Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/H2Wtq6LUC566NYH5syIAD-N68rY.roa
File:                     H2Wtq6LUC566NYH5syIAD-N68rY.roa (raw, json)
Hash identifier:          Y2ntkASUq0B16l7Z5TCtJhvdZxSFw5md39JpNR5AaGo=
Subject key identifier:   1F:65:AD:AB:A2:D4:0B:9E:BA:35:81:F9:B3:22:00:0F:E3:7A:F2:B6
Certificate issuer:       /CN=617cd8d48b5d15667bf131396d4a6c59d7d167c0
Certificate serial:       018CC424850764E4ED118634A74934AE595A
Authority key identifier: 61:7C:D8:D4:8B:5D:15:66:7B:F1:31:39:6D:4A:6C:59:D7:D1:67:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/H2Wtq6LUC566NYH5syIAD-N68rY.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211316
IP address blocks:        147.12.16.0/20 maxlen: 24
                          185.101.196.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:85:07:64:e4:ed:11:86:34:a7:49:34:ae:59:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=617cd8d48b5d15667bf131396d4a6c59d7d167c0
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f65adaba2d40b9eba3581f9b322000fe37af2b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d2:ed:13:3c:d2:e2:08:55:c8:5d:fa:a2:55:
                    26:45:af:ad:a7:08:92:52:90:e6:9e:3b:11:3e:bc:
                    95:bf:74:68:72:ce:e3:94:70:9b:2d:b1:9b:48:24:
                    a0:e5:5a:09:62:44:c5:ab:ce:9a:9e:55:2f:4e:07:
                    12:40:58:69:52:0d:0a:da:8a:8a:14:7b:12:5a:99:
                    8a:03:e5:c6:02:46:22:b8:25:d2:ff:9f:ce:fe:82:
                    ff:4b:5a:e3:eb:ef:d0:6f:dd:b7:2b:6f:21:fa:1b:
                    db:73:9c:b4:d6:52:24:4e:3b:38:ab:47:c6:34:04:
                    db:6e:04:45:6b:ff:48:8d:40:a4:df:ba:79:5c:a0:
                    21:18:fd:44:ab:7d:e3:ea:4a:d5:2b:5c:21:5f:88:
                    c9:1a:de:5a:04:83:64:7f:6f:5f:cc:7a:33:a1:9c:
                    4f:93:2b:07:52:47:45:fd:4f:70:2b:49:7b:66:17:
                    31:4f:1b:9d:91:c2:c2:a6:23:7a:66:31:e2:76:48:
                    e1:65:2b:55:d8:41:6c:d9:69:60:42:a5:a9:36:66:
                    64:cb:2f:6c:9b:aa:33:e4:5b:ef:b1:d5:e6:41:3d:
                    15:34:8d:1f:f4:bd:56:c5:f5:86:09:c3:bf:52:bf:
                    96:0d:7c:f6:a2:0c:0b:3c:17:44:81:24:e9:06:e3:
                    86:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:65:AD:AB:A2:D4:0B:9E:BA:35:81:F9:B3:22:00:0F:E3:7A:F2:B6
            X509v3 Authority Key Identifier:
                keyid:61:7C:D8:D4:8B:5D:15:66:7B:F1:31:39:6D:4A:6C:59:D7:D1:67:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/H2Wtq6LUC566NYH5syIAD-N68rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/105e23-6ce6-4ce0-93fa-bf6e97ddd079/1/YXzY1ItdFWZ78TE5bUpsWdfRZ8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.12.16.0/20
                  185.101.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:9c:96:84:12:70:81:9d:09:0e:ce:33:ff:9c:1b:4a:15:62:
         6d:62:38:6e:f4:c7:a4:93:44:bf:60:f0:49:3c:a9:e3:f2:87:
         56:c2:f2:79:10:24:2a:1b:05:a2:c5:24:86:d3:8b:1e:bc:99:
         a2:e7:28:25:26:74:37:f1:1b:6d:5c:b9:88:65:7b:5d:b3:f5:
         2c:d0:e7:4e:2f:03:59:ac:1c:b3:a8:7c:2e:ae:32:83:e6:ad:
         ac:c2:8e:5c:0a:b9:e8:ba:33:43:99:1a:6b:54:b0:5b:eb:af:
         53:89:9c:c6:93:87:92:3f:4a:ea:52:dc:44:78:9c:60:87:28:
         92:01:7a:0f:35:0e:2e:96:a5:ff:b5:95:55:97:3b:1e:1f:5c:
         ac:cd:25:5f:25:7f:dc:9d:e2:3a:c9:54:51:41:c7:d7:c5:ed:
         83:95:cd:f2:9b:e6:81:1a:ba:1f:cd:cd:7f:1f:10:b3:09:79:
         b7:3c:47:19:db:0c:5b:7d:4e:b7:29:29:18:52:0e:19:6d:5f:
         9c:f9:8f:da:5e:de:32:c5:b3:52:df:f0:92:f3:87:45:2d:30:
         fc:1c:69:0a:37:09:60:31:ad:dc:be:7f:6d:b7:79:f3:02:60:
         58:9f:39:9c:79:20:c1:f0:97:8c:82:59:f1:24:f1:5e:e5:b8:
         d0:d4:29:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJIUHZOTtEYY0p0k0rllaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxN2NkOGQ0OGI1ZDE1NjY3YmYxMzEzOTZkNGE2YzU5ZDdk
MTY3YzAwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjY1YWRhYmEyZDQwYjllYmEzNTgxZjliMzIyMDAwZmUzN2FmMmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNLtEzzS4ghVyF36olUmRa+tpwiS
UpDmnjsRPryVv3Rocs7jlHCbLbGbSCSg5VoJYkTFq86anlUvTgcSQFhpUg0K2oqK
FHsSWpmKA+XGAkYiuCXS/5/O/oL/S1rj6+/Qb923K28h+hvbc5y01lIkTjs4q0fG
NATbbgRFa/9IjUCk37p5XKAhGP1Eq33j6krVK1whX4jJGt5aBINkf29fzHozoZxP
kysHUkdF/U9wK0l7ZhcxTxudkcLCpiN6ZjHidkjhZStV2EFs2WlgQqWpNmZkyy9s
m6oz5FvvsdXmQT0VNI0f9L1WxfWGCcO/Ur+WDXz2ogwLPBdEgSTpBuOGSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB9lraui1AueujWB+bMiAA/jevK2MB8GA1UdIwQY
MBaAFGF82NSLXRVme/ExOW1KbFnX0WfAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVh6WTFJdGRGV1o3OFRFNWJVcHNXZGZSWjhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8xMDVlMjMtNmNlNi00Y2UwLTkzZmEt
YmY2ZTk3ZGRkMDc5LzEvSDJXdHE2TFVDNTY2TllINXN5SUFELU42OHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8xMDVlMjMtNmNlNi00Y2UwLTkzZmEtYmY2ZTk3ZGRkMDc5
LzEvWVh6WTFJdGRGV1o3OFRFNWJVcHNXZGZSWjhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEkwwQAwQC
uWXEMA0GCSqGSIb3DQEBCwUAA4IBAQAEnJaEEnCBnQkOzjP/nBtKFWJtYjhu9Mek
k0S/YPBJPKnj8odWwvJ5ECQqGwWixSSG04sevJmi5yglJnQ38RttXLmIZXtds/Us
0OdOLwNZrByzqHwurjKD5q2swo5cCrnoujNDmRprVLBb669TiZzGk4eSP0rqUtxE
eJxghyiSAXoPNQ4ulqX/tZVVlzseH1yszSVfJX/cneI6yVRRQcfXxe2Dlc3ym+aB
Grofzc1/HxCzCXm3PEcZ2wxbfU63KSkYUg4ZbV+c+Y/aXt4yxbNS3/CS84dFLTD8
HGkKNwlgMa3cvn9tt3nzAmBYnzmceSDB8JeMglnxJPFe5bjQ1Cmj
-----END CERTIFICATE-----