Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/ThohdcEQvLa1edFnwr05Pnh8yFY.roa
File:                     ThohdcEQvLa1edFnwr05Pnh8yFY.roa (raw, json)
Hash identifier:          ABHNVLoc98frs0Og+NrmXUeiJfs4WIGEZ1B21sdN4Z0=
Subject key identifier:   4E:1A:21:75:C1:10:BC:B6:B5:79:D1:67:C2:BD:39:3E:78:7C:C8:56
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E8E28AF6B50BB0EBCD64CFB45A480
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/ThohdcEQvLa1edFnwr05Pnh8yFY.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61054
IP address blocks:        217.112.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:8e:28:af:6b:50:bb:0e:bc:d6:4c:fb:45:a4:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e1a2175c110bcb6b579d167c2bd393e787cc856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fc:26:56:83:d5:09:80:82:1d:0d:9d:b3:0b:
                    e5:f0:2d:ba:8b:a9:aa:ac:4f:53:4a:42:33:e1:f3:
                    88:cc:7c:c1:c6:2f:bb:90:72:36:2b:49:3d:3b:b8:
                    7e:15:52:25:96:8b:93:b4:ec:b7:94:61:da:6e:2d:
                    f6:d2:35:82:0a:e2:d7:b3:1a:89:ac:e2:d8:27:a1:
                    e6:13:16:d7:95:11:21:48:8a:35:c3:01:d6:de:0d:
                    25:ff:92:47:9f:2d:17:bc:4d:89:57:97:43:5f:b7:
                    6d:68:8f:a0:67:b1:dd:fd:45:c3:5a:b4:8f:d9:d6:
                    ba:9d:7b:7c:f8:8a:b8:d5:75:f9:5d:5d:56:36:a4:
                    58:0f:c7:e7:e7:d6:35:8d:a7:08:4c:93:d2:21:98:
                    d9:96:79:ab:ef:8a:69:4a:9a:d2:a1:59:88:72:06:
                    4f:62:c1:c5:4a:ff:b2:44:e1:41:9a:f1:81:5d:0f:
                    e7:95:45:9f:74:0f:d3:d0:30:13:f4:7c:96:39:80:
                    15:5b:a7:18:83:05:c9:65:e8:d1:45:15:c7:d9:44:
                    b9:a6:6d:fc:93:b0:fc:2a:c0:91:56:1f:82:80:c3:
                    21:08:a6:98:fe:1d:86:f8:dc:2e:fb:2f:8c:16:b8:
                    02:e4:09:ef:7c:e8:f1:b3:f2:eb:9f:09:7d:49:ba:
                    2d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:1A:21:75:C1:10:BC:B6:B5:79:D1:67:C2:BD:39:3E:78:7C:C8:56
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/ThohdcEQvLa1edFnwr05Pnh8yFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.112.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:49:77:67:19:39:f5:7e:ee:ef:f3:ae:7c:ac:ce:f1:90:2c:
         06:43:e4:52:c6:6e:ea:95:95:fc:0f:55:df:98:f6:85:cb:e2:
         cc:7c:19:6f:5d:eb:42:5c:78:97:98:fd:04:38:52:4c:23:ea:
         9b:64:b0:01:af:14:3a:69:a6:16:ea:76:2d:01:b2:ab:99:4a:
         b9:af:09:8a:c6:11:05:7c:e8:80:97:70:25:34:4f:74:70:36:
         c1:c2:e0:ba:a3:77:75:43:03:ff:7b:42:0f:5b:c5:48:9b:6b:
         98:a2:93:d3:6a:04:97:0c:10:a0:53:a0:4e:e4:b7:91:ef:a0:
         f6:b3:6a:34:ba:03:b0:53:4c:8a:0b:7b:8e:1b:1a:6f:71:a2:
         9a:d0:fb:8e:d9:e1:2e:a0:be:c4:d4:20:3e:40:5e:40:84:8a:
         96:62:f3:d4:25:e9:13:96:dd:43:71:ce:1b:37:bf:5f:00:dd:
         2f:9a:99:f4:83:8d:54:9e:93:88:92:0d:f6:02:3f:80:1f:9e:
         31:88:13:5e:21:54:cc:f4:d8:2e:82:83:43:4c:d4:1b:df:4f:
         6a:3d:b3:b5:fc:83:13:ba:d6:ca:b0:f4:23:35:8c:a2:c2:31:
         40:15:8b:8e:c5:94:1b:56:09:5d:70:eb:1d:1f:91:a6:e0:50:
         ce:1f:92:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbo4or2tQuw681kz7RaSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTFhMjE3NWMxMTBiY2I2YjU3OWQxNjdjMmJkMzkzZTc4N2NjODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwmVoPVCYCCHQ2dswvl8C26i6mq
rE9TSkIz4fOIzHzBxi+7kHI2K0k9O7h+FVIllouTtOy3lGHabi320jWCCuLXsxqJ
rOLYJ6HmExbXlREhSIo1wwHW3g0l/5JHny0XvE2JV5dDX7dtaI+gZ7Hd/UXDWrSP
2da6nXt8+Iq41XX5XV1WNqRYD8fn59Y1jacITJPSIZjZlnmr74ppSprSoVmIcgZP
YsHFSv+yROFBmvGBXQ/nlUWfdA/T0DAT9HyWOYAVW6cYgwXJZejRRRXH2US5pm38
k7D8KsCRVh+CgMMhCKaY/h2G+Nwu+y+MFrgC5AnvfOjxs/Lrnwl9SbotvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4aIXXBELy2tXnRZ8K9OT54fMhWMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvVGhvaGRjRVF2TGExZWRGbndyMDVQbmg4eUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XCWMA0G
CSqGSIb3DQEBCwUAA4IBAQAWSXdnGTn1fu7v8658rM7xkCwGQ+RSxm7qlZX8D1Xf
mPaFy+LMfBlvXetCXHiXmP0EOFJMI+qbZLABrxQ6aaYW6nYtAbKrmUq5rwmKxhEF
fOiAl3AlNE90cDbBwuC6o3d1QwP/e0IPW8VIm2uYopPTagSXDBCgU6BO5LeR76D2
s2o0ugOwU0yKC3uOGxpvcaKa0PuO2eEuoL7E1CA+QF5AhIqWYvPUJekTlt1Dcc4b
N79fAN0vmpn0g41UnpOIkg32Aj+AH54xiBNeIVTM9NgugoNDTNQb309qPbO1/IMT
utbKsPQjNYyiwjFAFYuOxZQbVgldcOsdH5Gm4FDOH5J5
-----END CERTIFICATE-----