Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/5fLniQgziIB26DOgv3LeR2U0xtE.roa
File:                     5fLniQgziIB26DOgv3LeR2U0xtE.roa (raw, json)
Hash identifier:          zllTuf0DPYCNnUrsnk38AzVGT0TECgFpNDOR0Vaty2c=
Subject key identifier:   E5:F2:E7:89:08:33:88:80:76:E8:33:A0:BF:72:DE:47:65:34:C6:D1
Certificate issuer:       /CN=68cc325c8ad9769a1b54da296305fe0c36573775
Certificate serial:       018E582D440739A175D84DCD36F2E0157EE1
Authority key identifier: 68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/5fLniQgziIB26DOgv3LeR2U0xtE.roa
Signing time:             Tue 19 Mar 2024 19:25:45 +0000
ROA not before:           Tue 19 Mar 2024 19:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199653
IP address blocks:        217.61.96.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:58:2d:44:07:39:a1:75:d8:4d:cd:36:f2:e0:15:7e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68cc325c8ad9769a1b54da296305fe0c36573775
        Validity
            Not Before: Mar 19 19:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5f2e7890833888076e833a0bf72de476534c6d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f0:75:69:aa:1f:16:2f:bd:49:1f:91:5f:37:
                    d7:2e:b0:30:e7:11:47:43:de:5d:e6:c0:e5:33:3a:
                    b8:e5:5e:8c:72:da:3f:49:54:bc:54:53:e7:0e:e1:
                    46:a8:5e:0d:dd:cd:f3:4a:fa:f3:8f:26:54:c8:de:
                    cc:74:85:28:34:9a:7e:a5:cc:ea:79:97:c4:46:c1:
                    b6:ec:1a:64:96:d4:5e:f9:e9:a1:79:48:ac:b3:38:
                    5c:bf:1c:1b:4c:fa:b5:64:2b:74:9e:0c:c3:82:5f:
                    f3:f2:0c:f1:33:56:f0:6a:66:0b:5f:79:78:bd:61:
                    e9:7d:77:b4:34:e4:cf:b6:cc:26:f8:85:7c:67:ec:
                    25:26:aa:35:17:6f:68:6d:2e:d5:df:0e:1b:6d:72:
                    10:85:54:ae:0d:3d:32:f1:78:1e:80:72:35:21:4e:
                    a6:aa:16:fc:df:c8:e9:27:15:b9:30:85:f2:b5:3e:
                    e6:a5:2e:e6:01:c0:2d:f7:93:58:37:19:b6:f2:67:
                    e4:5c:5e:f9:d0:fc:fb:7c:45:0e:74:7a:d9:83:0a:
                    af:0b:72:a3:f1:eb:7e:8e:6f:50:9e:ec:35:f0:e9:
                    b8:8e:fc:ef:99:f4:e7:ee:14:d6:05:08:f4:2b:ab:
                    b2:72:b4:0a:66:5e:6d:c0:f6:31:f6:8d:77:81:e9:
                    1c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:F2:E7:89:08:33:88:80:76:E8:33:A0:BF:72:DE:47:65:34:C6:D1
            X509v3 Authority Key Identifier:
                keyid:68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/5fLniQgziIB26DOgv3LeR2U0xtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:9f:4d:70:7f:18:86:38:b1:cf:ed:68:b1:47:c9:70:34:b7:
         d2:d8:a3:61:e9:59:c3:26:93:be:4d:11:68:02:cc:de:ed:10:
         e2:15:32:c7:c0:c3:a5:e1:48:77:5f:92:7d:75:7a:d4:f7:0b:
         e4:bc:a2:02:b5:b3:d2:3c:f5:10:93:51:f4:d1:fe:99:d5:63:
         db:92:3c:3c:c1:fe:f2:5c:76:fa:ba:87:07:aa:d4:83:fd:d8:
         c5:c9:80:bc:af:1e:ac:09:cc:b8:68:a1:c0:c1:a3:7a:24:4a:
         e8:8c:f9:9c:c7:4a:99:ac:31:e5:61:1d:49:8a:fd:78:ba:06:
         27:fd:c6:e8:c4:ff:13:f4:e3:ed:07:56:bb:a1:a6:8e:89:9e:
         e3:6f:e1:b5:05:83:ca:79:8c:2f:35:e6:4f:a0:94:b3:d6:d8:
         20:d7:5d:fe:91:b8:f5:ba:32:c3:68:36:e8:f1:b8:c9:64:96:
         94:e8:c5:1d:0f:ac:cb:fe:c3:43:5f:c0:2d:83:9c:05:80:c3:
         ec:2a:f9:d5:22:97:5f:d8:d7:8c:3a:90:1f:8a:2d:ec:29:66:
         c0:2d:e4:bd:96:8c:4e:b9:14:6b:a4:9f:69:b9:7d:67:13:7b:
         7e:f7:3f:b3:10:03:77:97:1d:c6:1f:e6:fd:b6:03:21:84:55:
         ec:f6:13:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5YLUQHOaF12E3NNvLgFX7hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2MzMjVjOGFkOTc2OWExYjU0ZGEyOTYzMDVmZTBjMzY1
NzM3NzUwHhcNMjQwMzE5MTkyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWYyZTc4OTA4MzM4ODgwNzZlODMzYTBiZjcyZGU0NzY1MzRjNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvB1aaofFi+9SR+RXzfXLrAw5xFH
Q95d5sDlMzq45V6Mcto/SVS8VFPnDuFGqF4N3c3zSvrzjyZUyN7MdIUoNJp+pczq
eZfERsG27BpkltRe+emheUisszhcvxwbTPq1ZCt0ngzDgl/z8gzxM1bwamYLX3l4
vWHpfXe0NOTPtswm+IV8Z+wlJqo1F29obS7V3w4bbXIQhVSuDT0y8XgegHI1IU6m
qhb838jpJxW5MIXytT7mpS7mAcAt95NYNxm28mfkXF750Pz7fEUOdHrZgwqvC3Kj
8et+jm9Qnuw18Om4jvzvmfTn7hTWBQj0K6uycrQKZl5twPYx9o13gekcMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXy54kIM4iAdugzoL9y3kdlNMbRMB8GA1UdIwQY
MBaAFGjMMlyK2XaaG1TaKWMF/gw2Vzd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEt
NzRjOTc5YTY1MzZlLzEvNWZMbmlRZ3ppSUIyNkRPZ3YzTGVSMlUweHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEtNzRjOTc5YTY1MzZl
LzEvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2T1gMA0G
CSqGSIb3DQEBCwUAA4IBAQAQn01wfxiGOLHP7WixR8lwNLfS2KNh6VnDJpO+TRFo
Asze7RDiFTLHwMOl4Uh3X5J9dXrU9wvkvKICtbPSPPUQk1H00f6Z1WPbkjw8wf7y
XHb6uocHqtSD/djFyYC8rx6sCcy4aKHAwaN6JErojPmcx0qZrDHlYR1Jiv14ugYn
/cboxP8T9OPtB1a7oaaOiZ7jb+G1BYPKeYwvNeZPoJSz1tgg113+kbj1ujLDaDbo
8bjJZJaU6MUdD6zL/sNDX8Atg5wFgMPsKvnVIpdf2NeMOpAfii3sKWbALeS9loxO
uRRrpJ9puX1nE3t+9z+zEAN3lx3GH+b9tgMhhFXs9hMg
-----END CERTIFICATE-----