Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/kITelxQZCK0zJ285nAb-61cYtIQ.roa
File:                     kITelxQZCK0zJ285nAb-61cYtIQ.roa (raw, json)
Hash identifier:          JZFMbIvsf/g9HL/MFMoFsW4lH7wQ5dyMef2SIs08IJM=
Subject key identifier:   90:84:DE:97:14:19:08:AD:33:27:6F:39:9C:06:FE:EB:57:18:B4:84
Certificate issuer:       /CN=9b47ee1f17c987debb2c020d8b5f2d8bdadbeb77
Certificate serial:       018CC2DB3A207D6422482D4A001E6D534E10
Authority key identifier: 9B:47:EE:1F:17:C9:87:DE:BB:2C:02:0D:8B:5F:2D:8B:DA:DB:EB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/kITelxQZCK0zJ285nAb-61cYtIQ.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        217.8.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3a:20:7d:64:22:48:2d:4a:00:1e:6d:53:4e:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b47ee1f17c987debb2c020d8b5f2d8bdadbeb77
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9084de97141908ad33276f399c06feeb5718b484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5c:14:81:85:ec:9c:8e:de:9d:1f:d7:c5:c7:
                    bf:a3:4b:f4:b4:d4:ad:06:28:09:28:12:a1:47:34:
                    45:85:bb:23:bb:b3:68:0b:27:57:83:85:96:15:1e:
                    24:b5:4f:f6:9d:39:9f:ab:56:c6:51:f0:8c:bd:ea:
                    88:3b:5b:2c:29:5d:67:91:ee:7a:3f:91:90:62:2a:
                    60:16:cc:35:24:70:88:9e:d6:f5:41:5b:ab:ad:2d:
                    f3:8f:43:fa:15:fd:14:3b:3e:bc:a6:3e:79:92:1e:
                    d1:f1:d1:e5:02:7b:e1:40:4b:20:e0:3b:ce:b2:f7:
                    6f:b3:2d:93:28:4f:06:c5:e5:21:f9:9b:fd:a2:1f:
                    1d:19:41:d5:69:f8:2f:1c:af:32:69:68:79:5a:fa:
                    be:c7:c4:41:fb:05:03:60:7f:e2:7d:91:1a:88:3c:
                    be:47:57:5a:3d:89:9a:4c:ed:18:95:6e:09:22:31:
                    46:b4:1e:cd:23:18:c8:f9:d3:5c:ad:c8:ef:fb:0f:
                    42:22:f8:ed:67:22:99:c0:bf:c1:d8:10:1a:9d:b7:
                    e4:d3:35:17:f5:41:04:47:ca:db:0c:b4:f5:7b:a7:
                    1f:94:66:6b:0e:34:0a:83:86:3b:9c:b2:23:ca:d8:
                    64:c4:ae:62:b9:08:42:dd:57:97:07:ba:f1:25:a7:
                    1b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:84:DE:97:14:19:08:AD:33:27:6F:39:9C:06:FE:EB:57:18:B4:84
            X509v3 Authority Key Identifier:
                keyid:9B:47:EE:1F:17:C9:87:DE:BB:2C:02:0D:8B:5F:2D:8B:DA:DB:EB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/kITelxQZCK0zJ285nAb-61cYtIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.8.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:c1:5c:5d:c4:0f:14:eb:36:a5:17:10:c9:0b:43:79:d8:6d:
         cd:3a:e0:42:73:0a:0a:0e:92:5c:6f:a9:69:b2:77:05:a2:e0:
         f5:24:b5:ae:af:fa:e3:77:2a:70:15:08:77:a9:3e:fc:a1:aa:
         dd:c2:9d:31:a4:82:a6:5a:5e:3f:d7:07:a6:0f:60:3b:16:65:
         c1:82:d6:6f:c3:e6:96:b7:81:6f:90:ae:c1:74:75:66:e6:bc:
         a5:01:55:d1:0a:69:79:95:d2:9f:de:df:cc:18:99:1e:ed:90:
         c6:13:00:84:1c:8b:60:1f:49:8b:6a:37:31:51:cc:ff:36:7a:
         40:5f:1a:f4:0d:3c:39:ca:f5:7e:3f:40:84:f1:09:c6:85:42:
         a3:52:47:d3:ac:01:1d:56:48:a8:53:1d:94:fd:70:e6:67:c9:
         86:ba:69:1e:59:87:63:af:6c:24:1e:48:5e:b5:d1:13:84:55:
         92:35:a2:b3:1b:27:33:df:18:6c:e7:a9:ab:7b:cb:a3:21:12:
         c7:65:4e:e2:c4:66:ea:db:11:e7:f2:13:b1:13:6f:a9:25:02:
         ec:6a:e2:10:a5:20:42:bc:a8:1d:df:96:f0:6b:e8:75:81:d3:
         04:ff:66:ad:a3:8b:88:db:19:56:2f:3f:ce:85:a4:ef:c1:52:
         ac:61:99:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zogfWQiSC1KAB5tU04QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNDdlZTFmMTdjOTg3ZGViYjJjMDIwZDhiNWYyZDhiZGFk
YmViNzcwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDg0ZGU5NzE0MTkwOGFkMzMyNzZmMzk5YzA2ZmVlYjU3MThiNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1wUgYXsnI7enR/Xxce/o0v0tNSt
BigJKBKhRzRFhbsju7NoCydXg4WWFR4ktU/2nTmfq1bGUfCMveqIO1ssKV1nke56
P5GQYipgFsw1JHCIntb1QVurrS3zj0P6Ff0UOz68pj55kh7R8dHlAnvhQEsg4DvO
svdvsy2TKE8GxeUh+Zv9oh8dGUHVafgvHK8yaWh5Wvq+x8RB+wUDYH/ifZEaiDy+
R1daPYmaTO0YlW4JIjFGtB7NIxjI+dNcrcjv+w9CIvjtZyKZwL/B2BAanbfk0zUX
9UEER8rbDLT1e6cflGZrDjQKg4Y7nLIjythkxK5iuQhC3VeXB7rxJacb7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCE3pcUGQitMydvOZwG/utXGLSEMB8GA1UdIwQY
MBaAFJtH7h8XyYfeuywCDYtfLYva2+t3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTBmdUh4ZkpoOTY3TEFJTmkxOHRpOXJiNjNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS85YjE2ZjMtMDEwMC00OTY0LTllYzkt
ZTVlYzJjYzY0N2FhLzEva0lUZWx4UVpDSzB6SjI4NW5BYi02MWNZdElRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS85YjE2ZjMtMDEwMC00OTY0LTllYzktZTVlYzJjYzY0N2Fh
LzEvbTBmdUh4ZkpoOTY3TEFJTmkxOHRpOXJiNjNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Qh2MA0G
CSqGSIb3DQEBCwUAA4IBAQBbwVxdxA8U6zalFxDJC0N52G3NOuBCcwoKDpJcb6lp
sncFouD1JLWur/rjdypwFQh3qT78oardwp0xpIKmWl4/1wemD2A7FmXBgtZvw+aW
t4FvkK7BdHVm5rylAVXRCml5ldKf3t/MGJke7ZDGEwCEHItgH0mLajcxUcz/NnpA
Xxr0DTw5yvV+P0CE8QnGhUKjUkfTrAEdVkioUx2U/XDmZ8mGumkeWYdjr2wkHkhe
tdEThFWSNaKzGycz3xhs56mre8ujIRLHZU7ixGbq2xHn8hOxE2+pJQLsauIQpSBC
vKgd35bwa+h1gdME/2ato4uI2xlWLz/OhaTvwVKsYZn8
-----END CERTIFICATE-----