Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8AuhcfEEKRYItTQR2Jzn24jpH0Q.roa
File:                     8AuhcfEEKRYItTQR2Jzn24jpH0Q.roa (raw, json)
Hash identifier:          UpDWF5Jm47svdTCLuOJWo29C9tGMJFSEL2+I7wUYfO0=
Subject key identifier:   F0:0B:A1:71:F1:04:29:16:08:B5:34:11:D8:9C:E7:DB:88:E9:1F:44
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC50034FA311348CBD273C45C55D31C71
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8AuhcfEEKRYItTQR2Jzn24jpH0Q.roa
Signing time:             Mon 01 Jan 2024 12:29:34 +0000
ROA not before:           Mon 01 Jan 2024 12:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        91.216.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:34:fa:31:13:48:cb:d2:73:c4:5c:55:d3:1c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f00ba171f104291608b53411d89ce7db88e91f44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:81:8a:76:71:dd:bd:36:8d:ff:83:f0:c0:b3:
                    3e:c8:96:a2:e5:cf:7f:af:fe:5f:0c:be:10:fa:c3:
                    56:14:01:0d:cb:27:eb:96:ab:ff:1a:01:cc:c1:12:
                    4b:b6:a1:ca:e2:15:6b:e6:6c:a6:64:64:d1:ce:90:
                    d2:75:58:48:72:30:0d:1c:20:8e:75:c4:70:59:eb:
                    17:89:41:48:7c:3f:86:40:9b:56:3d:69:c0:89:83:
                    d0:0d:c3:33:4c:5d:b0:98:df:e1:a9:93:16:9f:a8:
                    b8:2c:93:18:23:b0:3b:07:12:47:42:09:11:8f:fe:
                    5a:2d:56:ae:49:f8:34:fa:fb:3f:50:61:00:4b:39:
                    e3:5b:8b:2e:7b:8c:53:27:3c:f6:12:61:96:a8:e5:
                    70:4c:6d:eb:64:d2:51:48:d7:0b:71:35:ed:f8:06:
                    60:6b:c6:6c:d3:7b:7d:d9:d5:10:2a:14:ed:d2:f3:
                    f7:5b:2f:75:aa:32:27:d2:f6:78:e2:c0:5f:a6:bf:
                    0a:6a:b5:1e:ae:68:27:3f:08:b7:c2:67:3c:87:97:
                    df:ea:6a:04:99:bb:28:da:3d:d7:73:40:02:44:12:
                    aa:ee:1a:7d:d6:85:51:57:20:c3:7c:6c:f1:ae:71:
                    a5:cd:dd:71:67:bf:a4:72:fc:c7:e0:95:3f:f0:33:
                    4b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:0B:A1:71:F1:04:29:16:08:B5:34:11:D8:9C:E7:DB:88:E9:1F:44
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8AuhcfEEKRYItTQR2Jzn24jpH0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:70:53:12:ee:1d:e4:0f:cc:a6:5a:ce:9b:c2:cc:c8:e7:68:
         57:85:ef:59:fd:ac:65:2c:cb:de:d3:0b:5c:ac:92:0a:7c:0f:
         f4:8e:08:4d:81:d2:c0:7d:5c:9a:10:6b:6d:75:75:9d:b3:17:
         8f:04:6f:1c:ae:d3:b1:ae:08:5a:84:eb:b6:ec:1d:91:1b:f5:
         32:04:31:8e:b9:94:61:b2:ad:a1:d0:dd:41:cf:d1:97:a4:c2:
         86:f3:80:3d:13:cc:7a:9b:75:8c:bd:f6:12:2e:22:c3:df:5c:
         87:3e:c8:6b:dc:5c:a4:01:0a:12:f0:49:dd:ce:a4:8f:ba:84:
         a7:72:d7:b8:c2:0f:45:b3:76:31:0d:46:1a:39:23:bb:6d:45:
         f9:47:10:30:15:f9:cc:78:f9:43:ca:e6:00:2c:43:01:22:d3:
         15:cf:18:62:20:de:40:e6:f3:a6:a0:5a:e3:13:6a:77:2a:f6:
         e5:32:c7:6c:10:35:1d:91:52:1e:1d:85:ce:26:54:bd:31:d7:
         87:5e:3d:11:77:7b:a4:92:62:09:db:72:29:cd:14:74:1f:61:
         72:97:88:de:ba:e6:19:22:53:6a:12:48:84:f9:6a:85:40:d1:
         47:94:39:02:23:15:79:11:8f:34:f7:e8:86:eb:a2:42:63:84:
         63:e5:4e:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADT6MRNIy9JzxFxV0xxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDBiYTE3MWYxMDQyOTE2MDhiNTM0MTFkODljZTdkYjg4ZTkxZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIGKdnHdvTaN/4PwwLM+yJai5c9/
r/5fDL4Q+sNWFAENyyfrlqv/GgHMwRJLtqHK4hVr5mymZGTRzpDSdVhIcjANHCCO
dcRwWesXiUFIfD+GQJtWPWnAiYPQDcMzTF2wmN/hqZMWn6i4LJMYI7A7BxJHQgkR
j/5aLVauSfg0+vs/UGEASznjW4sue4xTJzz2EmGWqOVwTG3rZNJRSNcLcTXt+AZg
a8Zs03t92dUQKhTt0vP3Wy91qjIn0vZ44sBfpr8KarUermgnPwi3wmc8h5ff6moE
mbso2j3Xc0ACRBKq7hp91oVRVyDDfGzxrnGlzd1xZ7+kcvzH4JU/8DNLpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPALoXHxBCkWCLU0Edic59uI6R9EMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvOEF1aGNmRUVLUllJdFRRUjJKem4yNGpwSDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jXMA0G
CSqGSIb3DQEBCwUAA4IBAQArcFMS7h3kD8ymWs6bwszI52hXhe9Z/axlLMve0wtc
rJIKfA/0jghNgdLAfVyaEGttdXWdsxePBG8crtOxrghahOu27B2RG/UyBDGOuZRh
sq2h0N1Bz9GXpMKG84A9E8x6m3WMvfYSLiLD31yHPshr3FykAQoS8EndzqSPuoSn
cte4wg9Fs3YxDUYaOSO7bUX5RxAwFfnMePlDyuYALEMBItMVzxhiIN5A5vOmoFrj
E2p3KvblMsdsEDUdkVIeHYXOJlS9MdeHXj0Rd3ukkmIJ23IpzRR0H2Fyl4jeuuYZ
IlNqEkiE+WqFQNFHlDkCIxV5EY809+iG66JCY4Rj5U6A
-----END CERTIFICATE-----