Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/CAmHQvrBM39SmpOGchubfkztYpo.roa
File:                     CAmHQvrBM39SmpOGchubfkztYpo.roa (raw, json)
Hash identifier:          nqh8qL9zNgI3qJ9thtIPh9fzvxK+UgDTIIbqKP2f6/Q=
Subject key identifier:   08:09:87:42:FA:C1:33:7F:52:9A:93:86:72:1B:9B:7E:4C:ED:62:9A
Certificate issuer:       /CN=0bfe2b273837db41666d68a97bc7ac37dcc96f20
Certificate serial:       01921AA75C8CACF263C4F5A74A5B2A9C473E
Authority key identifier: 0B:FE:2B:27:38:37:DB:41:66:6D:68:A9:7B:C7:AC:37:DC:C9:6F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_4rJzg320FmbWipe8esN9zJbyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/CAmHQvrBM39SmpOGchubfkztYpo.roa
Signing time:             Sun 22 Sep 2024 16:53:48 +0000
ROA not before:           Sun 22 Sep 2024 16:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42013
IP address blocks:        217.147.0.0/22 maxlen: 22
                          217.147.0.0/24 maxlen: 24
                          217.147.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/C_4rJzg320FmbWipe8esN9zJbyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/C_4rJzg320FmbWipe8esN9zJbyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_4rJzg320FmbWipe8esN9zJbyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1a:a7:5c:8c:ac:f2:63:c4:f5:a7:4a:5b:2a:9c:47:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bfe2b273837db41666d68a97bc7ac37dcc96f20
        Validity
            Not Before: Sep 22 16:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08098742fac1337f529a9386721b9b7e4ced629a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0c:a2:07:f2:1b:26:56:63:41:b2:96:d3:6c:
                    a0:63:ed:ad:d8:79:0c:4d:9d:12:ed:e3:98:a9:a3:
                    a6:bf:67:d7:0f:b5:52:7d:5e:00:4a:96:8f:d5:91:
                    92:05:3f:58:da:06:9e:cd:14:2c:26:af:cd:15:14:
                    ab:e0:8c:a9:52:84:59:57:a3:92:4d:98:cc:3b:35:
                    73:53:c5:43:d4:de:38:8b:99:db:67:54:de:1e:3d:
                    d8:13:f4:62:27:84:84:f3:22:5d:b1:d4:38:51:66:
                    f6:39:24:b7:ad:ed:e2:cd:6a:a1:91:13:68:83:c3:
                    b5:9c:82:13:1d:23:5f:62:25:6a:33:83:a9:54:2d:
                    11:d6:ee:e8:70:64:74:d1:0a:26:26:7e:86:4a:35:
                    2c:7a:64:e2:f9:0d:56:f9:9a:f9:7e:9b:9f:a1:5b:
                    80:5b:c1:6c:f1:b7:61:4b:e4:ad:b8:56:b1:a3:75:
                    69:a2:74:f8:83:83:38:1b:db:9e:df:45:f2:80:f4:
                    37:d0:46:7a:84:f5:65:32:2c:93:e5:e2:51:3c:6d:
                    45:79:4d:8f:6c:a0:01:3b:5f:3e:b6:f8:b6:06:5d:
                    66:b9:97:f1:f7:48:ee:ff:09:f8:4a:80:b8:30:b3:
                    09:fb:dc:55:58:8f:4f:9f:23:02:f5:c2:89:f8:1d:
                    90:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:09:87:42:FA:C1:33:7F:52:9A:93:86:72:1B:9B:7E:4C:ED:62:9A
            X509v3 Authority Key Identifier:
                keyid:0B:FE:2B:27:38:37:DB:41:66:6D:68:A9:7B:C7:AC:37:DC:C9:6F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_4rJzg320FmbWipe8esN9zJbyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/CAmHQvrBM39SmpOGchubfkztYpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/feb927-7a83-403a-a1c1-eb1e91644f2d/1/C_4rJzg320FmbWipe8esN9zJbyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:38:05:18:0f:53:f8:e8:ea:ee:3f:13:c4:f8:d4:86:ec:df:
         e7:e8:54:49:e5:72:cc:9c:81:5c:30:f5:b4:2c:2d:93:ce:8f:
         81:11:2f:95:3a:66:de:05:06:eb:73:41:83:8c:91:8f:18:c9:
         15:fb:75:92:c5:fd:b2:c4:8c:e2:a1:8f:04:40:62:16:d7:22:
         e9:70:8d:67:fb:ae:72:38:64:ef:27:30:7a:c6:62:0d:31:c3:
         50:b0:38:4f:0a:bc:8d:d3:e2:74:3e:de:aa:11:e7:1f:50:59:
         38:a6:2b:36:74:e8:73:5d:09:a0:ed:cb:0d:55:ef:36:91:d2:
         cf:63:b3:42:4c:a8:03:16:7c:40:3b:0d:2c:06:0f:00:5b:2d:
         4f:84:07:e1:d4:97:73:22:55:65:e2:61:10:86:6a:74:8c:c0:
         c5:06:8a:bd:bb:f6:83:60:18:e7:97:e3:3c:72:8e:5e:d7:e3:
         3f:f1:61:4c:63:e3:8b:23:22:2c:18:ed:77:cc:10:b8:16:4d:
         55:89:7d:ef:3d:2a:c5:f4:87:16:b1:e4:43:3b:04:ef:69:a0:
         40:ee:65:55:87:a6:ff:c2:94:c8:a0:96:d7:db:34:fc:94:74:
         3f:74:f7:89:b9:e1:87:2e:aa:f9:e8:26:68:27:04:76:fc:0f:
         e7:c8:f9:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIap1yMrPJjxPWnSlsqnEc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZmUyYjI3MzgzN2RiNDE2NjZkNjhhOTdiYzdhYzM3ZGNj
OTZmMjAwHhcNMjQwOTIyMTY1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODA5ODc0MmZhYzEzMzdmNTI5YTkzODY3MjFiOWI3ZTRjZWQ2MjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywyiB/IbJlZjQbKW02ygY+2t2HkM
TZ0S7eOYqaOmv2fXD7VSfV4ASpaP1ZGSBT9Y2gaezRQsJq/NFRSr4IypUoRZV6OS
TZjMOzVzU8VD1N44i5nbZ1TeHj3YE/RiJ4SE8yJdsdQ4UWb2OSS3re3izWqhkRNo
g8O1nIITHSNfYiVqM4OpVC0R1u7ocGR00QomJn6GSjUsemTi+Q1W+Zr5fpufoVuA
W8Fs8bdhS+StuFaxo3VponT4g4M4G9ue30XygPQ30EZ6hPVlMiyT5eJRPG1FeU2P
bKABO18+tvi2Bl1muZfx90ju/wn4SoC4MLMJ+9xVWI9PnyMC9cKJ+B2QqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgJh0L6wTN/UpqThnIbm35M7WKaMB8GA1UdIwQY
MBaAFAv+Kyc4N9tBZm1oqXvHrDfcyW8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ180ckp6ZzMyMEZtYldpcGU4ZXNOOXpKYnlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9mZWI5MjctN2E4My00MDNhLWExYzEt
ZWIxZTkxNjQ0ZjJkLzEvQ0FtSFF2ckJNMzlTbXBPR2NodWJma3p0WXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9mZWI5MjctN2E4My00MDNhLWExYzEtZWIxZTkxNjQ0ZjJk
LzEvQ180ckp6ZzMyMEZtYldpcGU4ZXNOOXpKYnlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZMAMA0G
CSqGSIb3DQEBCwUAA4IBAQAIOAUYD1P46OruPxPE+NSG7N/n6FRJ5XLMnIFcMPW0
LC2Tzo+BES+VOmbeBQbrc0GDjJGPGMkV+3WSxf2yxIzioY8EQGIW1yLpcI1n+65y
OGTvJzB6xmINMcNQsDhPCryN0+J0Pt6qEecfUFk4pis2dOhzXQmg7csNVe82kdLP
Y7NCTKgDFnxAOw0sBg8AWy1PhAfh1JdzIlVl4mEQhmp0jMDFBoq9u/aDYBjnl+M8
co5e1+M/8WFMY+OLIyIsGO13zBC4Fk1ViX3vPSrF9IcWseRDOwTvaaBA7mVVh6b/
wpTIoJbX2zT8lHQ/dPeJueGHLqr56CZoJwR2/A/nyPms
-----END CERTIFICATE-----