Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/xFV94mhycLMDkO1NS4j7t6HntvE.roa
File:                     xFV94mhycLMDkO1NS4j7t6HntvE.roa (raw, json)
Hash identifier:          A9Prynd/URC1jVssoaAU0w6tIKnFpphaGal/8eTJRlM=
Subject key identifier:   C4:55:7D:E2:68:72:70:B3:03:90:ED:4D:4B:88:FB:B7:A1:E7:B6:F1
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019427B677CC319CF1E0966B8CD1B1EE09E3
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/xFV94mhycLMDkO1NS4j7t6HntvE.roa
Signing time:             Thu 02 Jan 2025 15:50:57 +0000
ROA not before:           Thu 02 Jan 2025 15:50:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8708
IP address blocks:        2.17.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:77:cc:31:9c:f1:e0:96:6b:8c:d1:b1:ee:09:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 15:50:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4557de2687270b30390ed4d4b88fbb7a1e7b6f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:31:37:a8:cf:1b:0c:87:77:a4:5d:68:53:7f:
                    ce:8d:06:3b:65:06:99:67:13:47:90:13:82:0c:87:
                    70:24:da:1f:7d:96:7e:f4:21:18:cd:8b:9e:a9:50:
                    2f:2e:78:dd:04:2c:52:d6:59:be:16:72:4d:e6:7c:
                    99:88:0f:f2:96:a4:46:d9:f4:1e:ea:8b:19:c0:19:
                    07:3a:0d:98:2f:bc:93:7c:32:62:d0:80:fb:2a:5a:
                    00:2d:f1:76:59:88:2a:08:3e:20:09:67:31:25:f7:
                    2e:fb:dd:20:64:e3:2d:2e:1b:d9:e3:01:13:d7:9a:
                    c7:6d:db:11:fc:08:81:f3:5b:e1:55:bc:63:18:21:
                    9e:ab:fe:22:f9:eb:42:0c:20:9e:13:5c:99:c1:c0:
                    a1:c9:bd:c6:ed:67:6c:05:e2:36:a0:ec:22:a8:20:
                    1e:4b:14:fb:83:49:a0:2c:92:78:8b:10:20:dd:09:
                    b8:8d:e2:94:4a:e9:ff:3a:21:42:72:08:d0:22:2d:
                    c2:97:21:e5:0e:bc:6a:c3:3d:48:51:31:04:b1:0d:
                    6d:11:05:d7:3e:78:f7:64:42:5a:7f:ef:42:78:e0:
                    5e:c2:96:b8:79:d4:3e:a6:13:e8:c8:81:2c:cd:72:
                    8d:51:0e:0a:2d:13:0c:78:2a:ed:22:67:4a:f3:c1:
                    49:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:55:7D:E2:68:72:70:B3:03:90:ED:4D:4B:88:FB:B7:A1:E7:B6:F1
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/xFV94mhycLMDkO1NS4j7t6HntvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.17.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:2b:6a:5b:1b:bb:21:13:9f:de:da:ee:22:f7:f4:94:03:dc:
         97:0e:2e:4f:cb:8e:71:1c:ff:a0:f4:b0:b3:40:4f:a7:52:d9:
         f3:17:04:b7:c7:0e:7b:b1:34:7d:7d:f8:3d:93:63:81:88:16:
         c4:55:f0:89:1b:29:c8:ac:46:13:49:f1:8d:b6:80:cb:81:79:
         3b:fd:2e:d5:94:fb:9a:a9:a4:6c:57:2a:a8:61:8e:2c:54:66:
         45:c9:91:7c:b5:e8:33:e2:5f:4c:62:c5:bf:39:b0:06:47:f1:
         6d:22:7e:c7:0c:c9:ca:e6:f0:bc:cd:07:a1:af:a0:9a:15:d2:
         c0:6d:05:8c:8c:99:29:02:4b:68:10:68:03:1b:e4:2a:7d:d4:
         76:2d:a2:bd:12:b2:58:f8:29:a4:cd:cd:9f:6f:17:fd:ea:35:
         ed:ad:11:2e:f7:34:8c:9e:2d:86:81:10:95:1d:bb:0d:9b:8b:
         69:0e:c5:6f:7b:7f:0e:1d:c9:03:b7:ba:37:77:54:62:69:dd:
         65:f4:46:06:b1:44:ac:a5:f5:4a:fe:e9:37:c9:5b:cf:9a:e8:
         b1:ff:92:ff:40:ef:c0:2b:63:14:ad:dd:0a:d0:76:5b:27:d5:
         40:a8:4e:ef:e2:95:ab:a3:54:b0:6c:26:4c:e9:88:fb:d5:da:
         71:dc:de:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntnfMMZzx4JZrjNGx7gnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MDU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDU1N2RlMjY4NzI3MGIzMDM5MGVkNGQ0Yjg4ZmJiN2ExZTdiNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTE3qM8bDId3pF1oU3/OjQY7ZQaZ
ZxNHkBOCDIdwJNoffZZ+9CEYzYueqVAvLnjdBCxS1lm+FnJN5nyZiA/ylqRG2fQe
6osZwBkHOg2YL7yTfDJi0ID7KloALfF2WYgqCD4gCWcxJfcu+90gZOMtLhvZ4wET
15rHbdsR/AiB81vhVbxjGCGeq/4i+etCDCCeE1yZwcChyb3G7WdsBeI2oOwiqCAe
SxT7g0mgLJJ4ixAg3Qm4jeKUSun/OiFCcgjQIi3ClyHlDrxqwz1IUTEEsQ1tEQXX
Pnj3ZEJaf+9CeOBewpa4edQ+phPoyIEszXKNUQ4KLRMMeCrtImdK88FJCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRVfeJocnCzA5DtTUuI+7eh57bxMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEveEZWOTRtaHljTE1Ea08xTlM0ajd0NkhudHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhF0MA0G
CSqGSIb3DQEBCwUAA4IBAQCTK2pbG7shE5/e2u4i9/SUA9yXDi5Py45xHP+g9LCz
QE+nUtnzFwS3xw57sTR9ffg9k2OBiBbEVfCJGynIrEYTSfGNtoDLgXk7/S7VlPua
qaRsVyqoYY4sVGZFyZF8tegz4l9MYsW/ObAGR/FtIn7HDMnK5vC8zQehr6CaFdLA
bQWMjJkpAktoEGgDG+QqfdR2LaK9ErJY+Cmkzc2fbxf96jXtrREu9zSMni2GgRCV
HbsNm4tpDsVve38OHckDt7o3d1Riad1l9EYGsUSspfVK/uk3yVvPmuix/5L/QO/A
K2MUrd0K0HZbJ9VAqE7v4pWro1SwbCZM6Yj71dpx3N7E
-----END CERTIFICATE-----