Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/jNvXIKGEY9DMzzkl_0pImED3CNs.roa
File:                     jNvXIKGEY9DMzzkl_0pImED3CNs.roa (raw, json)
Hash identifier:          ja1Gb1SU//1Xngs4cExQjqLfANOebN8GXSE50r/SbVg=
Subject key identifier:   8C:DB:D7:20:A1:84:63:D0:CC:CF:39:25:FF:4A:48:98:40:F7:08:DB
Certificate issuer:       /CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
Certificate serial:       018CC80170E2010CA46DD128460E6C8030E3
Authority key identifier: 17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/jNvXIKGEY9DMzzkl_0pImED3CNs.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42000
IP address blocks:        217.11.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:70:e2:01:0c:a4:6d:d1:28:46:0e:6c:80:30:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cdbd720a18463d0cccf3925ff4a489840f708db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e5:a1:e9:6c:28:70:ad:1e:b8:5a:8d:86:6e:
                    52:16:86:b8:85:27:f2:42:fa:7b:cc:80:22:a3:f1:
                    bf:dd:98:8c:37:72:89:90:72:d8:79:2d:31:14:a1:
                    c8:a2:84:da:39:b0:16:ac:7a:cb:10:56:16:75:83:
                    dc:e8:3b:45:56:cc:dc:57:d5:a8:8a:41:2d:b5:09:
                    89:14:d8:25:42:0e:b3:b6:29:07:55:a8:6a:de:ba:
                    a0:e9:35:b5:84:3f:ba:c6:7d:79:6c:d0:f1:7c:38:
                    32:69:80:0b:35:68:5e:05:9d:ca:7f:ef:97:5c:98:
                    10:b0:32:ca:ec:17:b9:f3:a7:f2:7d:10:37:b4:83:
                    5f:76:08:65:b6:90:10:ab:fb:32:25:a1:e2:02:e4:
                    c2:89:83:b9:2c:2a:03:81:7f:c7:e7:8f:87:61:85:
                    a0:01:58:92:2c:69:73:5f:c4:4b:a0:52:34:c9:c3:
                    71:8b:3b:06:3c:dc:da:72:c6:96:ea:b8:f5:65:cb:
                    b1:59:c5:07:37:7e:bb:ab:f9:43:ed:5b:99:ae:78:
                    66:a4:94:6c:15:ef:94:84:d8:53:f9:2d:99:c4:0e:
                    47:cc:3f:07:7b:e9:26:0f:4c:2e:3c:6f:67:fb:e3:
                    36:99:1a:d1:5b:42:76:c8:b1:ef:f3:a5:70:3b:3e:
                    14:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DB:D7:20:A1:84:63:D0:CC:CF:39:25:FF:4A:48:98:40:F7:08:DB
            X509v3 Authority Key Identifier:
                keyid:17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/jNvXIKGEY9DMzzkl_0pImED3CNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.11.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:57:aa:cd:b6:57:95:12:c0:43:fc:18:52:77:96:1e:0c:64:
         e8:00:5a:38:e1:f5:72:a8:f3:7e:87:23:6f:f0:48:24:3d:b4:
         35:63:1d:55:74:43:cf:ff:30:a3:40:bf:95:70:67:8d:77:bd:
         dc:61:69:85:d3:86:0a:5b:b6:45:62:95:1f:38:28:3d:92:78:
         52:7d:94:f4:eb:32:a0:8d:43:77:a7:45:2d:be:89:48:99:6c:
         27:95:67:6f:d1:e0:ef:34:16:36:f1:90:49:84:e7:fa:91:32:
         ce:db:14:99:b2:51:a6:48:2c:25:e6:ef:0d:65:af:67:c7:83:
         18:60:d9:d2:ca:79:e1:a6:6f:cc:0d:dd:46:12:be:3f:94:17:
         70:2d:05:38:3c:0e:34:8e:2c:67:72:f8:32:f6:e8:49:c4:33:
         ed:39:44:2a:7b:f6:17:d8:97:32:8f:18:55:0c:65:d2:75:ea:
         4d:bb:43:32:32:0f:e8:ac:4b:d7:c0:03:17:4d:f0:6b:40:92:
         98:9e:36:8a:dc:03:f3:6e:b8:af:b2:de:9b:66:22:07:89:6c:
         ad:0a:e7:d4:73:37:ae:a6:4e:bf:71:f1:c3:77:c7:fc:07:e6:
         71:95:53:57:28:0d:44:ac:71:88:6a:8a:26:07:8a:64:2e:da:
         d8:5c:f5:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXDiAQykbdEoRg5sgDDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDg0N2Y4NjY3ZDUyZmEyY2Y5Y2Y5YWZjYzQzYTA3OTE1
NTc1Y2EwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2RiZDcyMGExODQ2M2QwY2NjZjM5MjVmZjRhNDg5ODQwZjcwOGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OWh6WwocK0euFqNhm5SFoa4hSfy
Qvp7zIAio/G/3ZiMN3KJkHLYeS0xFKHIooTaObAWrHrLEFYWdYPc6DtFVszcV9Wo
ikEttQmJFNglQg6ztikHVahq3rqg6TW1hD+6xn15bNDxfDgyaYALNWheBZ3Kf++X
XJgQsDLK7Be586fyfRA3tINfdghltpAQq/syJaHiAuTCiYO5LCoDgX/H54+HYYWg
AViSLGlzX8RLoFI0ycNxizsGPNzacsaW6rj1ZcuxWcUHN367q/lD7VuZrnhmpJRs
Fe+UhNhT+S2ZxA5HzD8He+kmD0wuPG9n++M2mRrRW0J2yLHv86VwOz4UcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzb1yChhGPQzM85Jf9KSJhA9wjbMB8GA1UdIwQY
MBaAFBdIR/hmfVL6LPnPmvzEOgeRVXXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2Ut
MTQ1NGZmZTYxODJjLzEvak52WElLR0VZOURNenprbF8wcEltRUQzQ05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2UtMTQ1NGZmZTYxODJj
LzEvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Qv1MA0G
CSqGSIb3DQEBCwUAA4IBAQBuV6rNtleVEsBD/BhSd5YeDGToAFo44fVyqPN+hyNv
8EgkPbQ1Yx1VdEPP/zCjQL+VcGeNd73cYWmF04YKW7ZFYpUfOCg9knhSfZT06zKg
jUN3p0UtvolImWwnlWdv0eDvNBY28ZBJhOf6kTLO2xSZslGmSCwl5u8NZa9nx4MY
YNnSynnhpm/MDd1GEr4/lBdwLQU4PA40jixncvgy9uhJxDPtOUQqe/YX2JcyjxhV
DGXSdepNu0MyMg/orEvXwAMXTfBrQJKYnjaK3APzbrivst6bZiIHiWytCufUczeu
pk6/cfHDd8f8B+ZxlVNXKA1ErHGIaoomB4pkLtrYXPVZ
-----END CERTIFICATE-----