Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/CFcGnFfXkGiI1a1CszlskMsH7oE.roa
File:                     CFcGnFfXkGiI1a1CszlskMsH7oE.roa (raw, json)
Hash identifier:          +q+LrgbagtH6UtrKajMqPnlpsVGmDtwPLgBn1DPvgtY=
Subject key identifier:   08:57:06:9C:57:D7:90:68:88:D5:AD:42:B3:39:6C:90:CB:07:EE:81
Certificate issuer:       /CN=ccbf95b47ab2b99c222bfe54521efd1ab67d267f
Certificate serial:       018D7E729776962E04287DC63B325CA0DFFB
Authority key identifier: CC:BF:95:B4:7A:B2:B9:9C:22:2B:FE:54:52:1E:FD:1A:B6:7D:26:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/CFcGnFfXkGiI1a1CszlskMsH7oE.roa
Signing time:             Tue 06 Feb 2024 12:44:15 +0000
ROA not before:           Tue 06 Feb 2024 12:44:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209838
IP address blocks:        213.170.200.0/23 maxlen: 24
                          213.170.202.0/23 maxlen: 24
                          2a03:d2c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:72:97:76:96:2e:04:28:7d:c6:3b:32:5c:a0:df:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccbf95b47ab2b99c222bfe54521efd1ab67d267f
        Validity
            Not Before: Feb  6 12:44:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0857069c57d7906888d5ad42b3396c90cb07ee81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bb:2b:2f:a5:e0:8f:b6:e8:91:a2:2d:90:0b:
                    7a:77:9b:6a:74:bc:d1:f4:f4:d2:90:9d:2a:13:8c:
                    98:79:44:21:24:fb:c6:e6:50:0d:60:ac:1a:e1:9a:
                    b5:60:23:e0:38:27:22:0f:c1:b2:e1:fd:95:bc:c1:
                    43:3e:b5:13:02:6a:f4:78:83:fc:11:43:79:f9:5c:
                    0d:b3:de:30:85:ea:6f:b1:d0:f0:9a:97:51:0c:1e:
                    a4:9b:7e:5a:19:1e:da:68:b6:54:33:8d:95:43:14:
                    0e:f5:e7:87:a2:1c:c0:25:cf:3c:9f:23:b4:bc:7a:
                    df:f9:38:5e:eb:91:fc:4e:83:64:f0:92:47:13:d0:
                    96:76:c1:47:25:14:14:1b:a9:f9:7e:f2:c2:39:5c:
                    00:7c:c0:9b:9c:02:81:90:51:c2:69:21:dd:98:33:
                    d1:c3:b3:ff:0f:0b:41:55:0c:fc:bc:4a:c6:b0:93:
                    05:01:7c:a9:74:a1:f7:98:25:ab:b9:89:73:2a:48:
                    a7:1f:3f:a4:a1:2d:1d:47:e9:10:0e:17:72:15:fb:
                    79:64:05:a2:ea:be:d3:06:57:77:a9:3c:d0:dc:8a:
                    a4:9d:37:d3:d7:6f:00:16:61:2a:49:c0:6d:e7:d5:
                    0f:60:bb:dd:04:45:70:65:f5:72:fe:a5:70:ed:cc:
                    bb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:57:06:9C:57:D7:90:68:88:D5:AD:42:B3:39:6C:90:CB:07:EE:81
            X509v3 Authority Key Identifier:
                keyid:CC:BF:95:B4:7A:B2:B9:9C:22:2B:FE:54:52:1E:FD:1A:B6:7D:26:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/CFcGnFfXkGiI1a1CszlskMsH7oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.170.200.0/22
                IPv6:
                  2a03:d2c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:99:43:e5:23:59:07:61:b7:df:a1:2a:b9:17:d2:c2:c1:0b:
         ac:21:a8:42:5a:9a:29:d9:e5:32:42:24:c0:ba:11:aa:3f:62:
         b8:4f:68:5a:c0:41:c7:62:aa:9a:45:f5:70:d8:ac:0d:2b:a9:
         9b:bb:b5:3a:dd:61:7e:93:fd:17:74:d3:dc:86:4b:19:e6:13:
         b0:87:99:4f:cb:53:f6:d6:28:a7:de:e6:76:ee:95:a7:92:69:
         fa:f4:04:c3:31:74:0d:b7:15:f2:22:c9:da:19:4c:f3:5c:32:
         b3:eb:50:8e:88:dc:9b:5d:fa:67:2b:5c:4f:0a:c9:b5:1f:d0:
         96:4f:ef:60:35:89:a9:56:36:47:69:01:b5:4d:80:c4:25:86:
         df:8b:90:37:bd:88:9d:78:06:dc:43:e4:93:8f:4a:31:75:76:
         c5:22:05:07:e2:7f:fe:01:ac:cf:40:89:1b:c0:93:ba:ee:05:
         c4:85:dc:e7:a9:b5:07:08:9a:78:c5:7b:e5:e3:a4:c8:d6:81:
         ed:55:96:13:34:29:50:d3:f7:20:4d:3f:12:e3:6a:2a:90:19:
         12:db:9d:41:74:82:f2:a9:e3:03:e8:62:9e:71:21:4f:d0:44:
         83:f6:9f:16:4f:ea:45:08:a3:02:81:c1:64:0d:dc:bc:a7:ac:
         60:5b:03:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1+cpd2li4EKH3GOzJcoN/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYmY5NWI0N2FiMmI5OWMyMjJiZmU1NDUyMWVmZDFhYjY3
ZDI2N2YwHhcNMjQwMjA2MTI0NDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU3MDY5YzU3ZDc5MDY4ODhkNWFkNDJiMzM5NmM5MGNiMDdlZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorsrL6Xgj7bokaItkAt6d5tqdLzR
9PTSkJ0qE4yYeUQhJPvG5lANYKwa4Zq1YCPgOCciD8Gy4f2VvMFDPrUTAmr0eIP8
EUN5+VwNs94whepvsdDwmpdRDB6km35aGR7aaLZUM42VQxQO9eeHohzAJc88nyO0
vHrf+The65H8ToNk8JJHE9CWdsFHJRQUG6n5fvLCOVwAfMCbnAKBkFHCaSHdmDPR
w7P/DwtBVQz8vErGsJMFAXypdKH3mCWruYlzKkinHz+koS0dR+kQDhdyFft5ZAWi
6r7TBld3qTzQ3IqknTfT128AFmEqScBt59UPYLvdBEVwZfVy/qVw7cy7VQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhXBpxX15BoiNWtQrM5bJDLB+6BMB8GA1UdIwQY
MBaAFMy/lbR6srmcIiv+VFIe/Rq2fSZ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekwtVnRIcXl1WndpS181VVVoNzlHclo5Sm44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9hMjliOTUtY2NiMy00NjdiLWFiN2Et
YWM1YjYxNDkzZTAxLzEvQ0ZjR25GZlhrR2lJMWExQ3N6bHNrTXNIN29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9hMjliOTUtY2NiMy00NjdiLWFiN2EtYWM1YjYxNDkzZTAx
LzEvekwtVnRIcXl1WndpS181VVVoNzlHclo5Sm44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC1arIMA0E
AgACMAcDBQAqA9LAMA0GCSqGSIb3DQEBCwUAA4IBAQAPmUPlI1kHYbffoSq5F9LC
wQusIahCWpop2eUyQiTAuhGqP2K4T2hawEHHYqqaRfVw2KwNK6mbu7U63WF+k/0X
dNPchksZ5hOwh5lPy1P21iin3uZ27pWnkmn69ATDMXQNtxXyIsnaGUzzXDKz61CO
iNybXfpnK1xPCsm1H9CWT+9gNYmpVjZHaQG1TYDEJYbfi5A3vYideAbcQ+STj0ox
dXbFIgUH4n/+AazPQIkbwJO67gXEhdznqbUHCJp4xXvl46TI1oHtVZYTNClQ0/cg
TT8S42oqkBkS251BdILyqeMD6GKecSFP0ESD9p8WT+pFCKMCgcFkDdy8p6xgWwOT
-----END CERTIFICATE-----