Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1c444d-058d-475c-abff-5cdfa117aec6/1/G9LJ7WhYbQAlopv8jhLixfeeuhU.roa
File:                     G9LJ7WhYbQAlopv8jhLixfeeuhU.roa (raw, json)
Hash identifier:          y+3K4RyBwihO+VMvvlObsupTLxY90ATWgGTtDunKMEE=
Subject key identifier:   1B:D2:C9:ED:68:58:6D:00:25:A2:9B:FC:8E:12:E2:C5:F7:9E:BA:15
Certificate issuer:       /CN=dd53f63f13a0c952a079f4578a10edbf6e3aa58b
Certificate serial:       018CC80157EB4803002FD67402F808C67DAD
Authority key identifier: DD:53:F6:3F:13:A0:C9:52:A0:79:F4:57:8A:10:ED:BF:6E:3A:A5:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3VP2PxOgyVKgefRXihDtv246pYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1c444d-058d-475c-abff-5cdfa117aec6/1/G9LJ7WhYbQAlopv8jhLixfeeuhU.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16314
IP address blocks:        217.116.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/1c444d-058d-475c-abff-5cdfa117aec6/1/3VP2PxOgyVKgefRXihDtv246pYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/1c444d-058d-475c-abff-5cdfa117aec6/1/3VP2PxOgyVKgefRXihDtv246pYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3VP2PxOgyVKgefRXihDtv246pYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:57:eb:48:03:00:2f:d6:74:02:f8:08:c6:7d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd53f63f13a0c952a079f4578a10edbf6e3aa58b
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bd2c9ed68586d0025a29bfc8e12e2c5f79eba15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:af:5d:87:cc:cb:25:b3:f0:f4:b5:65:70:26:
                    55:16:27:2a:12:a2:ce:98:d4:da:fc:65:4d:bc:16:
                    e4:fe:01:00:21:60:6c:44:68:72:d9:4a:94:27:ec:
                    a4:5c:08:e0:e9:12:3a:55:0f:e8:2b:1a:cb:31:41:
                    a5:59:a1:c1:a7:ea:d4:a4:c5:20:37:2a:cb:b4:53:
                    0c:b3:15:77:2c:da:2a:31:92:bd:c4:4e:d6:84:76:
                    1f:91:cd:d2:8a:09:19:ca:2b:2a:27:01:ef:31:2c:
                    66:61:39:f4:16:8c:6c:73:a7:77:33:0b:0b:95:2d:
                    de:f7:15:0d:3f:9d:04:bf:73:90:9c:02:79:79:31:
                    b9:02:96:8f:68:b7:62:e2:b2:7c:55:8a:a6:8c:1d:
                    27:05:c4:4d:83:e5:4f:4e:8a:94:29:73:4e:98:f1:
                    24:17:4e:fb:ef:2d:19:42:0f:e1:3a:e1:ab:46:cb:
                    1a:b5:40:39:60:8c:25:d3:8f:f9:10:df:63:3c:a4:
                    66:45:c1:eb:3b:c2:64:9d:c8:75:7e:99:e9:36:fe:
                    93:45:6d:e9:9d:68:46:8e:61:44:ea:78:ec:f2:73:
                    2f:19:26:96:a2:66:5a:ed:26:2c:4b:7c:69:c0:34:
                    b6:b3:03:f5:26:50:8b:48:15:a8:2b:6e:6b:ba:e8:
                    02:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D2:C9:ED:68:58:6D:00:25:A2:9B:FC:8E:12:E2:C5:F7:9E:BA:15
            X509v3 Authority Key Identifier:
                keyid:DD:53:F6:3F:13:A0:C9:52:A0:79:F4:57:8A:10:ED:BF:6E:3A:A5:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3VP2PxOgyVKgefRXihDtv246pYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1c444d-058d-475c-abff-5cdfa117aec6/1/G9LJ7WhYbQAlopv8jhLixfeeuhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1c444d-058d-475c-abff-5cdfa117aec6/1/3VP2PxOgyVKgefRXihDtv246pYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.116.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:3e:f9:b9:1b:a2:43:bb:e9:cb:c1:3e:e0:6c:cd:2b:eb:7b:
         70:81:15:46:22:16:9e:dc:e5:e0:19:50:25:9a:60:45:c0:bf:
         41:f8:d8:d0:c8:ec:7a:f3:80:d1:ed:eb:80:84:bc:15:7a:e6:
         e3:6a:a1:78:94:68:df:16:15:52:3e:b9:6a:46:37:c2:51:75:
         ca:6d:75:07:9b:d3:7d:34:f1:1a:7f:4f:92:f1:f7:91:d2:70:
         46:c1:1c:90:f9:57:fc:68:1b:23:3c:dc:74:36:b7:73:a9:6f:
         35:5d:7d:c8:59:bd:5b:1a:7c:4e:d5:8a:fe:39:8b:bf:b6:eb:
         6a:cd:9a:89:4b:06:45:84:f3:d8:7a:6b:ef:51:45:ea:8e:38:
         45:47:2b:2d:54:7b:81:6c:c2:96:c5:19:1d:5f:6f:15:e9:de:
         48:7f:e2:fa:8d:5b:e7:c7:10:30:58:f5:27:6b:db:15:cf:77:
         a4:b4:89:04:3b:ff:98:8b:94:9f:b2:fb:49:4d:a5:7c:75:ab:
         37:38:4a:a0:70:59:93:fc:73:09:14:f6:72:11:31:ab:ae:5f:
         11:fa:5e:b9:c6:9b:56:00:6f:a3:3e:ce:35:17:8e:48:46:5b:
         9d:81:29:80:1b:66:01:bb:13:e6:da:04:0b:68:95:10:56:a3:
         00:28:61:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVfrSAMAL9Z0AvgIxn2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNTNmNjNmMTNhMGM5NTJhMDc5ZjQ1NzhhMTBlZGJmNmUz
YWE1OGIwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQyYzllZDY4NTg2ZDAwMjVhMjliZmM4ZTEyZTJjNWY3OWViYTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq9dh8zLJbPw9LVlcCZVFicqEqLO
mNTa/GVNvBbk/gEAIWBsRGhy2UqUJ+ykXAjg6RI6VQ/oKxrLMUGlWaHBp+rUpMUg
NyrLtFMMsxV3LNoqMZK9xE7WhHYfkc3SigkZyisqJwHvMSxmYTn0Foxsc6d3MwsL
lS3e9xUNP50Ev3OQnAJ5eTG5ApaPaLdi4rJ8VYqmjB0nBcRNg+VPToqUKXNOmPEk
F0777y0ZQg/hOuGrRssatUA5YIwl04/5EN9jPKRmRcHrO8Jknch1fpnpNv6TRW3p
nWhGjmFE6njs8nMvGSaWomZa7SYsS3xpwDS2swP1JlCLSBWoK25ruugC0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvSye1oWG0AJaKb/I4S4sX3nroVMB8GA1UdIwQY
MBaAFN1T9j8ToMlSoHn0V4oQ7b9uOqWLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1ZQMlB4T2d5VktnZWZSWGloRHR2MjQ2cFlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xYzQ0NGQtMDU4ZC00NzVjLWFiZmYt
NWNkZmExMTdhZWM2LzEvRzlMSjdXaFliUUFsb3B2OGpoTGl4ZmVldWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xYzQ0NGQtMDU4ZC00NzVjLWFiZmYtNWNkZmExMTdhZWM2
LzEvM1ZQMlB4T2d5VktnZWZSWGloRHR2MjQ2cFlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2XRAMA0G
CSqGSIb3DQEBCwUAA4IBAQBjPvm5G6JDu+nLwT7gbM0r63twgRVGIhae3OXgGVAl
mmBFwL9B+NjQyOx684DR7euAhLwVeubjaqF4lGjfFhVSPrlqRjfCUXXKbXUHm9N9
NPEaf0+S8feR0nBGwRyQ+Vf8aBsjPNx0NrdzqW81XX3IWb1bGnxO1Yr+OYu/tutq
zZqJSwZFhPPYemvvUUXqjjhFRystVHuBbMKWxRkdX28V6d5If+L6jVvnxxAwWPUn
a9sVz3ektIkEO/+Yi5SfsvtJTaV8das3OEqgcFmT/HMJFPZyETGrrl8R+l65xptW
AG+jPs41F45IRludgSmAG2YBuxPm2gQLaJUQVqMAKGE/
-----END CERTIFICATE-----