Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/c2MUuDUzzZkV8rFRmuLviEjlNMw.roa
File:                     c2MUuDUzzZkV8rFRmuLviEjlNMw.roa (raw, json)
Hash identifier:          npJ+xOBZaPo/STCTlfuogMd6orZyPBP2cevGFhUfKqM=
Subject key identifier:   73:63:14:B8:35:33:CD:99:15:F2:B1:51:9A:E2:EF:88:48:E5:34:CC
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       018F9065D82CB2AEE49905794C68C6AF2A62
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/c2MUuDUzzZkV8rFRmuLviEjlNMw.roa
Signing time:             Sun 19 May 2024 10:29:04 +0000
ROA not before:           Sun 19 May 2024 10:29:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197787
IP address blocks:        217.114.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:90:65:d8:2c:b2:ae:e4:99:05:79:4c:68:c6:af:2a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: May 19 10:29:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=736314b83533cd9915f2b1519ae2ef8848e534cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:11:87:05:7f:09:48:f3:3a:c2:c1:d6:1d:23:
                    ef:a7:94:62:37:95:65:52:65:bb:f7:ec:2b:be:13:
                    ea:ac:34:81:f5:86:8b:14:59:0e:78:c8:85:63:e2:
                    02:28:7a:42:a7:1c:a8:03:06:4e:3e:26:bf:2d:6b:
                    68:be:57:a6:4a:2d:e7:95:c3:85:b0:c4:65:30:1b:
                    95:3e:da:2a:84:03:b9:d7:50:8f:e3:f6:18:ae:e7:
                    19:12:5f:bc:33:1a:5c:e3:ee:02:d6:ed:48:be:d1:
                    f1:17:ea:5c:3f:53:56:fe:4f:cb:e5:06:6e:07:56:
                    cf:3c:21:fe:57:ab:61:d5:70:0e:d7:d1:91:e0:98:
                    c0:0f:f4:cd:ff:4f:d7:f9:ae:5d:76:a1:b4:ff:80:
                    cd:23:46:e7:c9:8a:ff:c0:63:d3:6e:49:4b:52:be:
                    d0:94:52:1b:4e:b5:68:ff:5d:46:e8:b0:ac:37:be:
                    33:ba:9c:95:e6:24:bf:73:ea:d4:82:4d:45:5d:8c:
                    9a:0b:d5:f0:57:16:ea:c8:66:5e:36:54:d7:5c:ca:
                    80:f6:b9:58:b8:06:e9:c3:da:4e:55:b9:be:6a:5c:
                    21:63:1d:f0:53:42:b3:3c:c4:25:ad:c2:8e:9b:54:
                    66:0d:6e:c6:19:71:ae:31:54:a7:65:45:0e:3a:3d:
                    c7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:63:14:B8:35:33:CD:99:15:F2:B1:51:9A:E2:EF:88:48:E5:34:CC
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/c2MUuDUzzZkV8rFRmuLviEjlNMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.114.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:b8:46:b2:22:53:ee:21:ba:b3:fb:60:f7:eb:c0:f0:e8:77:
         8d:90:dd:c5:d5:9c:b4:a9:5a:72:79:bd:e5:b4:96:7f:63:5c:
         13:88:28:20:90:5d:eb:60:de:ec:c4:5f:14:45:09:7f:af:7e:
         83:1d:c4:8e:b4:de:dd:aa:74:67:9b:ac:dc:4c:d0:83:17:ff:
         d8:c9:cc:b8:83:e7:ef:f5:99:1d:e4:96:30:3d:16:e3:52:42:
         7a:68:0e:f2:cf:89:38:30:a4:c8:05:8f:73:44:7f:27:70:93:
         a8:17:2d:86:97:5c:13:be:0e:95:01:80:d1:79:c5:63:d7:5e:
         08:d2:6e:34:11:6b:f2:fc:fb:18:fa:a6:29:58:38:30:a6:a8:
         97:a8:f2:e4:84:23:c7:7e:ee:42:f2:26:e6:f1:d1:11:f1:82:
         8a:49:96:3e:b1:91:99:a9:54:b1:7d:c0:d2:27:d7:5b:1e:d6:
         b5:a8:92:f9:7e:f2:a2:8f:86:05:20:0f:1d:36:a7:79:8e:a0:
         de:9c:77:fb:02:d8:51:c8:8c:a1:76:1c:95:97:0d:87:8b:a9:
         c5:ac:ba:79:d0:78:19:8c:4b:67:f4:b5:1f:10:c9:9b:37:a8:
         e6:04:7c:74:a5:28:f3:57:73:78:82:a1:f7:1e:69:0d:4e:28:
         06:fc:ce:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+QZdgssq7kmQV5TGjGrypiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQwNTE5MTAyOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzYzMTRiODM1MzNjZDk5MTVmMmIxNTE5YWUyZWY4ODQ4ZTUzNGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxGHBX8JSPM6wsHWHSPvp5RiN5Vl
UmW79+wrvhPqrDSB9YaLFFkOeMiFY+ICKHpCpxyoAwZOPia/LWtovlemSi3nlcOF
sMRlMBuVPtoqhAO511CP4/YYrucZEl+8Mxpc4+4C1u1IvtHxF+pcP1NW/k/L5QZu
B1bPPCH+V6th1XAO19GR4JjAD/TN/0/X+a5ddqG0/4DNI0bnyYr/wGPTbklLUr7Q
lFIbTrVo/11G6LCsN74zupyV5iS/c+rUgk1FXYyaC9XwVxbqyGZeNlTXXMqA9rlY
uAbpw9pOVbm+alwhYx3wU0KzPMQlrcKOm1RmDW7GGXGuMVSnZUUOOj3HnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNjFLg1M82ZFfKxUZri74hI5TTMMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvYzJNVXVEVXp6WmtWOHJGUm11THZpRWpsTk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XIuMA0G
CSqGSIb3DQEBCwUAA4IBAQBruEayIlPuIbqz+2D368Dw6HeNkN3F1Zy0qVpyeb3l
tJZ/Y1wTiCggkF3rYN7sxF8URQl/r36DHcSOtN7dqnRnm6zcTNCDF//Yycy4g+fv
9Zkd5JYwPRbjUkJ6aA7yz4k4MKTIBY9zRH8ncJOoFy2Gl1wTvg6VAYDRecVj114I
0m40EWvy/PsY+qYpWDgwpqiXqPLkhCPHfu5C8ibm8dER8YKKSZY+sZGZqVSxfcDS
J9dbHta1qJL5fvKij4YFIA8dNqd5jqDenHf7AthRyIyhdhyVlw2Hi6nFrLp50HgZ
jEtn9LUfEMmbN6jmBHx0pSjzV3N4gqH3HmkNTigG/M7P
-----END CERTIFICATE-----