Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/LfQfK2GuvjIkndePN2dhar9__sc.roa
File:                     LfQfK2GuvjIkndePN2dhar9__sc.roa (raw, json)
Hash identifier:          HI35LIuauZrWxsshGrkn0wi/eFi2FyGEmPxVwIJxHYM=
Subject key identifier:   2D:F4:1F:2B:61:AE:BE:32:24:9D:D7:8F:37:67:61:6A:BF:7F:FE:C7
Certificate issuer:       /CN=644c50d1dadf8b84b174fdb0587afb5f42df8a5f
Certificate serial:       018CC8DEF6F66A6400D8ECD09A9B05F8E38F
Authority key identifier: 64:4C:50:D1:DA:DF:8B:84:B1:74:FD:B0:58:7A:FB:5F:42:DF:8A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZExQ0drfi4SxdP2wWHr7X0Lfil8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/LfQfK2GuvjIkndePN2dhar9__sc.roa
Signing time:             Tue 02 Jan 2024 06:31:44 +0000
ROA not before:           Tue 02 Jan 2024 06:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34273
IP address blocks:        193.138.200.0/22 maxlen: 22
                          46.17.192.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/ZExQ0drfi4SxdP2wWHr7X0Lfil8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/ZExQ0drfi4SxdP2wWHr7X0Lfil8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZExQ0drfi4SxdP2wWHr7X0Lfil8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f6:f6:6a:64:00:d8:ec:d0:9a:9b:05:f8:e3:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644c50d1dadf8b84b174fdb0587afb5f42df8a5f
        Validity
            Not Before: Jan  2 06:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2df41f2b61aebe32249dd78f3767616abf7ffec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f3:67:7c:fb:f7:c9:92:56:e9:7b:38:74:63:
                    c5:52:ba:0d:4a:92:5a:10:09:57:f7:0c:24:dd:b0:
                    18:1f:50:82:51:0d:fe:d2:07:cd:64:84:fd:e0:eb:
                    8b:98:97:c5:86:9c:50:05:a2:7f:57:2d:d2:89:cf:
                    00:e6:a4:d6:f6:f9:ed:9b:db:4d:26:20:7b:37:12:
                    19:92:7d:63:b4:ce:a0:d4:28:b3:d1:d3:8a:87:93:
                    eb:32:4f:e8:1b:cc:c8:df:da:c3:9f:0a:5e:38:8c:
                    f7:0e:bd:5f:7d:ca:c9:56:01:22:77:85:fd:c1:6e:
                    10:ab:d3:f5:b1:07:6d:6b:e8:e4:2b:fc:22:40:29:
                    f3:89:a7:23:44:38:66:7c:06:8d:fc:d2:4d:82:31:
                    bb:0a:ff:37:f7:7a:5d:97:13:ed:70:1b:c1:a8:e2:
                    50:5b:db:90:f1:ab:62:e4:4c:17:d9:bd:3a:62:f7:
                    25:a4:22:89:d0:24:1d:35:a0:eb:e6:e4:84:4f:ac:
                    93:bf:c3:20:f4:f5:00:4f:3e:a9:a2:16:a4:51:1f:
                    8f:9d:7f:85:2f:55:fc:c1:2c:3f:bf:12:4e:64:82:
                    45:2d:bc:45:51:0e:88:6c:f3:7a:39:82:67:a2:8f:
                    b2:62:f4:01:33:ed:b0:fb:90:4c:8b:29:c4:d1:7c:
                    eb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F4:1F:2B:61:AE:BE:32:24:9D:D7:8F:37:67:61:6A:BF:7F:FE:C7
            X509v3 Authority Key Identifier:
                keyid:64:4C:50:D1:DA:DF:8B:84:B1:74:FD:B0:58:7A:FB:5F:42:DF:8A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZExQ0drfi4SxdP2wWHr7X0Lfil8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/LfQfK2GuvjIkndePN2dhar9__sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/ZExQ0drfi4SxdP2wWHr7X0Lfil8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.192.0/21
                  193.138.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:aa:d8:c1:5b:6e:45:08:96:58:30:86:79:e9:17:97:11:39:
         aa:9d:e6:8d:51:e5:b4:0f:39:3b:ba:a1:40:33:55:42:82:52:
         a4:85:ed:5a:fc:b7:21:29:f8:0f:49:57:23:e9:18:54:92:2a:
         bc:54:65:5f:8a:77:ea:78:37:d2:43:1c:f7:ab:8d:94:b8:bb:
         4c:5e:f1:58:81:71:db:07:20:15:4b:ca:48:0f:9a:74:8a:ec:
         64:01:88:84:6e:0b:74:e9:ad:00:fe:7c:f9:d7:eb:8b:a4:35:
         0a:1c:d0:fd:0b:9a:48:fd:1c:68:08:fe:c1:ae:71:c9:44:9d:
         7e:16:97:cc:ac:17:87:12:99:54:6e:29:34:1a:63:be:8f:8f:
         66:e0:57:08:4d:6e:be:81:c7:1b:4b:af:49:58:c5:4b:10:b2:
         aa:49:a3:ac:4e:4b:d5:48:d1:0d:f9:8f:7a:f8:46:a9:69:db:
         b3:16:3d:8b:da:66:64:db:1a:33:cd:e3:e7:e6:0f:8d:d8:21:
         b4:0d:1f:fd:3e:52:b5:d7:9f:22:1d:2c:86:42:7e:47:c8:2e:
         4a:d5:e7:a8:2b:ce:d3:c3:d4:16:85:ed:34:0a:b1:7d:52:52:
         07:32:44:1b:c4:d8:81:73:c3:24:df:e9:33:83:7d:ed:64:6f:
         93:b1:79:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3vb2amQA2OzQmpsF+OOPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGM1MGQxZGFkZjhiODRiMTc0ZmRiMDU4N2FmYjVmNDJk
ZjhhNWYwHhcNMjQwMTAyMDYzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY0MWYyYjYxYWViZTMyMjQ5ZGQ3OGYzNzY3NjE2YWJmN2ZmZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfNnfPv3yZJW6Xs4dGPFUroNSpJa
EAlX9wwk3bAYH1CCUQ3+0gfNZIT94OuLmJfFhpxQBaJ/Vy3Sic8A5qTW9vntm9tN
JiB7NxIZkn1jtM6g1Ciz0dOKh5PrMk/oG8zI39rDnwpeOIz3Dr1ffcrJVgEid4X9
wW4Qq9P1sQdta+jkK/wiQCnziacjRDhmfAaN/NJNgjG7Cv8393pdlxPtcBvBqOJQ
W9uQ8ati5EwX2b06YvclpCKJ0CQdNaDr5uSET6yTv8Mg9PUATz6pohakUR+PnX+F
L1X8wSw/vxJOZIJFLbxFUQ6IbPN6OYJnoo+yYvQBM+2w+5BMiynE0XzrswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC30Hythrr4yJJ3XjzdnYWq/f/7HMB8GA1UdIwQY
MBaAFGRMUNHa34uEsXT9sFh6+19C34pfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkV4UTBkcmZpNFN4ZFAyd1dIcjdYMExmaWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yOGJkZTMtYTRjYS00ODhkLTgwNjEt
ZDM4ZDg0M2JmYTFkLzEvTGZRZksyR3V2aklrbmRlUE4yZGhhcjlfX3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yOGJkZTMtYTRjYS00ODhkLTgwNjEtZDM4ZDg0M2JmYTFk
LzEvWkV4UTBkcmZpNFN4ZFAyd1dIcjdYMExmaWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLhHAAwQC
wYrIMA0GCSqGSIb3DQEBCwUAA4IBAQA0qtjBW25FCJZYMIZ56ReXETmqneaNUeW0
Dzk7uqFAM1VCglKkhe1a/LchKfgPSVcj6RhUkiq8VGVfinfqeDfSQxz3q42UuLtM
XvFYgXHbByAVS8pID5p0iuxkAYiEbgt06a0A/nz51+uLpDUKHND9C5pI/RxoCP7B
rnHJRJ1+FpfMrBeHEplUbik0GmO+j49m4FcITW6+gccbS69JWMVLELKqSaOsTkvV
SNEN+Y96+EapaduzFj2L2mZk2xozzePn5g+N2CG0DR/9PlK1158iHSyGQn5HyC5K
1eeoK87Tw9QWhe00CrF9UlIHMkQbxNiBc8Mk3+kzg33tZG+TsXks
-----END CERTIFICATE-----