Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/wsvv44cgnrzfqOmIBHWPiBZXJHA.roa
File:                     wsvv44cgnrzfqOmIBHWPiBZXJHA.roa (raw, json)
Hash identifier:          CVrhBbuHHkY4ap42pYfM5+nwyZEOL9kIopRaRq0Vp4o=
Subject key identifier:   C2:CB:EF:E3:87:20:9E:BC:DF:A8:E9:88:04:75:8F:88:16:57:24:70
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93BF9CE60A9545592D4AB3CC72C2A
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/wsvv44cgnrzfqOmIBHWPiBZXJHA.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20523
IP address blocks:        217.150.128.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3b:f9:ce:60:a9:54:55:92:d4:ab:3c:c7:2c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2cbefe387209ebcdfa8e98804758f8816572470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0d:85:1b:9b:0d:9c:72:68:65:69:47:b7:83:
                    ee:ca:dd:30:71:3a:dd:87:a8:f3:b9:a1:be:04:de:
                    b0:9b:03:57:05:b1:af:b4:f9:c3:41:f7:83:c6:18:
                    2d:32:79:fc:53:e4:5c:7d:a4:dc:91:7c:cb:d4:2c:
                    85:c2:2e:23:b3:65:ec:16:14:3f:5d:76:0c:b0:1a:
                    3e:78:4d:a4:65:42:69:5b:7b:11:15:ad:f3:8e:ce:
                    4a:dd:cc:ad:ac:d6:ea:db:0a:d2:65:47:3b:10:33:
                    13:cf:e4:fe:79:34:98:89:1b:70:ba:08:7e:58:5e:
                    ac:06:86:cd:7d:a0:21:9b:83:bb:d6:40:a4:58:25:
                    2a:ab:bc:88:46:c0:03:29:ab:fa:1c:48:c3:71:a2:
                    bb:79:a0:c0:d1:ae:f1:be:69:94:b9:1f:6a:26:7c:
                    c3:ac:2f:68:97:57:47:82:db:c2:ec:08:ef:e9:8b:
                    1b:c0:65:9f:eb:4f:c8:15:89:8d:ed:13:ef:62:06:
                    9c:fb:b2:e7:95:f5:62:31:4f:7c:1f:fb:6a:e7:cb:
                    b2:e1:15:5e:b0:f5:d3:8c:17:a3:64:8b:39:59:cb:
                    18:07:e4:9b:86:b6:f3:c3:41:69:ab:d3:0a:40:14:
                    da:11:bf:61:d9:7f:78:15:f7:aa:88:b8:ea:56:84:
                    04:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:CB:EF:E3:87:20:9E:BC:DF:A8:E9:88:04:75:8F:88:16:57:24:70
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/wsvv44cgnrzfqOmIBHWPiBZXJHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.150.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6d:85:a6:d5:7d:2d:c8:0d:36:a7:0a:83:d0:b7:8c:ee:81:4b:
         18:c9:6c:91:fb:a6:6a:a3:21:26:d6:b9:29:51:01:00:c4:61:
         04:48:66:9f:a8:4c:40:73:4d:b2:75:4f:2d:70:da:f6:56:13:
         2d:75:f2:81:28:22:4a:10:e6:2b:6a:ae:cf:b7:62:80:d5:f3:
         9a:cc:31:28:ff:1b:d8:fe:31:d7:09:f4:73:a8:7b:6f:6b:99:
         4d:da:65:c5:07:24:1c:8e:83:b7:c6:b2:0b:9e:4e:cb:b9:b3:
         79:14:38:7c:1e:7d:27:df:a0:49:c8:72:73:26:1a:00:2f:85:
         2b:be:3a:7f:30:9b:77:3d:32:b7:da:66:3e:98:5f:1e:29:5d:
         05:5d:b6:da:92:7a:48:da:2f:9e:37:24:90:4a:3d:0b:9a:79:
         10:38:9c:f7:c0:ad:70:32:7d:89:42:f6:e5:64:31:b0:15:68:
         94:83:b0:75:e2:42:2a:31:0d:82:1a:25:44:d3:30:cc:74:46:
         c8:59:4c:83:90:8c:86:31:9c:f8:75:73:a2:65:b1:c0:12:cb:
         df:e4:9f:f0:61:34:c7:cc:73:34:7a:78:53:cb:de:7f:88:13:
         05:7c:42:a4:f3:b4:a3:bf:42:29:5c:33:ee:35:3c:5b:a8:7d:
         6b:e5:45:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTv5zmCpVFWS1Ks8xywqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmNiZWZlMzg3MjA5ZWJjZGZhOGU5ODgwNDc1OGY4ODE2NTcyNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw2FG5sNnHJoZWlHt4Puyt0wcTrd
h6jzuaG+BN6wmwNXBbGvtPnDQfeDxhgtMnn8U+RcfaTckXzL1CyFwi4js2XsFhQ/
XXYMsBo+eE2kZUJpW3sRFa3zjs5K3cytrNbq2wrSZUc7EDMTz+T+eTSYiRtwugh+
WF6sBobNfaAhm4O71kCkWCUqq7yIRsADKav6HEjDcaK7eaDA0a7xvmmUuR9qJnzD
rC9ol1dHgtvC7Ajv6YsbwGWf60/IFYmN7RPvYgac+7LnlfViMU98H/tq58uy4RVe
sPXTjBejZIs5WcsYB+Sbhrbzw0Fpq9MKQBTaEb9h2X94FfeqiLjqVoQERwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLL7+OHIJ6836jpiAR1j4gWVyRwMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvd3N2djQ0Y2ducnpmcU9tSUJIV1BpQlpYSkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZaAMA0G
CSqGSIb3DQEBCwUAA4IBAQBthabVfS3IDTanCoPQt4zugUsYyWyR+6ZqoyEm1rkp
UQEAxGEESGafqExAc02ydU8tcNr2VhMtdfKBKCJKEOYraq7Pt2KA1fOazDEo/xvY
/jHXCfRzqHtva5lN2mXFByQcjoO3xrILnk7LubN5FDh8Hn0n36BJyHJzJhoAL4Ur
vjp/MJt3PTK32mY+mF8eKV0FXbbaknpI2i+eNySQSj0LmnkQOJz3wK1wMn2JQvbl
ZDGwFWiUg7B14kIqMQ2CGiVE0zDMdEbIWUyDkIyGMZz4dXOiZbHAEsvf5J/wYTTH
zHM0enhTy95/iBMFfEKk87Sjv0IpXDPuNTxbqH1r5UUe
-----END CERTIFICATE-----