Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/xhsA_2cpMSBkV5U5o1doHhiIQ5Q.roa
File:                     xhsA_2cpMSBkV5U5o1doHhiIQ5Q.roa (raw, json)
Hash identifier:          aBd6VWvbgdBzPaWkUyrRN+6jT9dgg9xm1ZzVtI4nF+A=
Subject key identifier:   C6:1B:00:FF:67:29:31:20:64:57:95:39:A3:57:68:1E:18:88:43:94
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       018CC26D34CFAAE6F0A8CBC1795776CC19BE
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/xhsA_2cpMSBkV5U5o1doHhiIQ5Q.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211471
IP address blocks:        217.150.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:34:cf:aa:e6:f0:a8:cb:c1:79:57:76:cc:19:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c61b00ff6729312064579539a357681e18884394
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:66:66:e5:2b:fb:54:a5:27:dc:ec:c2:33:a4:
                    14:37:30:96:6c:16:0a:a1:97:17:b5:22:14:1d:b6:
                    79:f4:f4:d9:88:8f:9e:86:30:be:57:26:44:31:2d:
                    ec:31:1f:ee:62:9c:10:bf:85:1e:3a:b4:b6:ed:5e:
                    9e:8a:d2:67:d5:f2:96:00:19:d8:bf:bc:3f:8a:66:
                    93:10:36:75:b5:0e:04:02:86:ab:28:ea:5a:c0:e9:
                    15:3f:3b:0a:35:01:ee:bf:64:d1:56:ff:f2:27:68:
                    7a:58:9a:44:72:d0:3c:68:af:4b:be:72:38:16:4a:
                    0c:dc:3f:29:a5:20:a0:8d:97:d2:5a:dc:fa:7f:90:
                    5a:92:f5:a8:d7:ef:f0:c4:48:07:dd:5c:4d:97:e2:
                    14:d7:cc:0c:8d:e0:e6:ce:e6:43:4a:ae:19:97:3b:
                    d0:fd:8f:e5:d1:63:69:13:7f:e7:e7:6a:cb:7f:6c:
                    ef:71:f0:86:d6:eb:bf:61:15:66:af:10:6a:94:98:
                    a5:dd:03:fd:82:90:e1:4b:24:65:b9:73:e0:f6:2c:
                    1a:db:2a:3a:2b:ca:48:92:9e:36:71:28:36:95:7a:
                    62:ec:76:b1:27:da:71:71:d1:23:b7:2d:c6:ad:7c:
                    6c:f9:08:97:77:2d:75:ea:ca:46:ae:4e:94:39:b3:
                    c8:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1B:00:FF:67:29:31:20:64:57:95:39:A3:57:68:1E:18:88:43:94
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/xhsA_2cpMSBkV5U5o1doHhiIQ5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.150.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:cf:88:df:83:02:8d:42:6c:39:9d:1a:5d:d4:85:98:b1:d1:
         48:d0:d7:42:84:9b:5e:bc:1b:2d:7e:3d:b3:aa:87:32:f3:b0:
         38:5e:ee:ba:0e:49:aa:34:c6:5e:3a:69:44:70:93:2c:7f:ce:
         10:a1:a1:04:67:16:db:bc:57:4d:5b:dc:16:78:20:d2:79:e1:
         dc:97:50:fb:a1:26:e7:4a:e5:dd:81:9a:1c:d2:bc:11:7e:1c:
         f7:b9:f3:e0:c4:9e:31:00:3c:31:85:52:d4:bf:49:22:f0:de:
         85:c3:5a:42:25:aa:25:fe:21:f5:f9:ca:25:a2:bb:b4:cc:67:
         08:c7:b7:8c:7a:a1:82:55:60:c6:51:8b:bc:9b:9a:be:6b:93:
         66:44:47:13:85:37:c0:07:28:42:92:c6:07:f5:18:c8:27:d4:
         a6:aa:89:31:02:7c:9b:8f:60:f5:54:78:23:a5:30:7d:1a:bd:
         80:e9:28:db:14:7a:a5:a4:0d:c5:99:3a:08:55:de:bd:cc:e7:
         f3:99:03:66:c4:13:ee:b2:5a:2c:c5:a3:90:b6:e9:53:72:15:
         94:43:5d:ed:f5:09:9e:95:8c:2e:5d:41:d1:24:7b:b8:3e:63:
         45:7d:17:c0:68:23:a8:f0:2a:14:26:ab:8b:98:2f:ef:6d:da:
         92:98:db:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTTPqubwqMvBeVd2zBm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjFiMDBmZjY3MjkzMTIwNjQ1Nzk1MzlhMzU3NjgxZTE4ODg0Mzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGZm5Sv7VKUn3OzCM6QUNzCWbBYK
oZcXtSIUHbZ59PTZiI+ehjC+VyZEMS3sMR/uYpwQv4UeOrS27V6eitJn1fKWABnY
v7w/imaTEDZ1tQ4EAoarKOpawOkVPzsKNQHuv2TRVv/yJ2h6WJpEctA8aK9LvnI4
FkoM3D8ppSCgjZfSWtz6f5BakvWo1+/wxEgH3VxNl+IU18wMjeDmzuZDSq4ZlzvQ
/Y/l0WNpE3/n52rLf2zvcfCG1uu/YRVmrxBqlJil3QP9gpDhSyRluXPg9iwa2yo6
K8pIkp42cSg2lXpi7HaxJ9pxcdEjty3GrXxs+QiXdy116spGrk6UObPI8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYbAP9nKTEgZFeVOaNXaB4YiEOUMB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEveGhzQV8yY3BNU0JrVjVVNW8xZG9IaGlJUTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZbdMA0G
CSqGSIb3DQEBCwUAA4IBAQCZz4jfgwKNQmw5nRpd1IWYsdFI0NdChJtevBstfj2z
qocy87A4Xu66DkmqNMZeOmlEcJMsf84QoaEEZxbbvFdNW9wWeCDSeeHcl1D7oSbn
SuXdgZoc0rwRfhz3ufPgxJ4xADwxhVLUv0ki8N6Fw1pCJaol/iH1+coloru0zGcI
x7eMeqGCVWDGUYu8m5q+a5NmREcThTfAByhCksYH9RjIJ9SmqokxAnybj2D1VHgj
pTB9Gr2A6SjbFHqlpA3FmToIVd69zOfzmQNmxBPuslosxaOQtulTchWUQ13t9Qme
lYwuXUHRJHu4PmNFfRfAaCOo8CoUJquLmC/vbdqSmNuj
-----END CERTIFICATE-----