Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/aCmgWGJPA8mNHJTGfEz1N2lEQd0.roa
File:                     aCmgWGJPA8mNHJTGfEz1N2lEQd0.roa (raw, json)
Hash identifier:          krKcVJOE80vnYIwwDEzEmHbRWWK4Rh+nI1zrdSqwH4c=
Subject key identifier:   68:29:A0:58:62:4F:03:C9:8D:1C:94:C6:7C:4C:F5:37:69:44:41:DD
Certificate issuer:       /CN=9cce3b1197d0cf9511540572a58fd372dcc07489
Certificate serial:       018CC86F1406457F137F790412B82C8AE219
Authority key identifier: 9C:CE:3B:11:97:D0:CF:95:11:54:05:72:A5:8F:D3:72:DC:C0:74:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/aCmgWGJPA8mNHJTGfEz1N2lEQd0.roa
Signing time:             Tue 02 Jan 2024 04:29:31 +0000
ROA not before:           Tue 02 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212830
IP address blocks:        217.67.164.0/24 maxlen: 24
                          217.67.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:14:06:45:7f:13:7f:79:04:12:b8:2c:8a:e2:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cce3b1197d0cf9511540572a58fd372dcc07489
        Validity
            Not Before: Jan  2 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6829a058624f03c98d1c94c67c4cf537694441dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:be:1a:01:4c:c6:3e:51:94:ca:fe:c6:34:9b:
                    f1:94:1e:c3:da:80:4c:5e:9f:70:1c:16:46:14:54:
                    04:5e:b2:1f:bf:86:b4:ba:39:40:5c:52:c2:23:8d:
                    ab:d0:48:58:db:0c:8d:f8:5f:8e:96:d0:09:9a:eb:
                    4b:e2:91:f1:be:5b:34:e5:3c:df:57:03:1b:b4:23:
                    3a:14:fe:55:44:ee:67:8b:ac:da:af:52:e1:6b:5a:
                    31:d4:d3:2b:b5:e9:9d:37:c9:ac:2c:d2:16:0d:5c:
                    4c:ba:2c:4e:fd:37:43:be:47:d8:1e:27:9d:66:b4:
                    72:f6:a1:e4:4f:08:64:1a:c4:7a:d9:3f:11:79:b6:
                    3b:c2:5a:16:63:cd:14:25:45:5e:c4:bf:a3:7c:5e:
                    3d:ed:be:e3:a0:b4:9f:68:29:e5:42:e1:0e:e4:59:
                    19:8a:87:31:06:af:50:c4:68:c4:d5:e8:ac:cf:a8:
                    55:14:f5:6a:72:cc:45:b0:53:9a:82:2e:ce:ca:83:
                    61:64:20:d5:80:46:ce:58:f6:c6:4e:dd:0e:72:15:
                    94:93:a3:2a:5f:fa:d7:0b:2c:07:ff:fa:df:61:0e:
                    d8:41:83:5a:35:e9:ef:80:f1:eb:ed:ca:f8:fc:25:
                    8f:49:eb:d8:4b:2a:81:c6:be:1f:76:17:39:fe:1f:
                    e2:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:29:A0:58:62:4F:03:C9:8D:1C:94:C6:7C:4C:F5:37:69:44:41:DD
            X509v3 Authority Key Identifier:
                keyid:9C:CE:3B:11:97:D0:CF:95:11:54:05:72:A5:8F:D3:72:DC:C0:74:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/aCmgWGJPA8mNHJTGfEz1N2lEQd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.67.164.0/24
                  217.67.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:0f:0b:15:f4:4a:2f:94:43:83:01:57:fe:3d:22:ea:dd:fd:
         bb:c0:a1:77:f6:6c:a4:9d:16:2d:67:5c:7b:26:68:a4:a1:4c:
         7f:12:8d:94:35:46:53:86:ad:dd:a1:67:8f:00:05:4a:92:23:
         99:41:5b:2b:18:32:67:d5:dd:15:53:70:c9:75:1c:a4:a6:74:
         55:de:12:01:f9:db:5b:3a:ff:5a:41:29:f0:6b:07:80:db:a5:
         bd:ca:ee:f4:43:05:11:06:91:be:f6:29:3a:0c:91:9e:f4:e6:
         58:01:8f:3d:01:5b:9e:e9:cd:3d:8b:b6:d2:59:7c:e9:a0:8c:
         7b:35:e3:b7:94:a7:99:54:6c:be:de:97:7e:62:85:b4:dd:bc:
         f2:76:47:b7:03:39:5d:d9:85:d1:a4:9d:38:eb:55:17:b0:22:
         9a:48:56:3e:5f:22:18:5f:11:d5:d6:b8:71:20:44:ff:39:cd:
         5d:4e:83:51:f8:53:f2:eb:7d:6f:46:c9:a9:aa:de:41:36:43:
         3d:ed:58:88:df:b2:1d:e5:fd:7b:1c:8f:26:d8:e1:cf:97:09:
         20:2e:88:28:44:f8:ca:06:5f:ce:9b:48:86:8a:75:a9:9b:1b:
         a0:fd:e2:67:eb:0e:b4:91:61:50:ab:a2:23:0b:af:5e:b4:34:
         d2:8e:11:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIbxQGRX8Tf3kEErgsiuIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljY2UzYjExOTdkMGNmOTUxMTU0MDU3MmE1OGZkMzcyZGNj
MDc0ODkwHhcNMjQwMTAyMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODI5YTA1ODYyNGYwM2M5OGQxYzk0YzY3YzRjZjUzNzY5NDQ0MWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhb4aAUzGPlGUyv7GNJvxlB7D2oBM
Xp9wHBZGFFQEXrIfv4a0ujlAXFLCI42r0EhY2wyN+F+OltAJmutL4pHxvls05Tzf
VwMbtCM6FP5VRO5ni6zar1Lha1ox1NMrtemdN8msLNIWDVxMuixO/TdDvkfYHied
ZrRy9qHkTwhkGsR62T8RebY7wloWY80UJUVexL+jfF497b7joLSfaCnlQuEO5FkZ
iocxBq9QxGjE1eisz6hVFPVqcsxFsFOagi7OyoNhZCDVgEbOWPbGTt0OchWUk6Mq
X/rXCywH//rfYQ7YQYNaNenvgPHr7cr4/CWPSevYSyqBxr4fdhc5/h/ibwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGgpoFhiTwPJjRyUxnxM9TdpREHdMB8GA1UdIwQY
MBaAFJzOOxGX0M+VEVQFcqWP03LcwHSJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk00N0VaZlF6NVVSVkFWeXBZX1RjdHpBZElrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC80ZjIzNjctNzNmMy00ODE2LWJlYTgt
YTA0NWZmOGUyYWMwLzEvYUNtZ1dHSlBBOG1OSEpUR2ZFejFOMmxFUWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC80ZjIzNjctNzNmMy00ODE2LWJlYTgtYTA0NWZmOGUyYWMw
LzEvbk00N0VaZlF6NVVSVkFWeXBZX1RjdHpBZElrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2UOkAwQC
2UOsMA0GCSqGSIb3DQEBCwUAA4IBAQBcDwsV9EovlEODAVf+PSLq3f27wKF39myk
nRYtZ1x7JmikoUx/Eo2UNUZThq3doWePAAVKkiOZQVsrGDJn1d0VU3DJdRykpnRV
3hIB+dtbOv9aQSnwaweA26W9yu70QwURBpG+9ik6DJGe9OZYAY89AVue6c09i7bS
WXzpoIx7NeO3lKeZVGy+3pd+YoW03bzydke3Azld2YXRpJ0461UXsCKaSFY+XyIY
XxHV1rhxIET/Oc1dToNR+FPy631vRsmpqt5BNkM97ViI37Id5f17HI8m2OHPlwkg
LogoRPjKBl/Om0iGinWpmxug/eJn6w60kWFQq6IjC69etDTSjhGA
-----END CERTIFICATE-----