Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/69YcMBP-uNr-sKiCDn2ZzRP17Go.roa
File:                     69YcMBP-uNr-sKiCDn2ZzRP17Go.roa (raw, json)
Hash identifier:          2xLxHtFSIiBSI30gDaJLdZ7j3H6ZNX6Sre5Ts5OoFeQ=
Subject key identifier:   EB:D6:1C:30:13:FE:B8:DA:FE:B0:A8:82:0E:7D:99:CD:13:F5:EC:6A
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4938F0B4E112F8CD09B12AC82B9AD65
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/69YcMBP-uNr-sKiCDn2ZzRP17Go.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35470
IP address blocks:        217.170.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8f:0b:4e:11:2f:8c:d0:9b:12:ac:82:b9:ad:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebd61c3013feb8dafeb0a8820e7d99cd13f5ec6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:24:b0:e4:51:12:cf:71:e9:41:d1:9f:ca:79:
                    b5:32:17:2e:8f:46:bd:db:94:65:a3:5a:3e:65:2b:
                    58:f1:02:e1:be:67:b5:b4:d9:d0:b0:17:ec:5f:87:
                    39:4b:b2:35:c9:f0:4d:4d:3a:6b:85:eb:c6:90:79:
                    63:f8:ba:f2:02:f4:27:dc:54:d6:ac:14:6c:7f:6d:
                    c3:0c:10:6e:c5:8e:89:d9:10:54:d3:ed:4f:18:7c:
                    f0:02:0e:b5:df:83:e4:57:e1:61:ef:bf:c5:09:6c:
                    01:4a:50:04:11:f3:9e:37:ef:cb:7f:56:d8:35:51:
                    94:76:f2:31:9d:ae:22:eb:b4:69:fe:87:8e:bc:a9:
                    fd:b5:20:3e:71:e9:66:eb:e0:c5:a4:8a:23:aa:c4:
                    d8:f0:c7:38:0f:08:0f:78:4c:bb:2d:a1:56:19:d4:
                    e9:21:b9:25:0a:87:32:92:53:ec:0c:7c:ba:74:13:
                    2e:c0:8f:5e:65:06:94:24:9c:fd:20:a3:6b:63:14:
                    da:06:53:c1:6c:64:c2:19:02:7b:a9:c9:5a:09:4e:
                    11:ed:68:8a:f9:c5:c1:a9:4b:0a:33:41:a9:d5:4e:
                    75:17:01:fc:3c:6c:6b:4a:4d:f2:23:d3:48:88:6d:
                    17:0e:aa:51:3b:62:08:aa:16:73:f0:9e:72:70:92:
                    b9:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D6:1C:30:13:FE:B8:DA:FE:B0:A8:82:0E:7D:99:CD:13:F5:EC:6A
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/69YcMBP-uNr-sKiCDn2ZzRP17Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:f8:30:dc:0d:56:78:72:ae:d2:32:2e:d0:70:79:14:3a:c6:
         d8:2f:ff:0e:38:db:34:d5:70:2e:14:95:a3:c7:23:c6:d0:bb:
         cb:b3:a1:9b:39:ce:ce:8b:7f:11:7b:b5:63:ea:e0:04:38:20:
         fa:a7:95:83:92:5a:dc:49:c4:2e:d4:02:37:02:94:6d:0a:2f:
         f8:ca:94:89:54:71:61:e7:06:64:e9:46:c4:82:55:62:ac:da:
         f7:12:e1:59:1a:a1:ab:f9:f2:a3:1c:ea:c4:c4:df:f9:0c:32:
         21:f6:60:b5:0a:64:ec:94:47:b9:74:d1:ee:20:28:be:eb:96:
         f4:47:34:e6:05:82:c1:a3:79:57:9c:72:cf:be:4b:a8:ba:1f:
         0a:2f:3a:1e:9a:e6:66:9f:71:dd:78:a0:8b:7a:a1:2d:10:67:
         52:7e:9e:6d:2b:7e:61:e9:f6:c1:ab:23:c3:de:6d:1b:15:06:
         52:d4:20:39:29:03:87:fb:86:3c:74:73:b8:20:e8:88:23:ba:
         23:e9:cd:57:bd:8a:3f:f5:43:8f:83:93:44:80:f6:a6:31:8b:
         c5:2f:1b:17:92:18:05:32:76:c4:af:ac:4d:ed:85:61:5c:eb:
         60:da:f2:38:9a:ff:9d:b3:91:e1:63:07:70:27:f2:d0:18:35:
         eb:bd:75:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk48LThEvjNCbEqyCua1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQ2MWMzMDEzZmViOGRhZmViMGE4ODIwZTdkOTljZDEzZjVlYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7SSw5FESz3HpQdGfynm1Mhcuj0a9
25Rlo1o+ZStY8QLhvme1tNnQsBfsX4c5S7I1yfBNTTprhevGkHlj+LryAvQn3FTW
rBRsf23DDBBuxY6J2RBU0+1PGHzwAg6134PkV+Fh77/FCWwBSlAEEfOeN+/Lf1bY
NVGUdvIxna4i67Rp/oeOvKn9tSA+celm6+DFpIojqsTY8Mc4DwgPeEy7LaFWGdTp
IbklCocyklPsDHy6dBMuwI9eZQaUJJz9IKNrYxTaBlPBbGTCGQJ7qclaCU4R7WiK
+cXBqUsKM0Gp1U51FwH8PGxrSk3yI9NIiG0XDqpRO2IIqhZz8J5ycJK5FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvWHDAT/rja/rCogg59mc0T9exqMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvNjlZY01CUC11TnItc0tpQ0RuMlp6UlAxN0dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2aoVMA0G
CSqGSIb3DQEBCwUAA4IBAQAV+DDcDVZ4cq7SMi7QcHkUOsbYL/8OONs01XAuFJWj
xyPG0LvLs6GbOc7Oi38Re7Vj6uAEOCD6p5WDklrcScQu1AI3ApRtCi/4ypSJVHFh
5wZk6UbEglVirNr3EuFZGqGr+fKjHOrExN/5DDIh9mC1CmTslEe5dNHuICi+65b0
RzTmBYLBo3lXnHLPvkuouh8KLzoemuZmn3HdeKCLeqEtEGdSfp5tK35h6fbBqyPD
3m0bFQZS1CA5KQOH+4Y8dHO4IOiII7oj6c1XvYo/9UOPg5NEgPamMYvFLxsXkhgF
MnbEr6xN7YVhXOtg2vI4mv+ds5HhYwdwJ/LQGDXrvXVc
-----END CERTIFICATE-----