19:ba:06:30:a0:0d:bf:19:bd:
         c7:b2:55:d1:70:90:3d:f0:be:b5:5f:b3:d8:a4:bd:9e:cd:8f:
         d9:fe:20:61:eb:d2:48:f6:a2:d9:f9:80:15:fb:81:8f:97:c9:
         5d:7a:a5:67:0d:df:d8:3d:fa:51:43:74:1b:9c:04:6e:0e:f8:
         b8:70:15:4c:e1:7c:16:9f:21:3c:71:45:f5:6b:d8:60:3f:7d:
         9a:cb:1a:8b:1e:79:d8:b5:7c:43:25:05:95:a2:79:13:0a:a2:
         6b:0c:c1:3f:9b:2f:22:db:9e:51:b5:00:e5:b3:e0:d4:2c:c2:
         e7:9a:bc:c9:a5:e4:b3:13:8d:a9:b6:4d:10:97:65:76:f4:1e:
         a7:67:0d:ee:9a:bd:84:1a:06:c9:2e:7b:4d:ac:a9:f3:e6:fd:
         cf:d8:d9:5c:69:0d:5c:23:4e:b6:f5:d1:5a:66:52:45:0d:6a:
         a1:e2:61:3e:88:d0:e5:28:88:c5:f4:08:e6:5d:94:cf:8a:66:
         f3:2f:f6:37:a8:e4:ff:71:a2:ea:de:e4:dc:8e:35:37:f0:fc:
         90:03:b4:cf:46:27:ba:43:12:91:3b:3d:9c:cc:55:f6:6f:0d:
         cb:f1:f6:68:c2:d1:51:a6:a5:0c:e2:36:60:17:0e:fc:65:f0:
         af:b2:2e:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4/i4/hDrun/1QJh2wsXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYyODBkMjk3YmZkZDI1Nzg2ZjgzODhhZTk1YTI2MjkzZGZhODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbxCwvH48y/Dn25LXkxTqFiXyc5n
Vh5LBGt1HpNYkXL7mb2gONBoOTqcQ7wPnNv2zd9oYgSPAes/0V+9md1npX8zn3oN
5iBITVWh8wbZbf/XQF0XbaHXWKFfwMdBgDnVo4POnXEVtCoB+CyYCV0TQKd4Gx67
9Yp3bEE3K81U+VYAoE/mPWBkBJw//6KMtnLsYq3961HXcqHic/g9QWVgEOLkyKMl
BklSSyMi8N1RJu74W7PomqR/39y6gOPdhUU/PuSGjQWjHM2ZqP7iBEzm4Qyav0lP
3HZ/R6yM5/kPIJzuCEMaHeXAAbjjBd/SXMpCuuD5tVtEUCkPqa3ID2Q5bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/ygNKXv90leG+DiK6VomKT36gkMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvYl9LQTBwZV8zU1Y0YjRPSXJwV2lZcFBmcUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2aoEMA0G
CSqGSIb3DQEBCwUAA4IBAQB/dDRFuIPG9HsZugYwoA2/Gb3HslXRcJA98L61X7PY
pL2ezY/Z/iBh69JI9qLZ+YAV+4GPl8ldeqVnDd/YPfpRQ3QbnARuDvi4cBVM4XwW
nyE8cUX1a9hgP32ayxqLHnnYtXxDJQWVonkTCqJrDME/my8i255RtQDls+DULMLn
mrzJpeSzE42ptk0Ql2V29B6nZw3umr2EGgbJLntNrKnz5v3P2NlcaQ1cI0629dFa
ZlJFDWqh4mE+iNDlKIjF9AjmXZTPimbzL/Y3qOT/caLq3uTcjjU38PyQA7TPRie6
QxKROz2czFX2bw3L8fZowtFRpqUM4jZgFw78ZfCvsi76
-----END CERTIFICATE-----