Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/kQb3xYgEQ6P88Mx6RmwzAO_FqO8.roa
File:                     kQb3xYgEQ6P88Mx6RmwzAO_FqO8.roa (raw, json)
Hash identifier:          3ThCjkpB7d7ITqenxb7Nm44Wn3k0eIDgmVFwfuWHWNA=
Subject key identifier:   91:06:F7:C5:88:04:43:A3:FC:F0:CC:7A:46:6C:33:00:EF:C5:A8:EF
Certificate issuer:       /CN=554adb72b82ecfafc5705e25febcab5c82d76ee6
Certificate serial:       018CC94AD43C4A5915BA17AA37D9783D6C79
Authority key identifier: 55:4A:DB:72:B8:2E:CF:AF:C5:70:5E:25:FE:BC:AB:5C:82:D7:6E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/kQb3xYgEQ6P88Mx6RmwzAO_FqO8.roa
Signing time:             Tue 02 Jan 2024 08:29:33 +0000
ROA not before:           Tue 02 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16210
IP address blocks:        217.18.96.0/19 maxlen: 20
                          217.18.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:d4:3c:4a:59:15:ba:17:aa:37:d9:78:3d:6c:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=554adb72b82ecfafc5705e25febcab5c82d76ee6
        Validity
            Not Before: Jan  2 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9106f7c5880443a3fcf0cc7a466c3300efc5a8ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:45:79:cc:80:80:2f:27:87:f8:c0:11:30:5e:
                    14:66:26:57:26:57:e1:d4:20:aa:a9:b6:d0:56:13:
                    9e:4f:2a:cf:75:5a:0f:b1:01:2b:ef:53:a4:97:79:
                    42:35:b2:77:74:ef:d2:3c:1f:35:8f:c7:72:82:b8:
                    93:f0:1b:31:a8:ad:93:e1:e9:63:d0:4e:27:f8:01:
                    47:a7:32:38:d1:d0:99:5a:da:ff:24:5f:71:fc:65:
                    85:af:d2:49:35:7d:68:6d:fe:89:28:5f:2e:e4:67:
                    15:dc:1f:a2:93:e6:74:66:f2:bf:a5:26:ac:45:2e:
                    5b:62:32:bc:b6:d9:c0:b7:2a:de:f3:6d:d5:84:8d:
                    7e:86:0e:d7:a1:9f:0a:69:7e:64:13:49:0a:97:38:
                    2d:ee:2b:37:73:1a:05:af:b7:79:d8:1a:ff:dc:d5:
                    4b:33:56:8f:c7:cc:18:12:a7:75:33:a6:c4:8e:58:
                    36:49:ee:ca:2c:eb:33:98:be:48:e2:c7:f0:a4:44:
                    8f:5f:6f:16:c0:ba:2c:95:fb:52:0a:0d:47:c4:ab:
                    36:09:cb:29:ad:12:4d:28:1c:98:e3:b1:11:6c:8a:
                    5f:bf:0c:9e:ae:26:ba:36:bf:d0:72:51:fb:3f:c5:
                    21:2d:37:69:8a:b6:70:94:d9:f5:0e:7f:9c:1c:02:
                    8f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:06:F7:C5:88:04:43:A3:FC:F0:CC:7A:46:6C:33:00:EF:C5:A8:EF
            X509v3 Authority Key Identifier:
                keyid:55:4A:DB:72:B8:2E:CF:AF:C5:70:5E:25:FE:BC:AB:5C:82:D7:6E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/kQb3xYgEQ6P88Mx6RmwzAO_FqO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         08:e2:aa:22:4a:d8:77:d4:9f:22:4e:96:ca:77:ee:2e:f2:82:
         c0:92:84:06:33:c4:cc:23:29:cd:36:f6:03:14:3c:78:86:40:
         88:38:1c:3d:a8:f2:ad:ed:d3:de:c1:d1:9b:42:82:e1:b4:ee:
         cd:3d:32:43:b5:7c:79:dd:1a:db:47:af:5c:1c:d3:64:e5:d7:
         0a:f6:e4:d5:de:f5:d2:65:53:12:7c:92:fd:aa:e0:5a:fb:ff:
         19:76:47:dd:87:b2:02:9a:e9:44:ce:f2:51:90:83:67:90:ed:
         c7:40:d3:07:fa:ec:8e:ae:7d:fe:64:ae:21:9b:03:5b:04:9c:
         f1:8d:fd:c1:b7:b5:f7:7d:30:8b:6c:a9:80:e9:69:3a:41:e2:
         e2:96:1b:4b:f0:8d:67:c0:4a:34:dd:dd:61:25:6b:1c:94:ed:
         cf:be:2c:df:30:b4:bb:dc:aa:fd:7a:c0:de:68:f3:07:93:18:
         e2:74:82:2b:ad:63:55:80:0c:3f:ec:0d:da:cc:97:50:87:50:
         f1:c0:e3:9c:14:da:bc:df:8b:15:cf:41:d5:1f:02:50:28:af:
         6c:f2:33:c1:ac:08:44:eb:b7:97:d1:e7:46:c5:40:2f:47:f2:
         86:7b:e9:d5:00:d6:10:c6:9e:ce:95:2e:69:24:02:2c:6b:99:
         b3:13:31:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJStQ8SlkVuheqN9l4PWx5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NGFkYjcyYjgyZWNmYWZjNTcwNWUyNWZlYmNhYjVjODJk
NzZlZTYwHhcNMjQwMTAyMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA2ZjdjNTg4MDQ0M2EzZmNmMGNjN2E0NjZjMzMwMGVmYzVhOGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEV5zICALyeH+MARMF4UZiZXJlfh
1CCqqbbQVhOeTyrPdVoPsQEr71Okl3lCNbJ3dO/SPB81j8dygriT8BsxqK2T4elj
0E4n+AFHpzI40dCZWtr/JF9x/GWFr9JJNX1obf6JKF8u5GcV3B+ik+Z0ZvK/pSas
RS5bYjK8ttnAtyre823VhI1+hg7XoZ8KaX5kE0kKlzgt7is3cxoFr7d52Br/3NVL
M1aPx8wYEqd1M6bEjlg2Se7KLOszmL5I4sfwpESPX28WwLoslftSCg1HxKs2Ccsp
rRJNKByY47ERbIpfvwyeria6Nr/QclH7P8UhLTdpirZwlNn1Dn+cHAKPjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEG98WIBEOj/PDMekZsMwDvxajvMB8GA1UdIwQY
MBaAFFVK23K4Ls+vxXBeJf68q1yC127mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlVyYmNyZ3V6Nl9GY0Y0bF9yeXJYSUxYYnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi81ZTM4OTUtYWU5NS00M2UyLWI3YTEt
NzU4NjNmNDM0NzZhLzEva1FiM3hZZ0VRNlA4OE14NlJtd3pBT19GcU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi81ZTM4OTUtYWU5NS00M2UyLWI3YTEtNzU4NjNmNDM0NzZh
LzEvVlVyYmNyZ3V6Nl9GY0Y0bF9yeXJYSUxYYnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF2RJgMA0G
CSqGSIb3DQEBCwUAA4IBAQAI4qoiSth31J8iTpbKd+4u8oLAkoQGM8TMIynNNvYD
FDx4hkCIOBw9qPKt7dPewdGbQoLhtO7NPTJDtXx53RrbR69cHNNk5dcK9uTV3vXS
ZVMSfJL9quBa+/8Zdkfdh7ICmulEzvJRkINnkO3HQNMH+uyOrn3+ZK4hmwNbBJzx
jf3Bt7X3fTCLbKmA6Wk6QeLilhtL8I1nwEo03d1hJWsclO3PvizfMLS73Kr9esDe
aPMHkxjidIIrrWNVgAw/7A3azJdQh1DxwOOcFNq834sVz0HVHwJQKK9s8jPBrAhE
67eX0edGxUAvR/KGe+nVANYQxp7OlS5pJAIsa5mzEzHP
-----END CERTIFICATE-----