Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/8XfU5E7MzFYuypTXvbhEP083EbU.roa
File:                     8XfU5E7MzFYuypTXvbhEP083EbU.roa (raw, json)
Hash identifier:          KZJMURpvLn4dYSSHInwHzw6kwrtQ+DM/8s0mvaRLMeM=
Subject key identifier:   F1:77:D4:E4:4E:CC:CC:56:2E:CA:94:D7:BD:B8:44:3F:4F:37:11:B5
Certificate issuer:       /CN=0232a4bfb7796405a556b759f1d193e4c4d37129
Certificate serial:       018CC80178B0DE146B74B1EFCA035F151F15
Authority key identifier: 02:32:A4:BF:B7:79:64:05:A5:56:B7:59:F1:D1:93:E4:C4:D3:71:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/8XfU5E7MzFYuypTXvbhEP083EbU.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399734
IP address blocks:        217.163.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:78:b0:de:14:6b:74:b1:ef:ca:03:5f:15:1f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0232a4bfb7796405a556b759f1d193e4c4d37129
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f177d4e44ecccc562eca94d7bdb8443f4f3711b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5f:f7:a5:7d:e4:e5:ff:a3:e0:86:84:f7:64:
                    ef:d3:1f:18:f0:af:24:28:bc:0d:61:34:0c:1d:f2:
                    51:bd:ae:b2:b1:83:66:53:13:ea:f1:81:82:4e:96:
                    f2:44:3a:3c:77:c0:eb:fa:48:8e:44:e0:c7:fb:2a:
                    90:a6:02:56:bf:fb:d4:b4:e9:89:73:da:28:da:cb:
                    75:d7:5c:3e:5b:77:36:e9:6c:ce:29:69:fb:7f:31:
                    7c:e8:68:c9:80:94:82:51:4a:ca:30:12:51:be:e4:
                    d2:85:5c:aa:49:67:60:b5:e4:c7:0e:e3:a6:77:92:
                    7e:e3:bd:a2:e8:fc:86:49:b2:e3:1a:be:d7:6d:9b:
                    e1:ae:26:3c:a2:1c:db:12:79:48:e0:50:5b:fe:79:
                    59:b9:2c:5b:0f:1f:fc:e3:77:f7:7c:2b:67:e7:6f:
                    3c:a9:dd:0a:19:2b:23:a1:27:ab:55:c4:55:76:97:
                    a3:89:59:2d:06:81:56:34:dc:da:f7:83:e8:7f:70:
                    89:14:86:1f:28:2f:19:5b:6c:4e:51:ba:5d:13:82:
                    2c:b7:51:a4:7d:1f:db:5b:93:2d:59:c4:22:dd:b9:
                    b1:d5:9c:fa:78:45:a1:78:27:78:d7:9b:ee:55:cd:
                    71:53:8c:4d:8f:33:98:c9:47:28:a1:f4:dd:ae:04:
                    89:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:77:D4:E4:4E:CC:CC:56:2E:CA:94:D7:BD:B8:44:3F:4F:37:11:B5
            X509v3 Authority Key Identifier:
                keyid:02:32:A4:BF:B7:79:64:05:A5:56:B7:59:F1:D1:93:E4:C4:D3:71:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/8XfU5E7MzFYuypTXvbhEP083EbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.163.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:36:3d:88:06:f6:9b:63:0f:f4:3b:eb:e9:b7:d0:6d:fb:ec:
         6f:41:36:dc:1c:a8:61:fc:ed:bf:41:6a:91:16:65:b7:7d:95:
         f0:c7:3c:03:5a:05:ea:67:c0:a3:da:3c:8a:4a:f5:72:ee:30:
         f5:70:2e:b1:b4:a2:99:3c:6d:d8:4d:6a:c3:65:09:ab:5d:aa:
         c3:d0:3f:d7:42:e6:e6:5c:4b:e0:5a:7b:11:db:8d:9c:48:5b:
         2a:54:c6:cb:cc:c9:6e:76:cd:36:15:f1:11:6f:30:09:6c:0c:
         5c:da:4c:a9:22:98:de:63:f7:80:95:7b:60:d5:50:0b:b5:65:
         50:df:92:e5:79:e6:06:73:71:4c:1f:ce:7f:44:57:1f:6c:76:
         54:02:9e:78:85:cb:f8:a8:02:79:2b:f3:0d:2c:9f:ce:30:bd:
         ac:92:35:d1:7f:86:5d:a2:f7:2c:89:48:cb:c1:29:40:1e:27:
         f7:d1:08:38:ef:0a:77:c1:fb:6a:a9:b9:da:ea:4b:c2:f4:70:
         1c:83:bf:13:4d:15:39:0b:17:68:56:25:c9:eb:56:28:7d:c4:
         f9:b6:9b:f8:a3:9e:e8:8a:50:ad:81:13:cf:c4:2b:bd:73:ae:
         5b:be:eb:54:55:76:cc:1d:79:6d:a3:53:b2:18:5e:9a:2b:29:
         c8:7b:ad:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXiw3hRrdLHvygNfFR8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMzJhNGJmYjc3OTY0MDVhNTU2Yjc1OWYxZDE5M2U0YzRk
MzcxMjkwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTc3ZDRlNDRlY2NjYzU2MmVjYTk0ZDdiZGI4NDQzZjRmMzcxMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1/3pX3k5f+j4IaE92Tv0x8Y8K8k
KLwNYTQMHfJRva6ysYNmUxPq8YGCTpbyRDo8d8Dr+kiORODH+yqQpgJWv/vUtOmJ
c9oo2st111w+W3c26WzOKWn7fzF86GjJgJSCUUrKMBJRvuTShVyqSWdgteTHDuOm
d5J+472i6PyGSbLjGr7XbZvhriY8ohzbEnlI4FBb/nlZuSxbDx/843f3fCtn5288
qd0KGSsjoSerVcRVdpejiVktBoFWNNza94Pof3CJFIYfKC8ZW2xOUbpdE4Ist1Gk
fR/bW5MtWcQi3bmx1Zz6eEWheCd415vuVc1xU4xNjzOYyUcoofTdrgSJJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPF31OROzMxWLsqU1724RD9PNxG1MB8GA1UdIwQY
MBaAFAIypL+3eWQFpVa3WfHRk+TE03EpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWpLa3Y3ZDVaQVdsVnJkWjhkR1Q1TVRUY1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hN2NlN2EtODQ0My00NmViLThjYmEt
M2JiNGQ2MjAwNTE4LzEvOFhmVTVFN016Rll1eXBUWHZiaEVQMDgzRWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hN2NlN2EtODQ0My00NmViLThjYmEtM2JiNGQ2MjAwNTE4
LzEvQWpLa3Y3ZDVaQVdsVnJkWjhkR1Q1TVRUY1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2aN2MA0G
CSqGSIb3DQEBCwUAA4IBAQBqNj2IBvabYw/0O+vpt9Bt++xvQTbcHKhh/O2/QWqR
FmW3fZXwxzwDWgXqZ8Cj2jyKSvVy7jD1cC6xtKKZPG3YTWrDZQmrXarD0D/XQubm
XEvgWnsR242cSFsqVMbLzMluds02FfERbzAJbAxc2kypIpjeY/eAlXtg1VALtWVQ
35LleeYGc3FMH85/RFcfbHZUAp54hcv4qAJ5K/MNLJ/OML2skjXRf4ZdovcsiUjL
wSlAHif30Qg47wp3wftqqbna6kvC9HAcg78TTRU5CxdoViXJ61YofcT5tpv4o57o
ilCtgRPPxCu9c65bvutUVXbMHXlto1OyGF6aKynIe63f
-----END CERTIFICATE-----