Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/lIQeK-SbHXSpZYYjlCvFF6fPDqU.roa
File:                     lIQeK-SbHXSpZYYjlCvFF6fPDqU.roa (raw, json)
Hash identifier:          c8h6/eLfYLAQPs+1s8qkelwZiRb7y7lnNNRDSGbRheQ=
Subject key identifier:   94:84:1E:2B:E4:9B:1D:74:A9:65:86:23:94:2B:C5:17:A7:CF:0E:A5
Certificate issuer:       /CN=ea0f08d4ee1f94f984493b467bd8aca2adfa2866
Certificate serial:       018CC793608B16FB417E11FA7D567A112DA6
Authority key identifier: EA:0F:08:D4:EE:1F:94:F9:84:49:3B:46:7B:D8:AC:A2:AD:FA:28:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6g8I1O4flPmESTtGe9isoq36KGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/lIQeK-SbHXSpZYYjlCvFF6fPDqU.roa
Signing time:             Tue 02 Jan 2024 00:29:33 +0000
ROA not before:           Tue 02 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200780
IP address blocks:        217.18.221.0/24 maxlen: 24
                          217.18.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/6g8I1O4flPmESTtGe9isoq36KGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/6g8I1O4flPmESTtGe9isoq36KGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6g8I1O4flPmESTtGe9isoq36KGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:60:8b:16:fb:41:7e:11:fa:7d:56:7a:11:2d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea0f08d4ee1f94f984493b467bd8aca2adfa2866
        Validity
            Not Before: Jan  2 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94841e2be49b1d74a9658623942bc517a7cf0ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6f:dd:dd:96:ed:b7:25:74:de:eb:8e:55:b3:
                    ae:3e:2b:8c:a2:53:d0:f8:f1:63:06:c7:7e:97:61:
                    aa:a3:68:e8:5e:4d:e8:41:2e:41:71:ee:cd:08:91:
                    ed:57:d6:7f:6a:d5:d7:a6:23:ea:11:ed:48:c5:bf:
                    97:3e:ff:fa:da:1b:4e:98:79:a0:49:4c:31:87:bc:
                    6a:99:c6:d6:a2:ff:aa:e5:ca:75:2b:9a:fe:c4:58:
                    89:ab:42:c9:e4:69:43:58:8d:00:59:d1:e3:fb:2c:
                    37:c4:84:c1:be:e7:c3:17:82:94:54:fc:4f:cf:67:
                    95:6c:60:97:fb:f0:d1:1a:b4:4f:d8:2c:22:0d:ff:
                    cd:f9:69:e2:c8:cb:91:fd:67:9a:d7:04:4f:26:7e:
                    06:46:79:a8:58:7a:72:77:c4:6b:e8:65:56:aa:67:
                    99:92:3a:55:42:1d:43:31:e8:79:19:ff:67:00:37:
                    84:29:43:f3:ca:8c:15:ec:61:12:89:7c:aa:e1:57:
                    74:90:7b:79:d3:13:8a:54:87:d8:2f:1d:4f:88:0e:
                    fd:c9:dd:68:06:d9:a9:ce:a0:e7:11:5d:3a:dd:6c:
                    59:53:d8:a9:8a:69:29:04:70:b3:21:c5:a6:60:fc:
                    02:03:9e:a1:0d:0e:4b:c9:14:4f:64:c9:f7:4c:25:
                    2b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:84:1E:2B:E4:9B:1D:74:A9:65:86:23:94:2B:C5:17:A7:CF:0E:A5
            X509v3 Authority Key Identifier:
                keyid:EA:0F:08:D4:EE:1F:94:F9:84:49:3B:46:7B:D8:AC:A2:AD:FA:28:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6g8I1O4flPmESTtGe9isoq36KGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/lIQeK-SbHXSpZYYjlCvFF6fPDqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/6g8I1O4flPmESTtGe9isoq36KGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:12:2e:21:86:9b:16:b7:29:e5:75:3f:94:8f:36:d3:9d:df:
         c1:82:c3:a4:02:03:d2:c7:ea:fe:0b:ce:08:ac:70:45:b4:8c:
         49:0e:af:88:99:48:22:4b:bf:7a:c1:08:ed:27:34:fe:a5:37:
         56:fd:06:6a:40:7c:8a:c4:1a:01:42:06:2d:cd:1d:d4:9c:12:
         ff:d4:84:4e:09:55:99:23:77:5d:4f:f4:db:93:b0:61:ed:3c:
         56:f8:f0:b3:5b:df:dc:e9:2e:1a:5f:39:10:04:8c:a9:fb:6d:
         ff:a1:02:f1:27:43:af:73:c2:18:02:cc:31:df:e0:a8:f8:eb:
         51:0f:b5:72:87:c2:06:05:e5:09:e8:12:2f:4d:56:d7:ff:69:
         e8:33:e1:4b:27:40:1a:58:b2:2d:90:4d:b7:74:94:81:34:f1:
         af:26:86:be:ce:a0:3e:fc:43:c7:c4:5f:31:12:1d:e9:58:c2:
         ef:7c:13:b3:9e:96:a6:e5:38:32:ee:3a:a7:13:9a:c4:1d:b1:
         c0:1a:88:0f:f1:37:21:5b:55:83:db:af:87:e6:24:7c:3d:92:
         cb:21:5f:91:fc:19:f1:4f:5c:71:82:f8:e6:39:80:64:f5:60:
         1e:32:c4:91:91:5f:36:18:49:ef:8b:7c:45:dd:72:f3:24:eb:
         85:fd:b7:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk2CLFvtBfhH6fVZ6ES2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMGYwOGQ0ZWUxZjk0Zjk4NDQ5M2I0NjdiZDhhY2EyYWRm
YTI4NjYwHhcNMjQwMTAyMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDg0MWUyYmU0OWIxZDc0YTk2NTg2MjM5NDJiYzUxN2E3Y2YwZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkm/d3ZbttyV03uuOVbOuPiuMolPQ
+PFjBsd+l2Gqo2joXk3oQS5Bce7NCJHtV9Z/atXXpiPqEe1Ixb+XPv/62htOmHmg
SUwxh7xqmcbWov+q5cp1K5r+xFiJq0LJ5GlDWI0AWdHj+yw3xITBvufDF4KUVPxP
z2eVbGCX+/DRGrRP2CwiDf/N+WniyMuR/Wea1wRPJn4GRnmoWHpyd8Rr6GVWqmeZ
kjpVQh1DMeh5Gf9nADeEKUPzyowV7GESiXyq4Vd0kHt50xOKVIfYLx1PiA79yd1o
BtmpzqDnEV063WxZU9ipimkpBHCzIcWmYPwCA56hDQ5LyRRPZMn3TCUrBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSEHivkmx10qWWGI5QrxRenzw6lMB8GA1UdIwQY
MBaAFOoPCNTuH5T5hEk7RnvYrKKt+ihmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmc4STFPNGZsUG1FU1R0R2U5aXNvcTM2S0dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC82N2ViNDktZmYwOC00ZWE0LWJiOWUt
MmVmYjQ2MWZkNDEzLzEvbElRZUstU2JIWFNwWllZamxDdkZGNmZQRHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC82N2ViNDktZmYwOC00ZWE0LWJiOWUtMmVmYjQ2MWZkNDEz
LzEvNmc4STFPNGZsUG1FU1R0R2U5aXNvcTM2S0dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2RLcMA0G
CSqGSIb3DQEBCwUAA4IBAQBeEi4hhpsWtynldT+UjzbTnd/BgsOkAgPSx+r+C84I
rHBFtIxJDq+ImUgiS796wQjtJzT+pTdW/QZqQHyKxBoBQgYtzR3UnBL/1IROCVWZ
I3ddT/Tbk7Bh7TxW+PCzW9/c6S4aXzkQBIyp+23/oQLxJ0Ovc8IYAswx3+Co+OtR
D7Vyh8IGBeUJ6BIvTVbX/2noM+FLJ0AaWLItkE23dJSBNPGvJoa+zqA+/EPHxF8x
Eh3pWMLvfBOznpam5Tgy7jqnE5rEHbHAGogP8TchW1WD26+H5iR8PZLLIV+R/Bnx
T1xxgvjmOYBk9WAeMsSRkV82GEnvi3xF3XLzJOuF/bc7
-----END CERTIFICATE-----