Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/H2F_UMI5vQAgpdFLBXCGs1tYEe0.roa
File:                     H2F_UMI5vQAgpdFLBXCGs1tYEe0.roa (raw, json)
Hash identifier:          LNYtG7xrXZxwfdNymR4puxOemPPbxT60tqMNU8Y8wtY=
Subject key identifier:   1F:61:7F:50:C2:39:BD:00:20:A5:D1:4B:05:70:86:B3:5B:58:11:ED
Certificate issuer:       /CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
Certificate serial:       018DC6DA20F4FDA9614E506648D072B734D9
Authority key identifier: 2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/H2F_UMI5vQAgpdFLBXCGs1tYEe0.roa
Signing time:             Tue 20 Feb 2024 14:10:00 +0000
ROA not before:           Tue 20 Feb 2024 14:10:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15828
IP address blocks:        80.244.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:da:20:f4:fd:a9:61:4e:50:66:48:d0:72:b7:34:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
        Validity
            Not Before: Feb 20 14:10:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f617f50c239bd0020a5d14b057086b35b5811ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:45:c5:ac:7c:4f:f5:93:f9:d3:71:13:73:
                    3c:b4:a0:07:45:96:e2:06:08:a2:d9:83:96:52:7f:
                    2a:be:7c:51:63:f1:15:c6:9a:1a:73:85:28:d1:db:
                    95:b4:68:c4:d4:c2:9a:b0:c5:9f:06:bc:d9:8c:5e:
                    b1:87:2e:8f:5b:df:14:a1:72:59:5b:96:fc:22:09:
                    27:42:5c:12:0d:62:bf:2e:7e:28:fd:da:d5:d3:e0:
                    fe:7c:1d:b3:fb:94:d8:d3:7e:03:92:bb:f0:17:4d:
                    7a:cb:a1:24:3f:29:0f:7b:72:ba:cf:80:a2:8b:45:
                    d1:aa:3d:30:11:c9:5d:36:c3:d8:41:f4:c6:59:b5:
                    c7:bd:5c:54:91:50:bd:31:32:a6:5a:ed:56:22:1b:
                    9e:6c:3c:a3:b0:f7:be:42:9c:98:a8:48:ec:fd:30:
                    0e:6f:9b:4e:1e:f5:b4:2d:72:53:08:a5:56:cb:ff:
                    a8:d8:84:b1:1f:cd:18:bd:47:04:16:7b:aa:94:7b:
                    f9:00:00:8c:af:bc:2b:1f:6b:f9:25:f8:67:f7:97:
                    52:2a:7b:6f:e1:18:94:8c:18:47:0b:28:71:0c:4c:
                    ba:0a:da:da:fe:76:12:59:0a:70:40:8f:09:fa:9c:
                    1d:9a:29:70:64:b0:f2:f9:d4:31:48:a5:1b:ad:2a:
                    9d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:61:7F:50:C2:39:BD:00:20:A5:D1:4B:05:70:86:B3:5B:58:11:ED
            X509v3 Authority Key Identifier:
                keyid:2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/H2F_UMI5vQAgpdFLBXCGs1tYEe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:9f:66:1b:0c:65:b6:aa:2f:74:39:b6:e6:6e:2f:bf:dd:ae:
         a6:4a:7e:5f:bb:5f:4b:a0:4e:3c:96:d8:02:6c:9e:f9:49:fc:
         a2:d4:61:40:89:e2:3c:d4:2e:59:a7:36:13:77:b3:58:3e:46:
         5a:df:08:65:6e:78:9d:6d:30:11:8b:87:34:98:79:0a:52:ac:
         4d:12:7b:a3:eb:75:19:91:be:ef:8c:99:48:10:ef:14:20:60:
         2e:e1:b3:50:cc:73:b2:a4:58:fa:c5:a1:50:db:d1:74:b6:ca:
         29:0a:ce:91:ce:39:d6:2c:79:79:9a:65:fa:85:71:20:0e:5f:
         22:8a:10:bc:e4:c0:04:de:12:74:0a:dc:31:ca:64:a3:81:1b:
         42:6d:be:b7:74:76:3a:d4:32:fb:38:53:45:d9:7d:14:38:4c:
         b8:37:ab:d3:13:88:91:ed:09:83:de:90:ce:85:47:7e:22:00:
         1f:b0:1c:e4:39:f0:b7:45:3d:ea:4b:6b:ed:dd:25:19:64:25:
         96:e8:ec:c3:7c:1b:ad:a4:3d:dd:3d:68:99:f9:20:f5:1b:08:
         c2:81:82:da:d7:6f:df:9b:b5:25:80:ce:18:b2:a6:6f:40:6d:
         01:70:a7:d0:34:2f:6c:65:e6:cd:11:e0:8b:06:cb:9e:87:ff:
         f5:7c:bc:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3G2iD0/alhTlBmSNBytzTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQxNDJiNWI2YTUyOThkNmI4ZmE1ODQ1ZjI5ODc4Y2Zl
YmJjNTQwHhcNMjQwMjIwMTQxMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjYxN2Y1MGMyMzliZDAwMjBhNWQxNGIwNTcwODZiMzViNTgxMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv71Fxax8T/WT+dNxE3M8tKAHRZbi
Bgii2YOWUn8qvnxRY/EVxpoac4Uo0duVtGjE1MKasMWfBrzZjF6xhy6PW98UoXJZ
W5b8IgknQlwSDWK/Ln4o/drV0+D+fB2z+5TY034DkrvwF016y6EkPykPe3K6z4Ci
i0XRqj0wEcldNsPYQfTGWbXHvVxUkVC9MTKmWu1WIhuebDyjsPe+QpyYqEjs/TAO
b5tOHvW0LXJTCKVWy/+o2ISxH80YvUcEFnuqlHv5AACMr7wrH2v5Jfhn95dSKntv
4RiUjBhHCyhxDEy6Ctra/nYSWQpwQI8J+pwdmilwZLDy+dQxSKUbrSqdxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9hf1DCOb0AIKXRSwVwhrNbWBHtMB8GA1UdIwQY
MBaAFCttFCtbalKY1rj6WEXymHjP67xUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUt
OGJlZmVlNDllZDRkLzEvSDJGX1VNSTV2UUFncGRGTEJYQ0dzMXRZRWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUtOGJlZmVlNDllZDRk
LzEvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPQLMA0G
CSqGSIb3DQEBCwUAA4IBAQAJn2YbDGW2qi90Obbmbi+/3a6mSn5fu19LoE48ltgC
bJ75Sfyi1GFAieI81C5ZpzYTd7NYPkZa3whlbnidbTARi4c0mHkKUqxNEnuj63UZ
kb7vjJlIEO8UIGAu4bNQzHOypFj6xaFQ29F0tsopCs6RzjnWLHl5mmX6hXEgDl8i
ihC85MAE3hJ0CtwxymSjgRtCbb63dHY61DL7OFNF2X0UOEy4N6vTE4iR7QmD3pDO
hUd+IgAfsBzkOfC3RT3qS2vt3SUZZCWW6OzDfButpD3dPWiZ+SD1GwjCgYLa12/f
m7UlgM4YsqZvQG0BcKfQNC9sZebNEeCLBsueh//1fLxS
-----END CERTIFICATE-----