Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/xeCC09-APkVgot3bZ8TLvkYxGz4.roa
File:                     xeCC09-APkVgot3bZ8TLvkYxGz4.roa (raw, json)
Hash identifier:          sCsChzvcOaPGQ9zzClwfRx8AsWAbZWQXGAakl44CtdE=
Subject key identifier:   C5:E0:82:D3:DF:80:3E:45:60:A2:DD:DB:67:C4:CB:BE:46:31:1B:3E
Certificate issuer:       /CN=c77549551405d9948c662dfe4de24de055daff5e
Certificate serial:       018CC7276D945EEDB30CD35A2EA98AC31F40
Authority key identifier: C7:75:49:55:14:05:D9:94:8C:66:2D:FE:4D:E2:4D:E0:55:DA:FF:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3VJVRQF2ZSMZi3-TeJN4FXa_14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/xeCC09-APkVgot3bZ8TLvkYxGz4.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209256
IP address blocks:        217.20.96.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/x3VJVRQF2ZSMZi3-TeJN4FXa_14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/x3VJVRQF2ZSMZi3-TeJN4FXa_14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3VJVRQF2ZSMZi3-TeJN4FXa_14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6d:94:5e:ed:b3:0c:d3:5a:2e:a9:8a:c3:1f:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c77549551405d9948c662dfe4de24de055daff5e
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5e082d3df803e4560a2dddb67c4cbbe46311b3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f4:d4:69:f2:b1:f1:88:5e:4f:f0:51:27:8d:
                    fd:4a:f1:36:8f:84:48:f4:18:7d:6b:62:c4:18:f7:
                    80:70:ab:81:63:d1:35:e6:95:5f:b6:29:68:01:fa:
                    17:94:32:46:15:e4:37:53:2d:7e:d5:6f:a3:3f:90:
                    f6:71:ec:26:b1:d6:d2:bd:6c:93:67:7e:95:60:d4:
                    b3:c2:59:21:28:77:e1:50:0c:76:fd:12:f7:c5:d0:
                    63:b3:90:1a:08:20:8c:fb:80:09:c8:cd:33:6b:09:
                    13:53:b3:29:f9:af:78:36:24:61:ea:09:04:96:31:
                    3e:74:44:22:93:4f:c8:97:67:ae:4a:1d:42:c1:18:
                    23:ab:ce:b4:3d:0c:fd:cc:66:72:53:8a:2a:0a:8f:
                    ce:28:02:30:4b:f5:53:ef:c1:c2:27:4e:94:d4:1b:
                    d5:e7:bd:b6:5d:35:35:a8:a3:55:14:a2:f4:02:95:
                    96:6e:61:7d:ca:1d:a2:a3:ec:0d:86:c9:aa:46:8b:
                    dc:ea:48:5b:f6:79:90:9c:50:6b:24:b7:b1:77:19:
                    50:d1:03:55:36:5c:0b:dd:d9:3a:54:76:82:e6:ce:
                    9c:04:25:ae:f0:45:a4:49:8c:e1:3e:ab:04:3c:ed:
                    f7:f1:f1:4d:f2:61:e8:98:c2:8b:e3:0d:96:26:b0:
                    6c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E0:82:D3:DF:80:3E:45:60:A2:DD:DB:67:C4:CB:BE:46:31:1B:3E
            X509v3 Authority Key Identifier:
                keyid:C7:75:49:55:14:05:D9:94:8C:66:2D:FE:4D:E2:4D:E0:55:DA:FF:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3VJVRQF2ZSMZi3-TeJN4FXa_14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/xeCC09-APkVgot3bZ8TLvkYxGz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/x3VJVRQF2ZSMZi3-TeJN4FXa_14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.20.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4e:bd:20:a1:b7:29:dc:af:d9:5e:de:80:fd:f2:b6:62:4a:2f:
         dc:85:4c:ee:04:b2:77:62:93:3b:33:e6:25:7f:f6:b9:76:68:
         f0:bf:70:bc:51:34:d1:9c:e9:32:c7:ac:6e:ba:07:b6:f9:f6:
         37:72:2c:97:0b:e3:b1:60:db:85:3a:3d:f5:da:71:d6:c6:2a:
         4c:ad:74:c8:27:a5:b9:ba:36:7a:a5:46:ed:7d:70:b9:22:8b:
         fa:0d:34:fe:5f:46:52:d5:b6:d3:ae:00:8b:e1:d0:ce:9c:46:
         4d:1e:4c:f2:8f:f9:5f:ba:b4:81:a8:da:a2:2c:04:25:05:72:
         e1:49:51:d2:f4:e0:68:38:8a:19:6d:9e:7f:c6:3a:2a:28:8e:
         44:15:42:f1:de:0f:1e:36:e6:d4:d4:6c:60:6b:4f:d9:bd:10:
         2d:db:7a:4f:94:44:0d:81:96:74:32:e8:34:8d:e4:58:e8:b7:
         c5:03:46:53:01:60:a6:67:91:85:c4:1e:54:15:62:ef:4b:26:
         59:93:e4:84:41:b1:a4:d3:33:fb:71:7b:b4:28:03:2d:36:05:
         ca:9d:7b:fb:c0:03:bf:41:2f:6a:77:45:52:b3:a9:0b:f8:69:
         b6:d8:05:d0:21:4b:3a:4a:23:f2:66:b6:db:51:2c:86:22:e6:
         d7:a4:32:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ22UXu2zDNNaLqmKwx9AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NzU0OTU1MTQwNWQ5OTQ4YzY2MmRmZTRkZTI0ZGUwNTVk
YWZmNWUwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWUwODJkM2RmODAzZTQ1NjBhMmRkZGI2N2M0Y2JiZTQ2MzExYjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/TUafKx8YheT/BRJ439SvE2j4RI
9Bh9a2LEGPeAcKuBY9E15pVftiloAfoXlDJGFeQ3Uy1+1W+jP5D2cewmsdbSvWyT
Z36VYNSzwlkhKHfhUAx2/RL3xdBjs5AaCCCM+4AJyM0zawkTU7Mp+a94NiRh6gkE
ljE+dEQik0/Il2euSh1CwRgjq860PQz9zGZyU4oqCo/OKAIwS/VT78HCJ06U1BvV
5722XTU1qKNVFKL0ApWWbmF9yh2io+wNhsmqRovc6khb9nmQnFBrJLexdxlQ0QNV
NlwL3dk6VHaC5s6cBCWu8EWkSYzhPqsEPO338fFN8mHomMKL4w2WJrBswQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXggtPfgD5FYKLd22fEy75GMRs+MB8GA1UdIwQY
MBaAFMd1SVUUBdmUjGYt/k3iTeBV2v9eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNWSlZSUUYyWlNNWmkzLVRlSk40RlhhXzE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC81YTQzNDEtYmM1Zi00MjQ2LTkyZWEt
MWJmNzVmNzVmYTg3LzEveGVDQzA5LUFQa1Znb3QzYlo4VEx2a1l4R3o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC81YTQzNDEtYmM1Zi00MjQ2LTkyZWEtMWJmNzVmNzVmYTg3
LzEveDNWSlZSUUYyWlNNWmkzLVRlSk40RlhhXzE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2RRgMA0G
CSqGSIb3DQEBCwUAA4IBAQBOvSChtyncr9le3oD98rZiSi/chUzuBLJ3YpM7M+Yl
f/a5dmjwv3C8UTTRnOkyx6xuuge2+fY3ciyXC+OxYNuFOj312nHWxipMrXTIJ6W5
ujZ6pUbtfXC5Iov6DTT+X0ZS1bbTrgCL4dDOnEZNHkzyj/lfurSBqNqiLAQlBXLh
SVHS9OBoOIoZbZ5/xjoqKI5EFULx3g8eNubU1Gxga0/ZvRAt23pPlEQNgZZ0Mug0
jeRY6LfFA0ZTAWCmZ5GFxB5UFWLvSyZZk+SEQbGk0zP7cXu0KAMtNgXKnXv7wAO/
QS9qd0VSs6kL+Gm22AXQIUs6SiPyZrbbUSyGIubXpDIp
-----END CERTIFICATE-----