Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/lxESx365vJ_KpGfPw5vEvF19eHQ.roa
File:                     lxESx365vJ_KpGfPw5vEvF19eHQ.roa (raw, json)
Hash identifier:          bBgJqf9CbvF2T4+dpktIZXqmJ8kE/vDFoongBVgLSwg=
Subject key identifier:   97:11:12:C7:7E:B9:BC:9F:CA:A4:67:CF:C3:9B:C4:BC:5D:7D:78:74
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4938D2B25EF7E61B70E295EFB4B03FD
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/lxESx365vJ_KpGfPw5vEvF19eHQ.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25459
IP address blocks:        217.170.1.0/24 maxlen: 24
                          217.170.12.0/23 maxlen: 23
                          217.170.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 21:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8d:2b:25:ef:7e:61:b7:0e:29:5e:fb:4b:03:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=971112c77eb9bc9fcaa467cfc39bc4bc5d7d7874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:10:7a:f6:c5:ab:52:80:f9:1c:0e:66:8c:c6:
                    49:2e:d5:f8:da:34:45:a3:04:ae:db:30:4a:7d:09:
                    c5:11:b2:4c:c3:16:a2:44:09:27:cf:ad:71:19:39:
                    50:aa:3d:c6:d9:e7:c1:87:47:97:c9:ec:b9:bb:e7:
                    f6:dc:8b:c5:22:e4:44:f6:15:a8:2a:d0:99:ed:50:
                    02:1f:42:ba:6f:c3:92:49:d7:bd:27:b2:46:c5:44:
                    69:59:90:73:cc:11:a9:1b:d8:14:83:14:fa:7e:d1:
                    bf:08:f6:74:7e:2a:3f:da:cc:bb:80:eb:75:21:04:
                    bb:9e:f4:9a:b8:dd:d1:c4:53:1d:32:53:6a:a0:ad:
                    8b:56:20:44:c5:23:6c:5b:56:ae:b1:15:28:d6:ce:
                    a1:47:15:55:11:27:41:9d:0c:22:04:97:b4:d6:38:
                    18:f6:71:ba:30:2f:7b:18:2a:7a:e9:a5:8b:af:c4:
                    77:72:17:7e:57:e9:1f:6e:e9:94:e4:49:b1:d7:ff:
                    4d:21:24:f0:d9:d2:e5:9b:75:bc:f5:f3:10:b3:43:
                    24:c4:8c:00:12:05:7b:7a:c4:97:61:dc:89:0d:1f:
                    a2:d4:ee:fa:e3:49:8b:91:1b:80:94:34:1f:10:1e:
                    f4:2c:8e:7b:cb:ab:fa:72:05:4e:15:bf:39:b8:bf:
                    ce:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:11:12:C7:7E:B9:BC:9F:CA:A4:67:CF:C3:9B:C4:BC:5D:7D:78:74
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/lxESx365vJ_KpGfPw5vEvF19eHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.1.0/24
                  217.170.12.0-217.170.14.255

    Signature Algorithm: sha256WithRSAEncryption
         84:75:a8:e9:be:12:08:1a:1b:82:e5:3b:d7:7e:5b:d8:b4:d2:
         f6:0f:8f:69:fa:b7:99:8f:8a:ed:a6:28:50:a9:13:3f:71:11:
         28:87:91:1a:f3:dd:30:cf:c5:5e:2c:0d:17:46:2d:74:26:4a:
         90:c6:e3:c7:96:33:22:58:b5:7b:ff:05:47:22:ad:fa:00:86:
         51:e7:37:c2:99:99:99:f6:92:8e:fa:dd:35:66:6a:3e:53:84:
         a9:9a:89:d4:88:da:e8:d7:bc:d8:c4:de:ac:43:22:15:d1:6d:
         c4:13:0b:12:5a:34:65:8d:c3:8f:73:ff:02:36:90:cf:d7:69:
         4c:5e:2c:9b:50:b9:79:58:30:95:4d:99:5d:09:88:2d:ae:6c:
         05:e4:12:4d:1a:8e:1e:a0:9d:22:ed:50:fb:e5:58:3d:96:d2:
         77:49:ef:ad:26:ce:da:d4:ea:db:f1:df:a3:65:7c:0a:e3:a4:
         71:95:45:08:63:2e:65:39:4f:3e:29:fd:87:f5:20:3a:03:a0:
         cc:4e:31:b3:32:c6:5b:82:c3:ca:af:52:9c:16:c5:bd:db:d9:
         b0:36:9a:f9:35:88:33:ec:d4:22:75:27:bd:ed:67:6d:d2:e5:
         ec:b1:d7:55:91:c4:08:54:19:8c:58:a2:cb:1c:5a:d3:41:af:
         17:39:19:a6
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEk40rJe9+YbcOKV77SwP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzExMTJjNzdlYjliYzlmY2FhNDY3Y2ZjMzliYzRiYzVkN2Q3ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRB69sWrUoD5HA5mjMZJLtX42jRF
owSu2zBKfQnFEbJMwxaiRAknz61xGTlQqj3G2efBh0eXyey5u+f23IvFIuRE9hWo
KtCZ7VACH0K6b8OSSde9J7JGxURpWZBzzBGpG9gUgxT6ftG/CPZ0fio/2sy7gOt1
IQS7nvSauN3RxFMdMlNqoK2LViBExSNsW1ausRUo1s6hRxVVESdBnQwiBJe01jgY
9nG6MC97GCp66aWLr8R3chd+V+kfbumU5Emx1/9NISTw2dLlm3W89fMQs0MkxIwA
EgV7esSXYdyJDR+i1O7640mLkRuAlDQfEB70LI57y6v6cgVOFb85uL/ObQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJcREsd+ubyfyqRnz8ObxLxdfXh0MB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvbHhFU3gzNjV2Sl9LcEdmUHc1dkV2RjE5ZUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQA2aoBMAwD
BALZqgwDBADZqg4wDQYJKoZIhvcNAQELBQADggEBAIR1qOm+EggaG4LlO9d+W9i0
0vYPj2n6t5mPiu2mKFCpEz9xESiHkRrz3TDPxV4sDRdGLXQmSpDG48eWMyJYtXv/
BUcirfoAhlHnN8KZmZn2ko763TVmaj5ThKmaidSI2ujXvNjE3qxDIhXRbcQTCxJa
NGWNw49z/wI2kM/XaUxeLJtQuXlYMJVNmV0JiC2ubAXkEk0ajh6gnSLtUPvlWD2W
0ndJ760mztrU6tvx36NlfArjpHGVRQhjLmU5Tz4p/Yf1IDoDoMxOMbMyxluCw8qv
UpwWxb3b2bA2mvk1iDPs1CJ1J73tZ23S5eyx11WRxAhUGYxYosscWtNBrxc5GaY=
-----END CERTIFICATE-----