Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b36636-3306-448f-8ecf-56482b390678/1/0SIf3B-zFTHjBffA4Q3K4XlSBSM.roa
File:                     0SIf3B-zFTHjBffA4Q3K4XlSBSM.roa (raw, json)
Hash identifier:          k9iJJW7bn5b063RiVhVpwGW174qDh7kRY+YejaIUhOo=
Subject key identifier:   D1:22:1F:DC:1F:B3:15:31:E3:05:F7:C0:E1:0D:CA:E1:79:52:05:23
Certificate issuer:       /CN=53c0e2078e4f3eba5f879503fdd809c383bb7628
Certificate serial:       018CC9BCB9DB096AC8EC517673FA0E67F55D
Authority key identifier: 53:C0:E2:07:8E:4F:3E:BA:5F:87:95:03:FD:D8:09:C3:83:BB:76:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8DiB45PPrpfh5UD_dgJw4O7dig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b36636-3306-448f-8ecf-56482b390678/1/0SIf3B-zFTHjBffA4Q3K4XlSBSM.roa
Signing time:             Tue 02 Jan 2024 10:33:57 +0000
ROA not before:           Tue 02 Jan 2024 10:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        217.169.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b36636-3306-448f-8ecf-56482b390678/1/U8DiB45PPrpfh5UD_dgJw4O7dig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b36636-3306-448f-8ecf-56482b390678/1/U8DiB45PPrpfh5UD_dgJw4O7dig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8DiB45PPrpfh5UD_dgJw4O7dig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 22:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b9:db:09:6a:c8:ec:51:76:73:fa:0e:67:f5:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c0e2078e4f3eba5f879503fdd809c383bb7628
        Validity
            Not Before: Jan  2 10:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1221fdc1fb31531e305f7c0e10dcae179520523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8c:41:6c:44:f9:bd:9f:db:f8:ab:27:31:9e:
                    80:9e:4f:43:8c:9e:f7:39:dc:f6:12:69:51:85:fb:
                    0b:6e:05:03:48:96:10:e8:fb:82:4c:0f:58:3d:d9:
                    ca:69:b8:56:fe:65:68:b3:d2:5b:c3:86:8f:78:e3:
                    f8:42:1d:f1:f9:0f:09:7b:93:e6:62:cf:0b:69:d6:
                    2e:9f:b1:ec:d2:f7:71:90:60:93:87:94:fc:64:ab:
                    ef:bd:58:78:fb:da:2f:e0:73:d3:2e:f7:5f:3f:08:
                    bc:6b:f9:dd:87:6b:a5:ac:ff:fc:03:df:53:9a:ac:
                    06:59:85:cd:e2:11:0a:1f:d6:bf:80:d5:a4:d7:b3:
                    6d:9f:31:b5:4d:25:64:a5:aa:ca:ed:1a:c8:ea:0b:
                    93:f4:79:c4:eb:e2:54:7b:40:f3:3d:82:d8:e7:f8:
                    11:e3:81:7b:ac:89:72:3f:21:38:60:11:8c:3a:ed:
                    d7:93:b2:c4:f3:73:ff:16:cd:f1:56:5e:13:20:27:
                    1d:ca:42:d6:e6:5f:58:a9:61:b2:09:99:0f:20:8e:
                    f4:d6:1c:f5:e1:d6:45:1d:6b:b4:9c:e6:cb:19:5d:
                    3e:ed:a3:ac:0f:4b:f0:f4:97:86:8f:8f:c7:9a:f4:
                    b1:a1:89:ae:fd:53:17:d8:09:04:1c:1d:27:c3:be:
                    f3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:22:1F:DC:1F:B3:15:31:E3:05:F7:C0:E1:0D:CA:E1:79:52:05:23
            X509v3 Authority Key Identifier:
                keyid:53:C0:E2:07:8E:4F:3E:BA:5F:87:95:03:FD:D8:09:C3:83:BB:76:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8DiB45PPrpfh5UD_dgJw4O7dig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b36636-3306-448f-8ecf-56482b390678/1/0SIf3B-zFTHjBffA4Q3K4XlSBSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b36636-3306-448f-8ecf-56482b390678/1/U8DiB45PPrpfh5UD_dgJw4O7dig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.169.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:9b:97:89:4a:57:3f:90:05:61:77:50:93:b2:06:66:a4:0e:
         d8:a3:d7:5f:d4:9c:39:e3:b2:cc:3b:48:c9:92:da:40:e7:cc:
         6b:44:0f:2e:e6:9a:9c:0b:51:56:47:0b:bf:95:9b:91:d0:0d:
         d1:94:bc:33:36:1c:93:e1:1b:ee:db:41:90:b9:46:55:c5:d5:
         9c:d3:2d:b1:17:55:09:28:e4:30:18:69:88:a9:6c:fd:b5:4e:
         84:d4:17:6c:27:2e:ce:05:fd:34:e3:16:d4:f8:30:1d:1c:f6:
         27:38:d6:71:52:a4:46:54:4d:ed:fb:7d:d5:35:4e:ad:0a:a3:
         15:5d:df:b8:93:3a:7a:45:b6:7a:f0:7b:9c:e7:4e:c3:4b:cc:
         9e:c2:0f:64:da:56:3a:73:5b:03:89:12:d9:0b:8b:fb:31:12:
         4e:ff:af:0e:08:e8:79:ca:d4:47:43:41:37:c7:0c:79:29:2e:
         73:ab:e2:e9:34:e8:ed:d6:a6:8b:ff:4f:d7:9b:23:d3:6d:c0:
         d1:ec:20:32:75:2e:ed:82:86:ab:7f:aa:f4:e4:71:1e:a4:43:
         8c:c4:22:ba:0f:c6:2f:0a:83:9d:f9:19:65:38:72:83:cd:a7:
         0a:46:cc:80:2f:05:4d:78:e8:58:20:e2:8c:8a:12:f9:f5:4b:
         92:95:6c:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvLnbCWrI7FF2c/oOZ/VdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzBlMjA3OGU0ZjNlYmE1Zjg3OTUwM2ZkZDgwOWMzODNi
Yjc2MjgwHhcNMjQwMTAyMTAzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTIyMWZkYzFmYjMxNTMxZTMwNWY3YzBlMTBkY2FlMTc5NTIwNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooxBbET5vZ/b+KsnMZ6Ank9DjJ73
Odz2EmlRhfsLbgUDSJYQ6PuCTA9YPdnKabhW/mVos9Jbw4aPeOP4Qh3x+Q8Je5Pm
Ys8LadYun7Hs0vdxkGCTh5T8ZKvvvVh4+9ov4HPTLvdfPwi8a/ndh2ulrP/8A99T
mqwGWYXN4hEKH9a/gNWk17NtnzG1TSVkparK7RrI6guT9HnE6+JUe0DzPYLY5/gR
44F7rIlyPyE4YBGMOu3Xk7LE83P/Fs3xVl4TICcdykLW5l9YqWGyCZkPII701hz1
4dZFHWu0nObLGV0+7aOsD0vw9JeGj4/HmvSxoYmu/VMX2AkEHB0nw77ziwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEiH9wfsxUx4wX3wOENyuF5UgUjMB8GA1UdIwQY
MBaAFFPA4geOTz66X4eVA/3YCcODu3YoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThEaUI0NVBQcnBmaDVVRF9kZ0p3NE83ZGlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iMzY2MzYtMzMwNi00NDhmLThlY2Yt
NTY0ODJiMzkwNjc4LzEvMFNJZjNCLXpGVEhqQmZmQTRRM0s0WGxTQlNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iMzY2MzYtMzMwNi00NDhmLThlY2YtNTY0ODJiMzkwNjc4
LzEvVThEaUI0NVBQcnBmaDVVRF9kZ0p3NE83ZGlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2al2MA0G
CSqGSIb3DQEBCwUAA4IBAQCXm5eJSlc/kAVhd1CTsgZmpA7Yo9df1Jw547LMO0jJ
ktpA58xrRA8u5pqcC1FWRwu/lZuR0A3RlLwzNhyT4Rvu20GQuUZVxdWc0y2xF1UJ
KOQwGGmIqWz9tU6E1BdsJy7OBf004xbU+DAdHPYnONZxUqRGVE3t+33VNU6tCqMV
Xd+4kzp6RbZ68Huc507DS8yewg9k2lY6c1sDiRLZC4v7MRJO/68OCOh5ytRHQ0E3
xwx5KS5zq+LpNOjt1qaL/0/XmyPTbcDR7CAydS7tgoarf6r05HEepEOMxCK6D8Yv
CoOd+RllOHKDzacKRsyALwVNeOhYIOKMihL59UuSlWxV
-----END CERTIFICATE-----