Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/tLiRdZP522eC3NYuIzRy2QoF5H4.roa
File:                     tLiRdZP522eC3NYuIzRy2QoF5H4.roa (raw, json)
Hash identifier:          trzTZz+yqegl2GvHbTH4XX/ON0hrHMW62DxevK5rVsw=
Subject key identifier:   B4:B8:91:75:93:F9:DB:67:82:DC:D6:2E:23:34:72:D9:0A:05:E4:7E
Certificate issuer:       /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial:       018E6C58D619D6DA91D31CB1534C0FB6728A
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/tLiRdZP522eC3NYuIzRy2QoF5H4.roa
Signing time:             Sat 23 Mar 2024 17:25:44 +0000
ROA not before:           Sat 23 Mar 2024 17:25:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        178.22.31.0/24 maxlen: 24
                          193.228.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6c:58:d6:19:d6:da:91:d3:1c:b1:53:4c:0f:b6:72:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
        Validity
            Not Before: Mar 23 17:25:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4b8917593f9db6782dcd62e233472d90a05e47e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7b:f0:fe:6a:95:a3:01:47:4f:4d:fb:c6:06:
                    11:cf:8c:a0:63:02:e5:c6:c1:02:35:a7:e1:cc:da:
                    70:6e:da:0c:b9:f5:dc:9f:24:db:55:32:7f:f6:1f:
                    29:87:ce:71:c4:68:c5:ed:61:52:5c:d3:a9:90:a6:
                    45:bb:b3:86:ff:30:f9:d4:d6:37:c6:51:db:c0:91:
                    72:82:c2:8c:dd:33:b5:bb:2e:dc:3d:f5:3c:4a:64:
                    33:cb:28:f4:e2:33:6b:56:54:db:ef:78:33:85:1a:
                    fe:73:df:88:ed:5a:7d:3c:66:c0:a3:83:bc:8f:8b:
                    0d:e6:8d:35:e2:bf:5d:09:1d:07:2c:44:53:d4:80:
                    f7:aa:d8:3f:5a:01:5f:85:e8:e8:be:95:aa:7a:cf:
                    14:53:67:a3:9d:f6:8a:7f:c6:bd:e4:fb:32:c2:47:
                    f7:f6:36:5f:e9:ed:fd:46:b2:90:37:ad:0d:b5:3d:
                    a6:85:61:bd:8d:04:53:02:a7:fd:bb:b3:64:3e:06:
                    c4:6c:ab:54:21:4d:46:19:f6:11:fd:22:08:4a:72:
                    cb:bb:f8:33:76:6d:e8:61:82:5e:8b:d6:a8:5a:2b:
                    78:e1:fe:67:93:9a:cc:94:3e:1e:cf:31:63:d4:a6:
                    93:3b:fe:78:af:a5:75:61:61:75:c9:f0:07:44:e9:
                    64:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B8:91:75:93:F9:DB:67:82:DC:D6:2E:23:34:72:D9:0A:05:E4:7E
            X509v3 Authority Key Identifier:
                keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/tLiRdZP522eC3NYuIzRy2QoF5H4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.31.0/24
                  193.228.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:22:cb:3e:b3:8d:83:ce:87:5f:bc:80:48:43:87:ba:09:1c:
         f3:9e:ed:01:17:d3:0a:6b:26:c2:94:9d:21:c8:30:ea:a6:a3:
         c0:76:8e:ac:c2:8a:0a:2c:4f:25:54:76:8c:8d:19:23:05:cb:
         43:74:87:69:38:4c:30:b2:1b:2e:0e:59:df:cf:d2:9d:98:b5:
         86:b0:e8:ad:dc:d3:d9:08:4d:9f:4c:e6:a1:a7:4b:4b:75:35:
         64:89:4e:85:0e:3b:08:ef:65:ef:12:bf:16:58:23:92:95:2c:
         90:52:ab:70:8a:c7:69:46:81:24:76:17:3c:f9:b2:25:c8:ef:
         c2:64:b8:42:87:aa:83:fe:b8:74:33:4e:94:fc:51:88:96:90:
         9e:ea:4c:5b:3d:55:b4:c6:5d:4f:ff:4d:12:6d:63:1a:f0:f8:
         fe:1b:f4:1c:19:e5:33:64:54:ee:1c:25:09:55:75:ac:67:af:
         86:fe:ed:0c:78:63:84:4f:b2:86:ab:f9:59:3a:d6:20:e8:b8:
         70:13:08:c6:cf:0e:91:4b:01:12:10:b4:40:ab:d4:8c:61:da:
         b7:c4:0a:1f:d4:62:8b:2c:94:ad:73:5d:45:9f:b6:98:a9:2e:
         dd:01:dd:ca:a8:6d:3b:d1:aa:44:93:a4:0d:5d:3b:d4:d2:42:
         02:c7:a4:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5sWNYZ1tqR0xyxU0wPtnKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjQwMzIzMTcyNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGI4OTE3NTkzZjlkYjY3ODJkY2Q2MmUyMzM0NzJkOTBhMDVlNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXvw/mqVowFHT037xgYRz4ygYwLl
xsECNafhzNpwbtoMufXcnyTbVTJ/9h8ph85xxGjF7WFSXNOpkKZFu7OG/zD51NY3
xlHbwJFygsKM3TO1uy7cPfU8SmQzyyj04jNrVlTb73gzhRr+c9+I7Vp9PGbAo4O8
j4sN5o014r9dCR0HLERT1ID3qtg/WgFfhejovpWqes8UU2ejnfaKf8a95Psywkf3
9jZf6e39RrKQN60NtT2mhWG9jQRTAqf9u7NkPgbEbKtUIU1GGfYR/SIISnLLu/gz
dm3oYYJei9aoWit44f5nk5rMlD4ezzFj1KaTO/54r6V1YWF1yfAHROlkDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLS4kXWT+dtngtzWLiM0ctkKBeR+MB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvdExpUmRaUDUyMmVDM05ZdUl6UnkyUW9GNUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAshYfAwQA
weSAMA0GCSqGSIb3DQEBCwUAA4IBAQA7Iss+s42DzodfvIBIQ4e6CRzznu0BF9MK
aybClJ0hyDDqpqPAdo6swooKLE8lVHaMjRkjBctDdIdpOEwwshsuDlnfz9KdmLWG
sOit3NPZCE2fTOahp0tLdTVkiU6FDjsI72XvEr8WWCOSlSyQUqtwisdpRoEkdhc8
+bIlyO/CZLhCh6qD/rh0M06U/FGIlpCe6kxbPVW0xl1P/00SbWMa8Pj+G/QcGeUz
ZFTuHCUJVXWsZ6+G/u0MeGOET7KGq/lZOtYg6LhwEwjGzw6RSwESELRAq9SMYdq3
xAof1GKLLJStc11Fn7aYqS7dAd3KqG070apEk6QNXTvU0kICx6Sd
-----END CERTIFICATE-----