Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/f_OFJuCY4eQ5FW7OyAfBifddf8Y.roa
File:                     f_OFJuCY4eQ5FW7OyAfBifddf8Y.roa (raw, json)
Hash identifier:          hTHkOs2V8Kh5puYFuhMLgFWr44WTwu46gC5srvEIxGA=
Subject key identifier:   7F:F3:85:26:E0:98:E1:E4:39:15:6E:CE:C8:07:C1:89:F7:5D:7F:C6
Certificate issuer:       /CN=955dbebbc1070b99e4fb372117df2620038603e9
Certificate serial:       018CC2DB58F455413DBD633B28EC7C0FEE56
Authority key identifier: 95:5D:BE:BB:C1:07:0B:99:E4:FB:37:21:17:DF:26:20:03:86:03:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lV2-u8EHC5nk-zchF98mIAOGA-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/f_OFJuCY4eQ5FW7OyAfBifddf8Y.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        217.14.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lV2-u8EHC5nk-zchF98mIAOGA-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lV2-u8EHC5nk-zchF98mIAOGA-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lV2-u8EHC5nk-zchF98mIAOGA-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:f4:55:41:3d:bd:63:3b:28:ec:7c:0f:ee:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=955dbebbc1070b99e4fb372117df2620038603e9
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ff38526e098e1e439156ecec807c189f75d7fc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:57:a7:8e:51:f9:bd:56:26:87:d0:ae:2a:f6:
                    b0:19:50:6e:b6:62:46:05:29:bd:62:96:00:79:b3:
                    73:f8:7a:62:8d:61:f4:b3:c8:8d:f7:eb:ec:8d:bb:
                    b7:6e:b8:d1:d1:d0:79:81:25:be:10:44:5a:98:ba:
                    7c:67:ec:03:19:b9:66:18:ce:9e:3a:a9:f8:a9:ba:
                    d8:d6:08:87:03:f1:0f:17:d5:55:a7:79:be:da:93:
                    6c:55:78:f4:80:0f:e9:a4:a4:df:da:21:38:9e:23:
                    60:7e:22:8d:d5:6f:04:e0:27:88:43:bf:12:07:84:
                    a3:e2:3b:74:76:6b:34:37:a6:a1:a3:37:68:f7:d0:
                    61:63:61:01:12:e4:40:19:0c:57:41:cb:96:ff:79:
                    c4:ad:80:b2:d9:2f:26:6a:81:cf:5c:35:dc:b0:76:
                    aa:e2:16:0b:92:4c:3d:91:85:a2:ac:9a:10:c2:bc:
                    6b:67:db:9b:d4:2a:d7:8c:55:e6:df:c9:19:f2:f6:
                    85:7b:19:f4:89:2d:89:80:fe:09:3c:73:1d:a5:61:
                    ce:65:44:58:97:d8:ee:19:29:b3:b2:6c:06:9a:9d:
                    79:cd:5f:5e:d1:4e:9e:4e:b6:84:4a:60:5a:57:08:
                    00:41:dd:7b:bc:b0:df:71:55:d6:ed:d9:aa:0c:ee:
                    2d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F3:85:26:E0:98:E1:E4:39:15:6E:CE:C8:07:C1:89:F7:5D:7F:C6
            X509v3 Authority Key Identifier:
                keyid:95:5D:BE:BB:C1:07:0B:99:E4:FB:37:21:17:DF:26:20:03:86:03:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lV2-u8EHC5nk-zchF98mIAOGA-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/f_OFJuCY4eQ5FW7OyAfBifddf8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lV2-u8EHC5nk-zchF98mIAOGA-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.14.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:f9:55:04:7a:b6:e5:c2:49:84:17:7d:06:7a:b0:90:7d:f9:
         d4:37:e0:c0:e2:66:3d:dc:02:df:cf:ec:e0:b2:f4:6b:68:da:
         c3:6a:4b:b9:17:43:ac:36:f8:6b:da:55:55:fb:2a:33:58:23:
         72:26:41:7a:0f:a1:60:67:b7:3d:8a:3b:98:f2:00:12:8f:27:
         d2:97:d2:4c:16:4e:91:c9:5b:1d:e5:21:28:68:7d:7d:44:e1:
         cb:ac:ba:31:e1:d7:14:23:95:26:c8:93:0f:74:f6:84:ea:4c:
         0f:63:6f:e6:a4:fe:a5:57:73:c0:59:ff:59:d8:17:2b:66:54:
         b7:80:a6:f8:57:22:9e:d4:5e:5d:98:99:ce:0c:ba:37:5a:c1:
         59:32:6e:b9:3e:b5:b4:cd:b3:f2:fb:51:42:bd:04:94:d1:60:
         b1:87:3e:e3:f8:36:98:f6:02:a9:31:66:56:38:38:23:5f:21:
         9d:a2:10:a7:6c:ce:97:e6:b4:68:e9:de:19:31:4b:e1:48:35:
         e0:cc:30:b3:f5:47:be:dd:07:da:b3:85:47:7d:89:be:10:c9:
         25:a8:83:3d:c5:24:cd:b5:a1:82:69:e9:cd:93:d0:cb:96:eb:
         89:5d:75:44:e0:13:37:f0:9a:98:42:9b:74:72:7a:e6:d7:6f:
         cf:8c:66:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21j0VUE9vWM7KOx8D+5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NWRiZWJiYzEwNzBiOTllNGZiMzcyMTE3ZGYyNjIwMDM4
NjAzZTkwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmYzODUyNmUwOThlMWU0MzkxNTZlY2VjODA3YzE4OWY3NWQ3ZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlenjlH5vVYmh9CuKvawGVButmJG
BSm9YpYAebNz+HpijWH0s8iN9+vsjbu3brjR0dB5gSW+EERamLp8Z+wDGblmGM6e
Oqn4qbrY1giHA/EPF9VVp3m+2pNsVXj0gA/ppKTf2iE4niNgfiKN1W8E4CeIQ78S
B4Sj4jt0dms0N6ahozdo99BhY2EBEuRAGQxXQcuW/3nErYCy2S8maoHPXDXcsHaq
4hYLkkw9kYWirJoQwrxrZ9ub1CrXjFXm38kZ8vaFexn0iS2JgP4JPHMdpWHOZURY
l9juGSmzsmwGmp15zV9e0U6eTraESmBaVwgAQd17vLDfcVXW7dmqDO4tmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/zhSbgmOHkORVuzsgHwYn3XX/GMB8GA1UdIwQY
MBaAFJVdvrvBBwuZ5Ps3IRffJiADhgPpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFYyLXU4RUhDNW5rLXpjaEY5OG1JQU9HQS1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kZGFjMTEtMmU2My00YWFlLTk0MGYt
MDIzMjAzOTQ3ZDlkLzEvZl9PRkp1Q1k0ZVE1Rlc3T3lBZkJpZmRkZjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kZGFjMTEtMmU2My00YWFlLTk0MGYtMDIzMjAzOTQ3ZDlk
LzEvbFYyLXU4RUhDNW5rLXpjaEY5OG1JQU9HQS1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2Q54MA0G
CSqGSIb3DQEBCwUAA4IBAQAE+VUEerblwkmEF30GerCQffnUN+DA4mY93ALfz+zg
svRraNrDaku5F0OsNvhr2lVV+yozWCNyJkF6D6FgZ7c9ijuY8gASjyfSl9JMFk6R
yVsd5SEoaH19ROHLrLox4dcUI5UmyJMPdPaE6kwPY2/mpP6lV3PAWf9Z2BcrZlS3
gKb4VyKe1F5dmJnODLo3WsFZMm65PrW0zbPy+1FCvQSU0WCxhz7j+DaY9gKpMWZW
ODgjXyGdohCnbM6X5rRo6d4ZMUvhSDXgzDCz9Ue+3Qfas4VHfYm+EMklqIM9xSTN
taGCaenNk9DLluuJXXVE4BM38JqYQpt0cnrm12/PjGbD
-----END CERTIFICATE-----