Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/bL5J4CTVCqQOMnxuxbSYy2JrE-Q.roa
File:                     bL5J4CTVCqQOMnxuxbSYy2JrE-Q.roa (raw, json)
Hash identifier:          7M5YkqUoPzo8TBbSU5e+uV1uf2ojs6rpJT2aANMLdKU=
Subject key identifier:   6C:BE:49:E0:24:D5:0A:A4:0E:32:7C:6E:C5:B4:98:CB:62:6B:13:E4
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4938B7217100742ECE428AEDB612FFF
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/bL5J4CTVCqQOMnxuxbSYy2JrE-Q.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5418
IP address blocks:        217.170.15.0/24 maxlen: 24
                          2a02:10:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8b:72:17:10:07:42:ec:e4:28:ae:db:61:2f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cbe49e024d50aa40e327c6ec5b498cb626b13e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5b:5c:fb:a5:b8:58:fb:12:5c:74:40:6d:c3:
                    fd:a1:f8:79:cb:a5:cf:47:e1:73:d9:c1:15:cd:14:
                    14:04:14:1a:95:82:17:2e:5c:75:1a:6d:70:21:7b:
                    5f:34:2e:8c:0d:14:ac:93:f6:bd:47:ab:21:9b:50:
                    70:16:a6:d5:14:cf:d4:ab:49:0e:38:d7:38:57:cc:
                    62:e4:f3:85:04:80:1f:53:36:2d:e7:d8:a3:17:1b:
                    d4:42:b5:e9:d8:99:a3:e1:64:0a:95:70:61:a7:9b:
                    64:ec:be:da:d8:9f:43:d4:31:1e:e1:44:5b:fa:68:
                    5b:04:78:4e:5b:1c:c2:f8:6c:45:09:52:09:3c:e3:
                    53:bb:95:99:e8:19:20:50:76:ad:0c:0d:4c:ac:5d:
                    13:64:72:f0:05:20:86:ed:7c:c3:10:8a:2f:bc:2e:
                    2e:39:20:91:9c:da:dd:ea:9e:8f:3c:bb:9c:be:e0:
                    90:22:3b:2b:ac:e3:cf:27:91:52:80:0c:5b:e7:9c:
                    92:67:34:87:44:cf:96:52:8e:2d:17:34:c0:91:c4:
                    b9:9b:b6:6b:04:0b:18:72:58:c8:7d:05:92:57:43:
                    07:3c:48:27:3c:90:01:83:0c:03:44:43:ba:4b:e9:
                    7d:a1:db:51:d9:02:a5:9b:69:be:b9:e9:65:42:3c:
                    f9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:BE:49:E0:24:D5:0A:A4:0E:32:7C:6E:C5:B4:98:CB:62:6B:13:E4
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/bL5J4CTVCqQOMnxuxbSYy2JrE-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.15.0/24
                IPv6:
                  2a02:10:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:c9:1b:ae:a3:d1:92:93:49:c7:eb:1a:f4:5d:47:b8:f4:4c:
         a3:68:b7:c3:6d:83:a5:2e:ae:40:b0:88:55:ff:da:1f:fd:c3:
         c8:70:f4:57:e5:e2:4e:4f:2c:52:33:75:2d:d5:9b:b0:db:08:
         be:3a:91:b1:7b:31:c3:2e:08:6c:e6:ae:68:9c:d8:e8:a3:36:
         18:ce:f5:fa:a2:1b:de:ad:fa:a6:e2:10:e0:25:1a:bc:19:27:
         b3:6a:ca:33:5c:06:91:7b:06:8e:29:f0:13:6a:a5:ba:b1:56:
         a0:9d:fa:84:fd:6a:5c:6b:07:1d:5d:b3:c2:b2:b7:4e:6f:d8:
         d5:92:81:4d:d3:06:dc:20:7a:ce:59:c7:ab:47:a8:40:13:d0:
         3a:6b:dd:56:ab:f9:f0:aa:37:80:57:14:8c:7a:c6:85:71:d6:
         18:46:b6:eb:65:24:c4:1e:ca:72:ef:c7:85:b2:22:9e:74:55:
         60:f1:45:66:50:0e:a1:4c:23:b7:47:ff:ab:e6:3d:0b:a9:01:
         30:01:ab:c6:0f:92:7f:3c:94:00:fd:bf:b2:b0:60:5d:fc:aa:
         1f:ba:62:a3:ff:52:0a:af:90:b2:88:90:a7:87:0a:c8:c0:05:
         be:05:c7:7a:df:d9:e2:e2:9c:f4:12:02:9f:51:bb:6d:c5:ce:
         21:fb:9d:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk4tyFxAHQuzkKK7bYS//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2JlNDllMDI0ZDUwYWE0MGUzMjdjNmVjNWI0OThjYjYyNmIxM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVtc+6W4WPsSXHRAbcP9ofh5y6XP
R+Fz2cEVzRQUBBQalYIXLlx1Gm1wIXtfNC6MDRSsk/a9R6shm1BwFqbVFM/Uq0kO
ONc4V8xi5POFBIAfUzYt59ijFxvUQrXp2Jmj4WQKlXBhp5tk7L7a2J9D1DEe4URb
+mhbBHhOWxzC+GxFCVIJPONTu5WZ6BkgUHatDA1MrF0TZHLwBSCG7XzDEIovvC4u
OSCRnNrd6p6PPLucvuCQIjsrrOPPJ5FSgAxb55ySZzSHRM+WUo4tFzTAkcS5m7Zr
BAsYcljIfQWSV0MHPEgnPJABgwwDREO6S+l9odtR2QKlm2m+uellQjz5mQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGy+SeAk1QqkDjJ8bsW0mMtiaxPkMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvYkw1SjRDVFZDcVFPTW54dXhiU1l5MkpyRS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2aoPMA8E
AgACMAkDBwAqAgAQAQAwDQYJKoZIhvcNAQELBQADggEBAF7JG66j0ZKTScfrGvRd
R7j0TKNot8Ntg6UurkCwiFX/2h/9w8hw9Ffl4k5PLFIzdS3Vm7DbCL46kbF7McMu
CGzmrmic2OijNhjO9fqiG96t+qbiEOAlGrwZJ7NqyjNcBpF7Bo4p8BNqpbqxVqCd
+oT9alxrBx1ds8Kyt05v2NWSgU3TBtwges5Zx6tHqEAT0Dpr3Var+fCqN4BXFIx6
xoVx1hhGtutlJMQeynLvx4WyIp50VWDxRWZQDqFMI7dH/6vmPQupATABq8YPkn88
lAD9v7KwYF38qh+6YqP/UgqvkLKIkKeHCsjABb4Fx3rf2eLinPQSAp9Ru23FziH7
nXI=
-----END CERTIFICATE-----