Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/p5k9eKlAzrQzgAqeNY-XV_N30e0.roa
File:                     p5k9eKlAzrQzgAqeNY-XV_N30e0.roa (raw, json)
Hash identifier:          5XTM/PiWEtizI3s6iVKa5pmQGMg8uFSrpq11o15u7Xg=
Subject key identifier:   A7:99:3D:78:A9:40:CE:B4:33:80:0A:9E:35:8F:97:57:F3:77:D1:ED
Certificate issuer:       /CN=554adb72b82ecfafc5705e25febcab5c82d76ee6
Certificate serial:       018CC94AD46F4CDECBE04B8A9B48BB09A126
Authority key identifier: 55:4A:DB:72:B8:2E:CF:AF:C5:70:5E:25:FE:BC:AB:5C:82:D7:6E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/p5k9eKlAzrQzgAqeNY-XV_N30e0.roa
Signing time:             Tue 02 Jan 2024 08:29:33 +0000
ROA not before:           Tue 02 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16297
IP address blocks:        217.118.0.0/20 maxlen: 20
                          217.118.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:d4:6f:4c:de:cb:e0:4b:8a:9b:48:bb:09:a1:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=554adb72b82ecfafc5705e25febcab5c82d76ee6
        Validity
            Not Before: Jan  2 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7993d78a940ceb433800a9e358f9757f377d1ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d0:7e:ed:56:7c:f5:d0:af:92:ca:35:79:3c:
                    bd:8e:8a:f3:3b:39:94:f5:ae:8e:2e:fe:d2:60:65:
                    6e:2f:76:d2:fb:bf:47:07:db:93:ce:35:59:a5:ee:
                    59:8e:d4:3d:77:71:30:2f:ae:20:28:85:90:fd:fa:
                    48:5e:b5:b2:d9:03:9d:5b:2e:0e:fd:30:48:c3:b3:
                    fe:d3:a4:57:c6:f3:8c:c0:d5:1e:e2:b3:45:0e:52:
                    2c:01:f8:7f:b0:0a:3d:7a:8b:45:f1:cf:1c:5f:d0:
                    87:02:5f:8c:f7:3b:7d:8b:b6:72:24:73:58:12:5a:
                    71:c7:e4:dc:03:45:8c:67:6b:5f:e5:bb:02:f6:a4:
                    9d:37:01:05:e8:7b:7c:9c:ce:66:e0:80:53:b2:00:
                    e2:44:65:4c:cf:82:e8:06:d0:2a:b7:82:19:cb:3c:
                    4f:b1:d2:93:67:d5:f6:3f:68:37:48:a4:e3:a0:e1:
                    d7:2c:aa:32:9a:17:41:cf:93:8f:3f:de:98:46:fd:
                    64:bc:4a:51:a0:84:e5:26:ff:2a:1c:02:3c:11:5b:
                    74:39:61:52:d4:fa:77:32:bd:04:e7:69:cc:da:b6:
                    3a:cc:82:a3:0f:e2:ff:7f:ab:0b:01:13:96:c2:3c:
                    d0:e2:2b:af:1d:e7:e6:a0:d4:74:a7:33:60:1a:6d:
                    ec:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:99:3D:78:A9:40:CE:B4:33:80:0A:9E:35:8F:97:57:F3:77:D1:ED
            X509v3 Authority Key Identifier:
                keyid:55:4A:DB:72:B8:2E:CF:AF:C5:70:5E:25:FE:BC:AB:5C:82:D7:6E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/p5k9eKlAzrQzgAqeNY-XV_N30e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.118.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         88:97:18:e3:74:25:9b:c1:6f:01:d8:22:72:ae:f0:e5:55:43:
         25:34:e4:49:30:a3:42:3b:87:c4:29:95:5a:3d:38:47:27:03:
         76:73:6c:2b:ea:d6:1e:a3:c0:04:79:ec:91:30:b0:42:7a:ef:
         23:95:7d:7e:2f:88:81:d6:65:83:ab:94:c4:44:f0:de:6d:c5:
         4e:71:e3:d7:a9:2d:3d:07:b9:31:b8:7e:8b:41:d9:db:a7:c5:
         db:99:ea:da:08:44:ee:1c:2f:ae:90:af:b5:82:d0:bc:05:27:
         8f:56:eb:1a:83:41:ae:c7:16:47:1b:c0:0a:ad:94:cb:06:da:
         c1:62:16:8a:35:01:77:20:9e:6d:7e:a9:75:72:79:8b:58:ef:
         76:b3:07:0a:47:89:ad:84:85:2e:a1:62:ec:3c:e1:27:2f:e9:
         eb:15:d9:65:21:ec:e3:54:fe:f3:9d:d7:3f:ce:3f:fc:f0:0d:
         eb:dc:de:0a:51:bb:4a:bd:6e:1b:85:19:f2:e1:3c:56:55:e4:
         ab:01:1f:ee:51:79:d2:2b:ee:4b:7b:89:3c:7f:4e:62:c7:21:
         75:57:94:2e:28:12:5e:18:7d:32:12:1d:1b:b2:be:4c:24:d7:
         98:b0:be:b2:91:3a:27:42:84:04:b7:94:34:83:1e:61:8c:84:
         77:41:37:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJStRvTN7L4EuKm0i7CaEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NGFkYjcyYjgyZWNmYWZjNTcwNWUyNWZlYmNhYjVjODJk
NzZlZTYwHhcNMjQwMTAyMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzk5M2Q3OGE5NDBjZWI0MzM4MDBhOWUzNThmOTc1N2YzNzdkMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtB+7VZ89dCvkso1eTy9jorzOzmU
9a6OLv7SYGVuL3bS+79HB9uTzjVZpe5ZjtQ9d3EwL64gKIWQ/fpIXrWy2QOdWy4O
/TBIw7P+06RXxvOMwNUe4rNFDlIsAfh/sAo9eotF8c8cX9CHAl+M9zt9i7ZyJHNY
Elpxx+TcA0WMZ2tf5bsC9qSdNwEF6Ht8nM5m4IBTsgDiRGVMz4LoBtAqt4IZyzxP
sdKTZ9X2P2g3SKTjoOHXLKoymhdBz5OPP96YRv1kvEpRoITlJv8qHAI8EVt0OWFS
1Pp3Mr0E52nM2rY6zIKjD+L/f6sLAROWwjzQ4iuvHefmoNR0pzNgGm3sxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeZPXipQM60M4AKnjWPl1fzd9HtMB8GA1UdIwQY
MBaAFFVK23K4Ls+vxXBeJf68q1yC127mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlVyYmNyZ3V6Nl9GY0Y0bF9yeXJYSUxYYnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi81ZTM4OTUtYWU5NS00M2UyLWI3YTEt
NzU4NjNmNDM0NzZhLzEvcDVrOWVLbEF6clF6Z0FxZU5ZLVhWX04zMGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi81ZTM4OTUtYWU5NS00M2UyLWI3YTEtNzU4NjNmNDM0NzZh
LzEvVlVyYmNyZ3V6Nl9GY0Y0bF9yeXJYSUxYYnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2XYAMA0G
CSqGSIb3DQEBCwUAA4IBAQCIlxjjdCWbwW8B2CJyrvDlVUMlNORJMKNCO4fEKZVa
PThHJwN2c2wr6tYeo8AEeeyRMLBCeu8jlX1+L4iB1mWDq5TERPDebcVOcePXqS09
B7kxuH6LQdnbp8XbmeraCETuHC+ukK+1gtC8BSePVusag0GuxxZHG8AKrZTLBtrB
YhaKNQF3IJ5tfql1cnmLWO92swcKR4mthIUuoWLsPOEnL+nrFdllIezjVP7zndc/
zj/88A3r3N4KUbtKvW4bhRny4TxWVeSrAR/uUXnSK+5Le4k8f05ixyF1V5QuKBJe
GH0yEh0bsr5MJNeYsL6ykTonQoQEt5Q0gx5hjIR3QTex
-----END CERTIFICATE-----