Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/Hs8ZeDvQ4JDT_G1y4im9B17Y1dQ.roa
File:                     Hs8ZeDvQ4JDT_G1y4im9B17Y1dQ.roa (raw, json)
Hash identifier:          Xsaz2s1ck+eCxBftiChB3zU7TEsM+LP6oiX6P/9gdag=
Subject key identifier:   1E:CF:19:78:3B:D0:E0:90:D3:FC:6D:72:E2:29:BD:07:5E:D8:D5:D4
Certificate issuer:       /CN=ca91c42dfa6afbc11e78ee9de2e785f8a20b5043
Certificate serial:       018CC348E632D8FF7C63C9A7D713C81D60E3
Authority key identifier: CA:91:C4:2D:FA:6A:FB:C1:1E:78:EE:9D:E2:E7:85:F8:A2:0B:50:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/Hs8ZeDvQ4JDT_G1y4im9B17Y1dQ.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        217.147.192.0/22 maxlen: 22
                          217.147.196.0/22 maxlen: 22
                          217.147.200.0/22 maxlen: 22
                          217.147.200.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e6:32:d8:ff:7c:63:c9:a7:d7:13:c8:1d:60:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca91c42dfa6afbc11e78ee9de2e785f8a20b5043
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ecf19783bd0e090d3fc6d72e229bd075ed8d5d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a6:9a:63:1a:41:8a:cc:8e:65:91:8d:11:3e:
                    a6:eb:88:0b:82:9d:ee:fd:70:b1:e5:50:85:dc:6f:
                    b2:b6:d1:d7:36:9a:7a:3f:5b:38:9e:fc:32:97:72:
                    02:f4:66:6c:51:42:1a:f9:ec:22:fa:24:60:ca:03:
                    b8:46:ce:b9:c2:1f:d0:0d:31:4c:f5:58:ce:88:5d:
                    30:92:c3:5c:44:31:bc:ef:ac:24:2f:b5:6e:34:9f:
                    47:3b:54:87:34:af:74:4c:07:30:34:23:b9:82:78:
                    d3:e0:46:34:c8:58:4b:1b:01:fb:a3:13:0c:c7:dd:
                    b5:2f:e5:4d:9b:be:28:3c:bd:3a:36:08:f6:a9:64:
                    76:7a:1d:a1:d2:ae:1b:9d:e0:ee:73:85:53:ca:9e:
                    4a:a4:51:cf:e4:ab:d3:69:17:bc:c6:b8:a0:26:99:
                    cf:4d:3a:c8:cb:70:b7:75:67:cc:a6:4e:88:e7:3c:
                    50:0d:e7:3f:6e:ce:12:66:e8:e1:e8:b0:85:5e:31:
                    6b:95:1a:91:b5:df:03:1c:c8:75:f4:81:ba:e7:23:
                    36:1a:fc:c4:94:38:a6:b2:b9:93:db:40:4f:81:82:
                    55:bf:4c:98:ee:ee:92:22:14:e9:89:6c:1a:04:f3:
                    13:23:a9:9c:9b:ee:15:9c:2d:c3:37:3d:01:33:a1:
                    e6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CF:19:78:3B:D0:E0:90:D3:FC:6D:72:E2:29:BD:07:5E:D8:D5:D4
            X509v3 Authority Key Identifier:
                keyid:CA:91:C4:2D:FA:6A:FB:C1:1E:78:EE:9D:E2:E7:85:F8:A2:0B:50:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/Hs8ZeDvQ4JDT_G1y4im9B17Y1dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.192.0-217.147.203.255

    Signature Algorithm: sha256WithRSAEncryption
         8d:66:97:96:f2:af:3d:4c:a3:fc:19:43:7b:9e:7d:ea:8e:fa:
         9e:a7:6c:44:89:42:0c:0c:a8:5c:31:8d:ab:a2:ad:5c:08:cd:
         65:d0:c6:07:8d:2b:3c:b3:b9:9c:58:f3:7d:74:ae:6d:cf:13:
         95:1f:e4:d2:dc:e7:8f:a4:85:80:a4:e4:8c:09:c7:38:65:cc:
         2f:45:8c:df:21:bb:f2:eb:e4:ba:03:4b:e5:f5:4f:f3:de:75:
         dd:72:ee:11:98:2b:19:da:98:24:e1:36:fe:d0:20:ff:4d:69:
         f6:57:d6:a1:66:f7:1f:65:93:72:44:0b:e0:16:6c:71:76:25:
         a8:69:4a:f9:b8:1b:b7:a6:43:13:65:b2:02:05:c8:3a:c6:63:
         d4:ef:e4:0c:c0:81:af:2d:13:3b:b1:41:8a:16:a2:1d:0b:96:
         91:84:f8:16:3a:9f:38:da:f9:c8:cb:ab:a7:dd:d1:40:4b:ec:
         6f:b9:6e:ee:39:b1:43:0e:5b:83:16:37:9b:6b:e5:5e:1d:cf:
         f3:c4:6b:93:4d:39:03:de:c6:06:04:7e:d2:aa:52:c8:f9:75:
         6c:b2:2a:39:a5:38:fe:37:12:dd:d4:a0:c7:0a:5f:02:f7:54:
         d9:31:03:10:33:d3:28:b8:e3:c0:dc:40:5c:f3:16:22:f9:08:
         01:79:1c:54
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSOYy2P98Y8mn1xPIHWDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTFjNDJkZmE2YWZiYzExZTc4ZWU5ZGUyZTc4NWY4YTIw
YjUwNDMwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWNmMTk3ODNiZDBlMDkwZDNmYzZkNzJlMjI5YmQwNzVlZDhkNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaaaYxpBisyOZZGNET6m64gLgp3u
/XCx5VCF3G+yttHXNpp6P1s4nvwyl3IC9GZsUUIa+ewi+iRgygO4Rs65wh/QDTFM
9VjOiF0wksNcRDG876wkL7VuNJ9HO1SHNK90TAcwNCO5gnjT4EY0yFhLGwH7oxMM
x921L+VNm74oPL06Ngj2qWR2eh2h0q4bneDuc4VTyp5KpFHP5KvTaRe8xrigJpnP
TTrIy3C3dWfMpk6I5zxQDec/bs4SZujh6LCFXjFrlRqRtd8DHMh19IG65yM2GvzE
lDimsrmT20BPgYJVv0yY7u6SIhTpiWwaBPMTI6mcm+4VnC3DNz0BM6HmsQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFB7PGXg70OCQ0/xtcuIpvQde2NXUMB8GA1UdIwQY
MBaAFMqRxC36avvBHnjuneLnhfiiC1BDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBIRUxmcHEtOEVlZU82ZDR1ZUYtS0lMVUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84NTFlODQtMmYxYS00Yzc3LWIxZjIt
ZDU4NjUwNDFhMTRmLzEvSHM4WmVEdlE0SkRUX0cxeTRpbTlCMTdZMWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84NTFlODQtMmYxYS00Yzc3LWIxZjItZDU4NjUwNDFhMTRm
LzEveXBIRUxmcHEtOEVlZU82ZDR1ZUYtS0lMVUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAbZk8AD
BALZk8gwDQYJKoZIhvcNAQELBQADggEBAI1ml5byrz1Mo/wZQ3uefeqO+p6nbESJ
QgwMqFwxjauirVwIzWXQxgeNKzyzuZxY8310rm3PE5Uf5NLc54+khYCk5IwJxzhl
zC9FjN8hu/Lr5LoDS+X1T/Pedd1y7hGYKxnamCThNv7QIP9NafZX1qFm9x9lk3JE
C+AWbHF2JahpSvm4G7emQxNlsgIFyDrGY9Tv5AzAga8tEzuxQYoWoh0LlpGE+BY6
nzja+cjLq6fd0UBL7G+5bu45sUMOW4MWN5tr5V4dz/PEa5NNOQPexgYEftKqUsj5
dWyyKjmlOP43Et3UoMcKXwL3VNkxAxAz0yi448DcQFzzFiL5CAF5HFQ=
-----END CERTIFICATE-----