Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/I8sPKRir594lHFeezsaA0WXHd5o.roa
File:                     I8sPKRir594lHFeezsaA0WXHd5o.roa (raw, json)
Hash identifier:          sSiNLodTC/iM3vF3WfZVDjNyACSwr/BSs7i/qiZ/fBM=
Subject key identifier:   23:CB:0F:29:18:AB:E7:DE:25:1C:57:9E:CE:C6:80:D1:65:C7:77:9A
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2AA1D7BC3B9A08920E6E86BD9D3DA1
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/I8sPKRir594lHFeezsaA0WXHd5o.roa
Signing time:             Tue 02 Jan 2024 12:34:00 +0000
ROA not before:           Tue 02 Jan 2024 12:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209406
IP address blocks:        217.199.219.0/24 maxlen: 24
                          2a03:220:f000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a1:d7:bc:3b:9a:08:92:0e:6e:86:bd:9d:3d:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23cb0f2918abe7de251c579ecec680d165c7779a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:59:0a:06:21:81:d3:99:1d:a8:f5:31:f4:b5:
                    3b:24:74:81:08:c7:cb:e0:58:39:99:37:0e:02:0f:
                    5d:1b:3e:c0:97:eb:7e:26:d0:25:c6:2f:ad:eb:81:
                    1f:09:55:5b:63:55:af:e1:17:8e:5f:8d:71:11:9c:
                    68:b4:1b:bf:df:85:eb:b6:68:d3:c5:a3:ee:af:40:
                    a1:4f:a2:1d:03:78:9e:81:9b:1a:ae:93:fc:48:06:
                    9e:08:a5:5e:84:47:ec:42:17:c5:fc:bd:9e:73:13:
                    67:58:b6:d9:c5:f4:5e:21:12:0b:33:d3:68:9a:2f:
                    10:17:1c:84:f4:f9:22:ee:cf:86:f1:7e:a6:0d:6d:
                    d9:60:37:d0:07:d9:5d:30:88:a6:d8:7c:59:ca:e2:
                    53:a6:fb:d5:c2:84:0a:24:18:30:74:86:83:ea:0b:
                    c8:b7:9f:fd:59:1e:47:c7:37:96:1d:fd:67:56:b1:
                    39:7c:9d:f7:d3:fe:78:28:ed:2e:37:d4:ab:80:73:
                    30:f1:ee:2d:ee:72:cd:ff:2a:25:16:f1:04:9c:33:
                    9e:c7:2a:ae:a2:8b:b6:86:91:0f:32:71:7d:8a:92:
                    ea:3b:e2:f2:02:92:19:cf:6d:7e:62:9f:a8:01:6a:
                    5a:29:35:d2:36:eb:36:e1:c5:ba:5a:27:5d:0e:e1:
                    03:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:CB:0F:29:18:AB:E7:DE:25:1C:57:9E:CE:C6:80:D1:65:C7:77:9A
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/I8sPKRir594lHFeezsaA0WXHd5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.199.219.0/24
                IPv6:
                  2a03:220:f000::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:2b:e8:78:96:e1:23:03:08:eb:49:b6:49:4a:b5:82:7d:1b:
         cf:44:e8:f4:48:9d:5c:04:d3:82:5e:a1:3a:f2:ac:61:35:39:
         f9:50:96:b7:d3:e6:ad:7a:e8:46:c1:64:18:ad:17:5e:df:01:
         2c:28:0f:c8:43:16:49:ed:2c:85:09:ac:74:88:df:59:c0:19:
         06:52:6d:47:98:5f:92:cc:11:6d:19:9f:0f:b4:b0:d4:11:7e:
         b2:c0:d3:59:70:06:dc:15:5c:62:9b:54:50:db:05:99:2e:6b:
         67:ee:0b:be:17:9f:a1:75:84:fb:73:1a:73:97:e4:bc:c1:b7:
         ef:bd:c1:d1:d4:67:f6:e7:0b:e9:9a:1e:01:48:2d:85:47:72:
         03:78:54:bc:2c:a0:0c:a7:82:2f:f6:bb:21:ac:a2:60:c0:c3:
         83:4f:84:19:4d:7e:cc:ae:53:51:e8:9f:ff:fe:08:ef:b6:ad:
         af:b5:1c:97:2f:cc:31:d0:35:a3:79:b6:dc:11:92:32:db:30:
         d0:22:de:c0:f0:39:d5:09:64:e3:9e:4e:9f:a8:0f:e8:18:19:
         41:0d:ef:40:6e:63:89:88:bc:e7:f7:85:d2:a5:8e:c1:1a:86:
         bd:d7:60:33:4a:dd:49:d5:39:59:c6:a1:81:49:af:be:d1:10:
         0c:c8:4e:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKqHXvDuaCJIOboa9nT2hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2NiMGYyOTE4YWJlN2RlMjUxYzU3OWVjZWM2ODBkMTY1Yzc3NzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVkKBiGB05kdqPUx9LU7JHSBCMfL
4Fg5mTcOAg9dGz7Al+t+JtAlxi+t64EfCVVbY1Wv4ReOX41xEZxotBu/34XrtmjT
xaPur0ChT6IdA3iegZsarpP8SAaeCKVehEfsQhfF/L2ecxNnWLbZxfReIRILM9No
mi8QFxyE9Pki7s+G8X6mDW3ZYDfQB9ldMIim2HxZyuJTpvvVwoQKJBgwdIaD6gvI
t5/9WR5HxzeWHf1nVrE5fJ330/54KO0uN9SrgHMw8e4t7nLN/yolFvEEnDOexyqu
oou2hpEPMnF9ipLqO+LyApIZz21+Yp+oAWpaKTXSNus24cW6WiddDuEDhwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCPLDykYq+feJRxXns7GgNFlx3eaMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvSThzUEtSaXI1OTRsSEZlZXpzYUEwV1hIZDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2cfbMA8E
AgACMAkDBwAqAwIg8AAwDQYJKoZIhvcNAQELBQADggEBAIMr6HiW4SMDCOtJtklK
tYJ9G89E6PRInVwE04JeoTryrGE1OflQlrfT5q166EbBZBitF17fASwoD8hDFknt
LIUJrHSI31nAGQZSbUeYX5LMEW0Znw+0sNQRfrLA01lwBtwVXGKbVFDbBZkua2fu
C74Xn6F1hPtzGnOX5LzBt++9wdHUZ/bnC+maHgFILYVHcgN4VLwsoAyngi/2uyGs
omDAw4NPhBlNfsyuU1Hon//+CO+2ra+1HJcvzDHQNaN5ttwRkjLbMNAi3sDwOdUJ
ZOOeTp+oD+gYGUEN70BuY4mIvOf3hdKljsEahr3XYDNK3UnVOVnGoYFJr77REAzI
Ttk=
-----END CERTIFICATE-----