Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/jP6ZFCwYWO1H8mPw6qdVLkhLRug.roa
File:                     jP6ZFCwYWO1H8mPw6qdVLkhLRug.roa (raw, json)
Hash identifier:          UpzU6p+yPBYXBOIFt3VVe0x3lQugsyWbTQBXrwCBTjw=
Subject key identifier:   8C:FE:99:14:2C:18:58:ED:47:F2:63:F0:EA:A7:55:2E:48:4B:46:E8
Certificate issuer:       /CN=700a1231d1c27a754e46ef10e92a730ae15d0f55
Certificate serial:       018CC4254B45693346E750F88D0306652335
Authority key identifier: 70:0A:12:31:D1:C2:7A:75:4E:46:EF:10:E9:2A:73:0A:E1:5D:0F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/jP6ZFCwYWO1H8mPw6qdVLkhLRug.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200862
IP address blocks:        217.11.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4b:45:69:33:46:e7:50:f8:8d:03:06:65:23:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=700a1231d1c27a754e46ef10e92a730ae15d0f55
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cfe99142c1858ed47f263f0eaa7552e484b46e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:78:ef:38:da:43:c1:cc:94:13:5c:9d:b3:49:
                    b9:71:3b:8a:de:60:47:77:23:4e:b2:5c:6f:07:36:
                    2f:68:c3:57:05:25:41:3f:76:b8:7e:9f:83:04:51:
                    84:0d:90:7d:58:4b:31:5e:e5:68:5b:5d:1f:8a:de:
                    91:a1:02:3c:2f:d2:65:b1:02:c0:69:6a:73:c2:5b:
                    d8:10:40:94:98:5a:13:7a:79:0c:de:1b:1e:be:ee:
                    70:49:83:97:8e:7c:0d:43:8f:89:87:29:15:14:e4:
                    6a:16:49:92:1c:21:7d:5a:9f:5f:6a:ea:95:e1:4b:
                    54:d7:16:68:f6:69:1f:2e:e9:42:53:e6:80:96:3f:
                    59:02:e4:cf:91:d4:d4:14:d7:7f:6c:dc:ed:13:4b:
                    d1:87:4a:f1:90:c3:7f:cd:c6:24:ae:91:2f:99:5b:
                    09:a0:6b:8e:1f:ad:d9:51:79:3f:7f:a4:90:23:81:
                    1d:f1:37:e4:42:9d:f6:4e:3d:20:c9:5d:f0:39:3c:
                    5d:10:b1:c6:a5:ad:4f:2b:ec:2b:57:d2:71:05:65:
                    05:6a:d0:70:d3:11:61:12:cf:c0:9c:57:28:14:25:
                    08:17:d2:cb:a4:eb:74:51:44:2d:ef:f0:58:59:c8:
                    3d:ca:c0:1f:de:eb:d0:fb:bb:e7:0f:ea:58:eb:39:
                    da:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:FE:99:14:2C:18:58:ED:47:F2:63:F0:EA:A7:55:2E:48:4B:46:E8
            X509v3 Authority Key Identifier:
                keyid:70:0A:12:31:D1:C2:7A:75:4E:46:EF:10:E9:2A:73:0A:E1:5D:0F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/jP6ZFCwYWO1H8mPw6qdVLkhLRug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.11.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:39:ab:1f:4b:76:9f:80:3f:76:ea:75:87:38:8d:1e:23:c3:
         5d:67:0c:50:79:e6:e3:1d:f8:92:72:40:e0:29:22:19:d1:ad:
         a1:27:02:4c:cf:c3:33:51:a3:ac:a0:d5:41:f1:0e:ec:f7:01:
         eb:90:f8:d5:2b:6a:11:58:35:88:5b:56:10:27:6f:a8:35:93:
         ea:2e:b6:ec:4e:24:4e:7d:a5:3d:b4:07:b6:67:a2:04:25:b3:
         2c:11:b0:45:2d:bc:7d:c8:3b:03:0f:c6:02:ce:67:42:c4:f7:
         e2:12:87:69:e5:8d:6c:00:34:96:b8:0b:7d:6c:9c:3a:ab:9b:
         da:bd:0d:0d:ac:54:c4:41:5e:ce:dc:c9:15:fb:f5:39:7e:22:
         4d:07:fe:da:46:ba:eb:f0:26:5d:62:70:0b:01:7b:e5:60:c3:
         bf:b0:80:40:4f:74:25:c2:33:ff:a4:c0:d4:63:3b:87:82:46:
         d7:83:11:76:ae:d0:71:08:ef:d0:2d:c5:c0:95:4c:84:a2:cc:
         7e:66:c2:05:d3:db:38:cf:10:94:98:f0:68:44:f6:bb:1c:7f:
         77:96:89:0f:4c:ff:56:e2:9d:b0:fe:d1:05:ce:18:fb:ed:cc:
         d1:85:a1:d3:c2:7a:d6:69:00:f8:2c:85:59:38:0d:32:dc:ac:
         82:19:f0:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUtFaTNG51D4jQMGZSM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMGExMjMxZDFjMjdhNzU0ZTQ2ZWYxMGU5MmE3MzBhZTE1
ZDBmNTUwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2ZlOTkxNDJjMTg1OGVkNDdmMjYzZjBlYWE3NTUyZTQ4NGI0NmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHjvONpDwcyUE1yds0m5cTuK3mBH
dyNOslxvBzYvaMNXBSVBP3a4fp+DBFGEDZB9WEsxXuVoW10fit6RoQI8L9JlsQLA
aWpzwlvYEECUmFoTenkM3hsevu5wSYOXjnwNQ4+JhykVFORqFkmSHCF9Wp9fauqV
4UtU1xZo9mkfLulCU+aAlj9ZAuTPkdTUFNd/bNztE0vRh0rxkMN/zcYkrpEvmVsJ
oGuOH63ZUXk/f6SQI4Ed8TfkQp32Tj0gyV3wOTxdELHGpa1PK+wrV9JxBWUFatBw
0xFhEs/AnFcoFCUIF9LLpOt0UUQt7/BYWcg9ysAf3uvQ+7vnD+pY6znaKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIz+mRQsGFjtR/Jj8OqnVS5IS0boMB8GA1UdIwQY
MBaAFHAKEjHRwnp1TkbvEOkqcwrhXQ9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0FvU01kSENlblZPUnU4UTZTcHpDdUZkRDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kY2MyYjQtOWRlZC00Njc4LTgzOTgt
YWI3OWEzNzg5ZjhmLzEvalA2WkZDd1lXTzFIOG1QdzZxZFZMa2hMUnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kY2MyYjQtOWRlZC00Njc4LTgzOTgtYWI3OWEzNzg5Zjhm
LzEvY0FvU01kSENlblZPUnU4UTZTcHpDdUZkRDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2QuEMA0G
CSqGSIb3DQEBCwUAA4IBAQBNOasfS3afgD926nWHOI0eI8NdZwxQeebjHfiSckDg
KSIZ0a2hJwJMz8MzUaOsoNVB8Q7s9wHrkPjVK2oRWDWIW1YQJ2+oNZPqLrbsTiRO
faU9tAe2Z6IEJbMsEbBFLbx9yDsDD8YCzmdCxPfiEodp5Y1sADSWuAt9bJw6q5va
vQ0NrFTEQV7O3MkV+/U5fiJNB/7aRrrr8CZdYnALAXvlYMO/sIBAT3QlwjP/pMDU
YzuHgkbXgxF2rtBxCO/QLcXAlUyEosx+ZsIF09s4zxCUmPBoRPa7HH93lokPTP9W
4p2w/tEFzhj77czRhaHTwnrWaQD4LIVZOA0y3KyCGfBW
-----END CERTIFICATE-----