Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/s2svx8nk3nn6Tw3asYIlBNUtsFk.roa
File:                     s2svx8nk3nn6Tw3asYIlBNUtsFk.roa (raw, json)
Hash identifier:          cxprHHlW/uJzN5a4LUNAj/J11sNa7bUZkJEnCh1b9rg=
Subject key identifier:   B3:6B:2F:C7:C9:E4:DE:79:FA:4F:0D:DA:B1:82:25:04:D5:2D:B0:59
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC8013467495B1E242AAD4C46FAB1A075
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/s2svx8nk3nn6Tw3asYIlBNUtsFk.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202555
IP address blocks:        217.69.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:34:67:49:5b:1e:24:2a:ad:4c:46:fa:b1:a0:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b36b2fc7c9e4de79fa4f0ddab1822504d52db059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:19:fb:86:7a:a1:45:63:77:d9:39:0a:45:c3:
                    97:fc:e4:b1:d8:b8:43:b9:fc:59:cf:d2:0a:ab:b6:
                    2c:8b:cc:e5:7c:f5:d2:ed:33:34:97:7f:c7:47:d6:
                    3b:95:ff:50:fe:3b:77:67:12:62:03:44:90:3e:9d:
                    e5:97:7e:1b:bb:75:68:c7:57:20:b0:fb:20:f6:d5:
                    1b:4b:54:50:65:c1:8e:47:3a:21:79:18:bf:72:dc:
                    f5:83:ba:b7:16:d9:21:c9:5d:e3:da:d5:2e:1e:50:
                    61:99:86:00:0b:a7:c7:25:e2:ae:a7:dd:7a:dd:65:
                    65:12:1c:46:c1:e8:77:e2:8a:e5:c5:a8:a8:2a:58:
                    8d:99:24:40:2f:e9:44:8b:40:d1:27:b8:c3:68:23:
                    31:79:b6:b6:be:40:1c:8b:91:0b:d6:5e:4f:6a:33:
                    e8:3d:19:2c:8b:d0:a7:55:fe:95:0c:45:f2:b1:06:
                    f0:43:1f:92:0c:a5:88:37:f2:d9:8d:6e:25:1d:36:
                    56:42:ad:76:e5:6f:42:1f:b5:b1:82:4a:05:c2:f7:
                    ed:1a:37:9a:22:b3:29:38:45:19:af:3b:dd:85:9f:
                    c8:2a:7a:db:86:aa:e8:9e:16:f7:d5:d5:1b:62:0c:
                    f8:c7:ae:9e:61:e0:7c:5f:ff:a6:a4:0b:73:3e:7b:
                    c3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:6B:2F:C7:C9:E4:DE:79:FA:4F:0D:DA:B1:82:25:04:D5:2D:B0:59
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/s2svx8nk3nn6Tw3asYIlBNUtsFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.69.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:d6:89:ed:66:2c:6a:97:e1:63:07:10:76:7c:47:39:3f:89:
         90:3c:57:1e:1f:04:bf:d0:c6:31:81:a4:b4:48:f3:74:33:7a:
         66:6a:7b:24:be:cc:48:cc:fc:ee:e1:6d:2a:eb:10:93:77:bc:
         8b:07:5d:a2:8c:5b:27:15:ee:79:e9:b1:9e:42:94:21:f3:9c:
         d2:95:64:48:d7:cb:85:1d:50:a1:0d:89:24:b6:a2:a7:e6:39:
         e1:17:e0:fe:48:aa:03:fb:a7:3f:d1:bf:bc:0c:7b:00:6c:74:
         dd:e2:cc:d8:fe:37:60:5d:97:66:47:55:7c:4d:63:70:07:1c:
         24:14:30:35:6e:19:ff:d5:77:63:f3:f0:0b:ab:f6:33:f2:b3:
         99:93:ec:3d:63:27:57:0a:66:68:e0:9a:01:ef:b2:eb:aa:30:
         d2:4d:59:c8:7d:cc:c4:ae:df:14:ec:94:29:bb:07:c1:5a:d0:
         15:99:ac:bf:c5:be:1c:f2:6a:3a:e4:f7:56:72:3e:e6:51:85:
         34:30:5f:ff:20:9d:08:29:1f:1a:6a:40:b9:73:ba:c6:0e:90:
         8a:4c:7e:9a:93:8c:80:11:35:7f:c9:d4:d1:fa:1d:23:93:d1:
         2f:53:ee:c8:15:31:09:fc:74:78:74:b6:20:d9:33:9a:96:15:
         bb:cf:9f:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATRnSVseJCqtTEb6saB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzZiMmZjN2M5ZTRkZTc5ZmE0ZjBkZGFiMTgyMjUwNGQ1MmRiMDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xn7hnqhRWN32TkKRcOX/OSx2LhD
ufxZz9IKq7Ysi8zlfPXS7TM0l3/HR9Y7lf9Q/jt3ZxJiA0SQPp3ll34bu3Vox1cg
sPsg9tUbS1RQZcGORzoheRi/ctz1g7q3FtkhyV3j2tUuHlBhmYYAC6fHJeKup916
3WVlEhxGweh34orlxaioKliNmSRAL+lEi0DRJ7jDaCMxeba2vkAci5EL1l5PajPo
PRksi9CnVf6VDEXysQbwQx+SDKWIN/LZjW4lHTZWQq125W9CH7WxgkoFwvftGjea
IrMpOEUZrzvdhZ/IKnrbhqronhb31dUbYgz4x66eYeB8X/+mpAtzPnvDzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNrL8fJ5N55+k8N2rGCJQTVLbBZMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvczJzdng4bmszbm42VHczYXNZSWxCTlV0c0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UVxMA0G
CSqGSIb3DQEBCwUAA4IBAQBF1ontZixql+FjBxB2fEc5P4mQPFceHwS/0MYxgaS0
SPN0M3pmanskvsxIzPzu4W0q6xCTd7yLB12ijFsnFe556bGeQpQh85zSlWRI18uF
HVChDYkktqKn5jnhF+D+SKoD+6c/0b+8DHsAbHTd4szY/jdgXZdmR1V8TWNwBxwk
FDA1bhn/1Xdj8/ALq/Yz8rOZk+w9YydXCmZo4JoB77LrqjDSTVnIfczErt8U7JQp
uwfBWtAVmay/xb4c8mo65PdWcj7mUYU0MF//IJ0IKR8aakC5c7rGDpCKTH6ak4yA
ETV/ydTR+h0jk9EvU+7IFTEJ/HR4dLYg2TOalhW7z5/z
-----END CERTIFICATE-----