Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/lI8uYeiI_H3c6Bsri08e0XX9IC4.roa
File:                     lI8uYeiI_H3c6Bsri08e0XX9IC4.roa (raw, json)
Hash identifier:          anszSoDPPDch+YkSCt6ZfmNqaRlniIiDpiLv/baYmr0=
Subject key identifier:   94:8F:2E:61:E8:88:FC:7D:DC:E8:1B:2B:8B:4F:1E:D1:75:FD:20:2E
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4938CE1D2B038ECCC3D5A6EC5FFF0FA
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/lI8uYeiI_H3c6Bsri08e0XX9IC4.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25151
IP address blocks:        217.170.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 12:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8c:e1:d2:b0:38:ec:cc:3d:5a:6e:c5:ff:f0:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=948f2e61e888fc7ddce81b2b8b4f1ed175fd202e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7d:4f:cc:02:81:f6:35:54:b1:06:00:cc:80:
                    e7:9f:1d:f9:c2:7c:92:2a:b0:1f:33:a6:3f:81:af:
                    c6:15:92:37:2c:fb:31:c2:c4:89:39:c9:29:72:0e:
                    6f:ce:08:34:93:1d:51:2f:dc:ea:d3:db:24:9d:56:
                    06:15:81:18:40:66:75:3a:b2:86:64:d1:44:94:63:
                    02:54:5b:a2:57:c4:90:18:ed:d1:a6:92:6d:c3:82:
                    e9:60:46:b4:2c:6f:c9:9f:07:96:a9:dd:87:0b:f9:
                    62:97:fe:8b:85:b2:bf:bd:df:cb:2c:f2:64:00:ab:
                    66:d9:4d:93:fe:bd:54:26:82:b0:e3:1d:37:ac:0f:
                    d4:ca:32:72:29:eb:75:97:a2:92:44:51:16:c6:e1:
                    6d:47:f8:51:a3:62:e1:69:cc:22:32:e3:85:4e:97:
                    65:b7:43:f3:35:d5:4c:b2:63:37:9c:fb:ef:21:b9:
                    7d:73:aa:22:16:8f:9f:15:27:e6:64:a7:a5:af:d4:
                    ad:ba:63:14:86:c2:7e:42:80:79:21:23:ee:c9:5c:
                    3f:0f:3b:2e:02:2a:88:bf:d3:91:18:8d:32:7d:a7:
                    26:4c:d5:00:6f:cb:59:60:52:cd:a1:d6:f2:7a:67:
                    ee:2a:7c:34:2c:a0:1a:20:5c:cc:83:c6:63:90:96:
                    83:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:8F:2E:61:E8:88:FC:7D:DC:E8:1B:2B:8B:4F:1E:D1:75:FD:20:2E
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/lI8uYeiI_H3c6Bsri08e0XX9IC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:62:ba:cc:93:38:88:6e:6c:ea:36:84:11:34:2b:b0:ac:2b:
         ca:e6:8d:ef:3b:cd:b1:9c:bd:be:ae:9c:8e:42:12:a3:70:b6:
         e7:53:03:d3:26:11:51:5f:8e:1c:1c:1f:b2:f5:46:ff:d7:0e:
         bb:e1:5c:bf:b6:06:6b:9d:b5:56:38:40:86:06:cf:27:54:06:
         82:ba:00:dc:72:55:90:20:df:e0:c4:e7:32:b0:fb:a0:c5:fa:
         f4:82:ed:07:b6:cd:5d:76:15:51:3a:79:1f:1f:80:7c:a0:22:
         a4:6b:04:5c:bd:c1:4e:4e:4f:c8:42:51:6b:1f:b6:22:66:97:
         ef:40:64:90:b0:6a:be:81:5c:62:5e:85:ba:24:b1:eb:d3:e4:
         13:6e:65:09:b0:e3:df:42:40:a5:1c:ea:bc:86:a7:5e:6f:c1:
         7b:9e:35:f5:c4:9c:21:c4:c6:d1:3c:db:84:a9:21:fc:e3:0b:
         5f:cd:fc:ff:ae:15:b7:56:52:8a:ac:bd:b2:a9:4d:b4:52:7b:
         e3:84:bb:5c:01:4e:e2:f8:84:d9:05:3f:7f:35:9d:fa:7d:4c:
         96:df:85:98:15:38:8e:4a:9e:f7:3d:2c:da:99:da:8c:4a:ac:
         31:ed:42:2a:aa:3f:75:de:8e:db:48:7d:6c:19:4c:8d:14:5f:
         47:06:3f:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4zh0rA47Mw9Wm7F//D6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDhmMmU2MWU4ODhmYzdkZGNlODFiMmI4YjRmMWVkMTc1ZmQyMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj31PzAKB9jVUsQYAzIDnnx35wnyS
KrAfM6Y/ga/GFZI3LPsxwsSJOckpcg5vzgg0kx1RL9zq09sknVYGFYEYQGZ1OrKG
ZNFElGMCVFuiV8SQGO3RppJtw4LpYEa0LG/JnweWqd2HC/lil/6LhbK/vd/LLPJk
AKtm2U2T/r1UJoKw4x03rA/UyjJyKet1l6KSRFEWxuFtR/hRo2LhacwiMuOFTpdl
t0PzNdVMsmM3nPvvIbl9c6oiFo+fFSfmZKelr9StumMUhsJ+QoB5ISPuyVw/Dzsu
AiqIv9ORGI0yfacmTNUAb8tZYFLNodbyemfuKnw0LKAaIFzMg8ZjkJaDawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSPLmHoiPx93OgbK4tPHtF1/SAuMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvbEk4dVllaUlfSDNjNkJzcmkwOGUwWFg5SUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2aoCMA0G
CSqGSIb3DQEBCwUAA4IBAQBKYrrMkziIbmzqNoQRNCuwrCvK5o3vO82xnL2+rpyO
QhKjcLbnUwPTJhFRX44cHB+y9Ub/1w674Vy/tgZrnbVWOECGBs8nVAaCugDcclWQ
IN/gxOcysPugxfr0gu0Hts1ddhVROnkfH4B8oCKkawRcvcFOTk/IQlFrH7YiZpfv
QGSQsGq+gVxiXoW6JLHr0+QTbmUJsOPfQkClHOq8hqdeb8F7njX1xJwhxMbRPNuE
qSH84wtfzfz/rhW3VlKKrL2yqU20UnvjhLtcAU7i+ITZBT9/NZ36fUyW34WYFTiO
Sp73PSzamdqMSqwx7UIqqj913o7bSH1sGUyNFF9HBj8w
-----END CERTIFICATE-----