Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/9lCaNz-2GZusLAM_lPhdP0SqXFU.roa
File:                     9lCaNz-2GZusLAM_lPhdP0SqXFU.roa (raw, json)
Hash identifier:          AcJFP9Ql5elErgwMcX53O/jDhAn0aOjwoZWJhABWvi8=
Subject key identifier:   F6:50:9A:37:3F:B6:19:9B:AC:2C:03:3F:94:F8:5D:3F:44:AA:5C:55
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       018F3FFB2C9D68E6A591D30427C781B00272
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/9lCaNz-2GZusLAM_lPhdP0SqXFU.roa
Signing time:             Fri 03 May 2024 19:42:56 +0000
ROA not before:           Fri 03 May 2024 19:42:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        212.23.198.0/24 maxlen: 24
                          2a11:5440::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3f:fb:2c:9d:68:e6:a5:91:d3:04:27:c7:81:b0:02:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: May  3 19:42:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6509a373fb6199bac2c033f94f85d3f44aa5c55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:1c:5c:d6:ef:17:54:91:9b:10:53:85:7f:41:
                    0a:ab:e4:4d:3e:ca:ad:25:e6:93:1f:d6:4d:b3:ae:
                    18:12:8c:5b:02:e4:8e:2c:c1:6a:60:7a:ca:b5:34:
                    7c:ce:49:5c:b1:1d:ec:bd:75:a3:3b:00:45:75:ac:
                    e3:29:84:40:f0:3c:a8:7a:99:f0:a3:3e:1d:a5:42:
                    3c:63:19:1f:e6:5d:fa:bb:1b:b4:43:2e:71:d1:53:
                    40:97:a4:6e:57:e5:62:3a:ef:44:58:a1:cd:ed:dc:
                    64:27:72:fe:7a:06:b5:22:c1:fa:4b:c1:71:f7:ed:
                    24:5e:40:72:80:12:7f:65:53:2c:d5:31:e4:6b:d3:
                    17:81:0a:13:c8:8c:aa:48:1c:10:d1:a6:30:8d:9a:
                    17:42:ad:dd:4c:80:80:14:64:e3:28:19:17:6d:e0:
                    d4:5e:a5:c6:84:e2:6e:52:37:6b:46:0f:8b:cd:63:
                    a4:59:7a:31:8d:f3:c3:86:d0:4d:ee:8e:50:ac:e5:
                    31:a4:35:dd:c5:34:1c:b3:06:13:61:43:87:25:b5:
                    f4:d3:49:0b:e7:85:bd:ba:12:e3:bf:81:88:51:50:
                    d8:2f:e3:5f:ea:05:42:ab:cf:f1:0f:98:f2:a1:6d:
                    e4:89:90:bf:f1:64:47:e5:49:23:0e:34:2f:bd:f7:
                    aa:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:50:9A:37:3F:B6:19:9B:AC:2C:03:3F:94:F8:5D:3F:44:AA:5C:55
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/9lCaNz-2GZusLAM_lPhdP0SqXFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.198.0/24
                IPv6:
                  2a11:5440::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:e3:2a:2a:76:1c:e0:5e:b5:5c:56:5f:69:cf:27:95:c9:b5:
         c1:ba:9f:49:a5:ef:19:d0:90:1a:f9:3b:e1:6a:1f:b7:ff:d3:
         23:99:c7:26:2f:8c:79:ab:cd:72:60:3e:bb:40:3e:68:61:9f:
         46:a9:07:51:24:54:5c:92:0a:ad:0b:df:af:da:2f:70:b1:e0:
         18:26:1f:a9:68:2a:6b:c7:f0:fb:4a:15:31:f0:92:9e:9f:39:
         ad:62:25:80:6c:26:07:c7:5f:e2:ae:22:1d:a2:ea:48:b0:fb:
         52:2f:82:b5:76:39:96:a0:cf:3a:4b:ad:61:87:fd:d8:b9:0a:
         b7:19:09:2c:b3:b8:86:0a:e1:87:79:49:fc:eb:39:ec:35:b5:
         7d:57:b5:78:80:16:26:68:ba:6d:09:1c:0c:0c:a8:0a:c7:21:
         eb:05:d1:9a:17:20:6b:7f:fe:4c:67:18:6a:b6:7d:b4:e1:77:
         5e:0e:5b:5f:9e:c6:ba:0b:94:f5:43:8b:97:9d:6e:80:a6:c0:
         5e:d6:83:8e:a3:94:ca:19:6a:49:4a:46:4b:3f:df:c1:a4:c5:
         a8:4a:c4:1b:d3:0e:51:d4:90:b2:89:65:d6:d2:18:12:9e:0e:
         48:2c:6f:4b:07:8a:9b:49:f4:ca:e3:9e:e7:74:e2:c3:d4:fe:
         77:bf:27:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8/+yydaOalkdMEJ8eBsAJyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjQwNTAzMTk0MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjUwOWEzNzNmYjYxOTliYWMyYzAzM2Y5NGY4NWQzZjQ0YWE1YzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hxc1u8XVJGbEFOFf0EKq+RNPsqt
JeaTH9ZNs64YEoxbAuSOLMFqYHrKtTR8zklcsR3svXWjOwBFdazjKYRA8Dyoepnw
oz4dpUI8Yxkf5l36uxu0Qy5x0VNAl6RuV+ViOu9EWKHN7dxkJ3L+ega1IsH6S8Fx
9+0kXkBygBJ/ZVMs1THka9MXgQoTyIyqSBwQ0aYwjZoXQq3dTICAFGTjKBkXbeDU
XqXGhOJuUjdrRg+LzWOkWXoxjfPDhtBN7o5QrOUxpDXdxTQcswYTYUOHJbX000kL
54W9uhLjv4GIUVDYL+Nf6gVCq8/xD5jyoW3kiZC/8WRH5UkjDjQvvfeqcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPZQmjc/thmbrCwDP5T4XT9EqlxVMB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvOWxDYU56LTJHWnVzTEFNX2xQaGRQMFNxWEZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1BfGMA0E
AgACMAcDBQMqEVRAMA0GCSqGSIb3DQEBCwUAA4IBAQBG4yoqdhzgXrVcVl9pzyeV
ybXBup9Jpe8Z0JAa+Tvhah+3/9MjmccmL4x5q81yYD67QD5oYZ9GqQdRJFRckgqt
C9+v2i9wseAYJh+paCprx/D7ShUx8JKenzmtYiWAbCYHx1/iriIdoupIsPtSL4K1
djmWoM86S61hh/3YuQq3GQkss7iGCuGHeUn86znsNbV9V7V4gBYmaLptCRwMDKgK
xyHrBdGaFyBrf/5MZxhqtn204XdeDltfnsa6C5T1Q4uXnW6ApsBe1oOOo5TKGWpJ
SkZLP9/BpMWoSsQb0w5R1JCyiWXW0hgSng5ILG9LB4qbSfTK457ndOLD1P53vyfa
-----END CERTIFICATE-----