Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/0cfe3e-729f-4418-9cf4-863daecfc2e8/1/H2paATiszQ51HsFZ8nzYi9QuFcU.roa
File:                     H2paATiszQ51HsFZ8nzYi9QuFcU.roa (raw, json)
Hash identifier:          61yUI7T27tjfliVKB1IGoyY3kjD5L5NLhTHjY8oBRSw=
Subject key identifier:   1F:6A:5A:01:38:AC:CD:0E:75:1E:C1:59:F2:7C:D8:8B:D4:2E:15:C5
Certificate issuer:       /CN=b4fa4d081b36887f3e5ca6537f7469eee21d71ae
Certificate serial:       018CCA2A47E28E572D16B7AB1533A2D55786
Authority key identifier: B4:FA:4D:08:1B:36:88:7F:3E:5C:A6:53:7F:74:69:EE:E2:1D:71:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPpNCBs2iH8-XKZTf3Rp7uIdca4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/0cfe3e-729f-4418-9cf4-863daecfc2e8/1/H2paATiszQ51HsFZ8nzYi9QuFcU.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51094
IP address blocks:        91.216.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/0cfe3e-729f-4418-9cf4-863daecfc2e8/1/tPpNCBs2iH8-XKZTf3Rp7uIdca4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/0cfe3e-729f-4418-9cf4-863daecfc2e8/1/tPpNCBs2iH8-XKZTf3Rp7uIdca4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPpNCBs2iH8-XKZTf3Rp7uIdca4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:47:e2:8e:57:2d:16:b7:ab:15:33:a2:d5:57:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4fa4d081b36887f3e5ca6537f7469eee21d71ae
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f6a5a0138accd0e751ec159f27cd88bd42e15c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:78:c2:e7:e9:a4:86:92:cb:3f:81:cf:b7:1e:
                    c4:78:fd:88:2b:5f:3c:46:e6:3e:e7:c9:d6:41:a9:
                    e9:d3:6e:79:5d:3a:e1:8b:f7:43:56:7d:d3:74:b5:
                    b0:46:aa:a3:8a:3c:ae:22:21:47:7f:e2:d3:ad:a6:
                    f7:94:ab:ef:d7:75:bc:cb:13:8a:92:b2:af:b8:d9:
                    6e:09:12:bc:22:88:02:27:3c:95:d9:26:2d:5f:0f:
                    26:0c:48:51:18:25:01:6a:f8:2a:83:f9:08:91:5b:
                    55:75:1a:99:57:68:9b:65:39:a5:b2:b5:d3:5b:4e:
                    6b:90:9a:55:f3:85:fd:8e:2d:06:3d:21:7e:42:94:
                    4b:e6:34:3a:b9:6e:30:50:15:64:49:ee:6f:fa:c7:
                    99:4c:7f:87:8e:b4:8a:cd:90:3c:b4:bc:a5:41:72:
                    fd:38:b6:b1:a8:f5:07:6c:db:5b:8f:00:62:14:61:
                    fe:c1:f2:e3:28:0b:3f:34:5f:b0:63:41:ff:c6:2a:
                    8c:42:23:59:99:56:2a:41:dd:d0:31:ad:63:28:eb:
                    bf:7d:73:14:f3:7e:98:08:a3:ee:73:fd:32:1a:a6:
                    38:be:42:c6:89:8a:42:75:5b:fa:3d:10:d1:a6:09:
                    63:02:14:64:ad:ad:c5:d4:e4:14:11:c8:75:37:5b:
                    7e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:6A:5A:01:38:AC:CD:0E:75:1E:C1:59:F2:7C:D8:8B:D4:2E:15:C5
            X509v3 Authority Key Identifier:
                keyid:B4:FA:4D:08:1B:36:88:7F:3E:5C:A6:53:7F:74:69:EE:E2:1D:71:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPpNCBs2iH8-XKZTf3Rp7uIdca4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0cfe3e-729f-4418-9cf4-863daecfc2e8/1/H2paATiszQ51HsFZ8nzYi9QuFcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0cfe3e-729f-4418-9cf4-863daecfc2e8/1/tPpNCBs2iH8-XKZTf3Rp7uIdca4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e2:74:31:f1:31:2b:15:0d:fc:ba:cf:58:5f:6e:58:06:1e:
         9e:91:97:d5:2c:d6:b2:e7:5d:78:fa:4b:8e:95:26:cb:e2:e8:
         11:f8:3a:48:01:f6:b9:6d:50:7e:47:ba:73:b2:1b:34:a3:72:
         f8:ff:8a:86:f1:4d:fc:6e:3e:0b:07:55:8d:75:4c:71:5b:7a:
         a2:4f:6c:09:8e:9b:96:16:bc:bb:d1:86:f8:dd:aa:d7:bb:a6:
         06:f9:ec:89:22:6c:f6:ac:8c:6b:ef:35:2c:6c:7f:ae:01:3d:
         12:ed:73:e1:f7:da:b1:6c:53:77:56:a7:58:2c:e2:08:64:8c:
         39:31:90:3a:f3:04:57:36:7e:88:8d:37:e0:99:db:05:6e:10:
         39:b8:c0:51:e4:8e:0b:e3:9e:13:a8:b8:7a:70:06:8b:5d:90:
         aa:6e:4f:4b:a5:90:26:83:7c:10:63:58:82:23:5e:18:2e:6f:
         b9:e1:6b:3b:af:42:e2:32:2b:d5:51:4b:8c:9d:bc:b6:16:d8:
         89:f2:29:32:79:ac:5d:81:b0:db:9a:50:78:9f:2f:5b:29:f8:
         b7:da:a1:e2:5f:8b:c1:13:d2:29:cd:14:c0:e4:ab:75:41:32:
         35:74:d3:8c:31:b0:85:69:f4:a1:d7:3e:7f:1c:f5:55:6e:d1:
         0c:93:36:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkfijlctFrerFTOi1VeGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZmE0ZDA4MWIzNjg4N2YzZTVjYTY1MzdmNzQ2OWVlZTIx
ZDcxYWUwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjZhNWEwMTM4YWNjZDBlNzUxZWMxNTlmMjdjZDg4YmQ0MmUxNWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHjC5+mkhpLLP4HPtx7EeP2IK188
RuY+58nWQanp0255XTrhi/dDVn3TdLWwRqqjijyuIiFHf+LTrab3lKvv13W8yxOK
krKvuNluCRK8IogCJzyV2SYtXw8mDEhRGCUBavgqg/kIkVtVdRqZV2ibZTmlsrXT
W05rkJpV84X9ji0GPSF+QpRL5jQ6uW4wUBVkSe5v+seZTH+HjrSKzZA8tLylQXL9
OLaxqPUHbNtbjwBiFGH+wfLjKAs/NF+wY0H/xiqMQiNZmVYqQd3QMa1jKOu/fXMU
836YCKPuc/0yGqY4vkLGiYpCdVv6PRDRpgljAhRkra3F1OQUEch1N1t+EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9qWgE4rM0OdR7BWfJ82IvULhXFMB8GA1UdIwQY
MBaAFLT6TQgbNoh/PlymU390ae7iHXGuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBwTkNCczJpSDgtWEtaVGYzUnA3dUlkY2E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8wY2ZlM2UtNzI5Zi00NDE4LTljZjQt
ODYzZGFlY2ZjMmU4LzEvSDJwYUFUaXN6UTUxSHNGWjhuellpOVF1RmNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8wY2ZlM2UtNzI5Zi00NDE4LTljZjQtODYzZGFlY2ZjMmU4
LzEvdFBwTkNCczJpSDgtWEtaVGYzUnA3dUlkY2E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9iQMA0G
CSqGSIb3DQEBCwUAA4IBAQA+4nQx8TErFQ38us9YX25YBh6ekZfVLNay5114+kuO
lSbL4ugR+DpIAfa5bVB+R7pzshs0o3L4/4qG8U38bj4LB1WNdUxxW3qiT2wJjpuW
Fry70Yb43arXu6YG+eyJImz2rIxr7zUsbH+uAT0S7XPh99qxbFN3VqdYLOIIZIw5
MZA68wRXNn6IjTfgmdsFbhA5uMBR5I4L454TqLh6cAaLXZCqbk9LpZAmg3wQY1iC
I14YLm+54Ws7r0LiMivVUUuMnby2FtiJ8ikyeaxdgbDbmlB4ny9bKfi32qHiX4vB
E9IpzRTA5Kt1QTI1dNOMMbCFafSh1z5/HPVVbtEMkza1
-----END CERTIFICATE-----