Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/00KltQLCw3b1regGPrgMFa8rcxY.roa
File:                     00KltQLCw3b1regGPrgMFa8rcxY.roa (raw, json)
Hash identifier:          k1vAJCU4i9X14XvPn6z2ZrUu0g4pBcJXURe19Bhc7AI=
Subject key identifier:   D3:42:A5:B5:02:C2:C3:76:F5:AD:E8:06:3E:B8:0C:15:AF:2B:73:16
Certificate issuer:       /CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
Certificate serial:       018CC500185B2D97635BCA93F78667978108
Authority key identifier: 20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/00KltQLCw3b1regGPrgMFa8rcxY.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210573
IP address blocks:        156.17.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:18:5b:2d:97:63:5b:ca:93:f7:86:67:97:81:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d342a5b502c2c376f5ade8063eb80c15af2b7316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4d:de:66:ba:6f:7c:98:78:63:2a:c5:af:41:
                    31:33:25:c3:89:f8:cc:45:4b:38:b9:0a:fd:28:63:
                    7c:46:04:7e:89:27:66:37:95:12:12:09:88:fd:54:
                    ea:47:76:24:74:c3:b2:6d:d1:34:f0:13:9b:54:68:
                    f6:5b:d4:ac:f2:8c:a1:e7:1a:12:54:8a:24:3e:47:
                    44:e1:93:b5:49:56:76:80:ce:93:63:9e:56:1b:0f:
                    74:d2:eb:7e:a2:16:bf:c1:9f:8e:fd:da:1f:39:c0:
                    2b:8a:e3:27:b0:27:d1:b1:df:ee:7b:1d:83:4c:63:
                    3c:44:fd:6c:a0:3d:4b:3c:bd:3a:53:ad:47:c2:5a:
                    c6:16:10:56:2b:ed:c4:63:4c:1b:ef:90:4b:67:d2:
                    99:b3:4f:8a:da:d0:c3:40:de:82:c0:42:d6:54:c7:
                    0b:09:de:49:67:ea:e0:da:67:71:5d:f2:45:e9:ec:
                    5a:f3:9a:50:6b:5c:7b:84:05:79:74:6d:6f:ea:d0:
                    8a:a6:74:90:f4:b7:55:ac:f6:f8:7e:b8:12:73:90:
                    3f:e6:c9:f8:f2:f2:21:7d:5e:cf:54:3f:56:08:e3:
                    7b:80:cb:94:be:96:4c:7f:c8:b9:aa:8d:01:58:c6:
                    e9:43:b5:94:6f:c8:e6:b0:a9:e9:45:d9:2b:6b:d8:
                    71:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:42:A5:B5:02:C2:C3:76:F5:AD:E8:06:3E:B8:0C:15:AF:2B:73:16
            X509v3 Authority Key Identifier:
                keyid:20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/00KltQLCw3b1regGPrgMFa8rcxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.17.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:88:e3:87:c5:7d:cb:98:98:2a:da:89:27:65:e5:49:30:55:
         bc:26:de:0e:64:ad:79:15:46:41:e9:b4:eb:c5:65:c9:40:ee:
         d8:32:b0:c0:18:b5:d4:b0:fe:cb:38:42:57:6f:83:ef:57:29:
         42:10:39:53:54:b8:9f:5f:9d:53:ef:fc:ff:3f:17:04:bd:4e:
         5e:c8:1b:65:da:04:e0:5e:7d:7e:44:49:58:01:8d:2b:53:f4:
         32:c5:fb:65:46:30:85:a1:55:72:dd:2c:13:ab:d5:ae:a9:f9:
         14:98:97:30:47:85:44:61:bb:26:a6:2f:3c:75:9e:de:17:8a:
         95:c5:e9:e4:c0:c6:3a:95:9b:c3:f8:b9:6e:d4:bb:88:87:c2:
         5e:09:c1:80:5c:b8:a6:a0:88:b9:96:22:50:c7:93:78:5c:fd:
         47:ba:bf:ff:49:c7:37:e1:0c:81:55:f2:00:b9:9e:79:21:1b:
         12:ff:5c:c6:96:ae:84:67:5f:3f:19:7f:18:60:14:b1:a7:8e:
         ad:22:f2:54:3c:4a:47:8b:f3:13:0e:b8:e9:c5:d3:14:be:88:
         f0:5d:05:10:67:31:fe:14:dd:60:fb:6f:69:d1:c0:a0:ab:e7:
         08:fa:95:98:97:70:81:7b:eb:76:4c:eb:bf:bb:fb:be:c6:19:
         ca:d9:92:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABhbLZdjW8qT94Znl4EIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMmY0YzFhMzdlOTMxM2NkZDJlZWE3NzUwYWUwMjhkMThj
ZDVhYWUwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzQyYTViNTAyYzJjMzc2ZjVhZGU4MDYzZWI4MGMxNWFmMmI3MzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiU3eZrpvfJh4YyrFr0ExMyXDifjM
RUs4uQr9KGN8RgR+iSdmN5USEgmI/VTqR3YkdMOybdE08BObVGj2W9Ss8oyh5xoS
VIokPkdE4ZO1SVZ2gM6TY55WGw900ut+oha/wZ+O/dofOcAriuMnsCfRsd/uex2D
TGM8RP1soD1LPL06U61HwlrGFhBWK+3EY0wb75BLZ9KZs0+K2tDDQN6CwELWVMcL
Cd5JZ+rg2mdxXfJF6exa85pQa1x7hAV5dG1v6tCKpnSQ9LdVrPb4frgSc5A/5sn4
8vIhfV7PVD9WCON7gMuUvpZMf8i5qo0BWMbpQ7WUb8jmsKnpRdkra9hxQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNCpbUCwsN29a3oBj64DBWvK3MWMB8GA1UdIwQY
MBaAFCAvTBo36TE83S7qd1CuAo0YzVquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEt
ZjZiNzhlMmIxN2ExLzEvMDBLbHRRTEN3M2IxcmVnR1ByZ01GYThyY3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEtZjZiNzhlMmIxN2Ex
LzEvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnBHXMA0G
CSqGSIb3DQEBCwUAA4IBAQC9iOOHxX3LmJgq2oknZeVJMFW8Jt4OZK15FUZB6bTr
xWXJQO7YMrDAGLXUsP7LOEJXb4PvVylCEDlTVLifX51T7/z/PxcEvU5eyBtl2gTg
Xn1+RElYAY0rU/QyxftlRjCFoVVy3SwTq9WuqfkUmJcwR4VEYbsmpi88dZ7eF4qV
xenkwMY6lZvD+Llu1LuIh8JeCcGAXLimoIi5liJQx5N4XP1Hur//Scc34QyBVfIA
uZ55IRsS/1zGlq6EZ18/GX8YYBSxp46tIvJUPEpHi/MTDrjpxdMUvojwXQUQZzH+
FN1g+29p0cCgq+cI+pWYl3CBe+t2TOu/u/u+xhnK2ZLX
-----END CERTIFICATE-----