Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/1lsllJIGemqZ89xHiZQkdlO1fKw.roa
File:                     1lsllJIGemqZ89xHiZQkdlO1fKw.roa (raw, json)
Hash identifier:          z+LS30vNnG/3Pd/eJpUiR3agQpnmviOChE1etXIcdSc=
Subject key identifier:   D6:5B:25:94:92:06:7A:6A:99:F3:DC:47:89:94:24:76:53:B5:7C:AC
Certificate issuer:       /CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
Certificate serial:       019424B40059EF630D988890D17C3CDE1ECC
Authority key identifier: 98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/1lsllJIGemqZ89xHiZQkdlO1fKw.roa
Signing time:             Thu 02 Jan 2025 01:49:23 +0000
ROA not before:           Thu 02 Jan 2025 01:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198500
IP address blocks:        217.69.96.0/20 maxlen: 20
                          2a00:5800::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b4:00:59:ef:63:0d:98:88:90:d1:7c:3c:de:1e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
        Validity
            Not Before: Jan  2 01:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d65b259492067a6a99f3dc478994247653b57cac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:bb:80:ae:db:bb:e2:30:c1:b2:28:df:b2:28:
                    56:23:19:39:6d:52:80:ea:6a:7d:0b:07:16:b4:0c:
                    19:98:3c:20:0a:e7:84:90:d2:11:88:2b:12:01:f3:
                    f3:a0:37:c0:a0:c3:0a:79:b3:3a:e2:48:10:aa:3c:
                    7b:b3:f2:76:5c:ec:f9:d6:a8:13:aa:da:f1:b9:51:
                    db:6a:55:c0:ab:28:ee:9c:d6:e3:da:24:bc:47:96:
                    d1:f2:a7:3e:31:5a:f4:11:64:5f:4f:46:64:63:07:
                    7a:4c:b8:21:c0:88:02:50:ff:21:d2:14:89:42:69:
                    e6:cb:9b:b5:78:23:b3:55:26:50:43:0f:d4:50:ba:
                    54:b8:82:4e:df:e4:11:53:b5:7b:d4:f9:85:01:c2:
                    5c:96:a6:6b:79:2e:13:f4:f4:d9:dd:3e:11:1c:f4:
                    b9:5a:b3:f5:23:12:8b:84:4e:8b:86:4a:34:25:21:
                    0d:1e:c6:ec:13:a5:f3:6e:af:05:98:72:6c:3e:68:
                    80:59:b5:3a:1c:5c:0c:28:e6:d7:51:3c:6a:84:24:
                    80:01:48:ec:8e:88:a2:1f:3f:33:8a:fc:40:49:2c:
                    79:a3:10:51:dc:d0:78:39:fe:9a:35:e9:75:14:cd:
                    93:b8:ac:38:99:75:ad:62:f6:9f:18:ff:f0:a9:7d:
                    4b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5B:25:94:92:06:7A:6A:99:F3:DC:47:89:94:24:76:53:B5:7C:AC
            X509v3 Authority Key Identifier:
                keyid:98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/1lsllJIGemqZ89xHiZQkdlO1fKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.69.96.0/20
                IPv6:
                  2a00:5800::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:8d:27:1d:6d:33:bc:1d:40:a7:e6:6b:73:4f:a7:29:9f:b8:
         48:0a:f9:a5:5a:d4:ec:05:7f:5e:8e:3e:6e:1a:4b:1e:0b:3a:
         db:9f:dc:48:ed:a0:b9:31:28:4e:95:ef:d5:3b:06:01:98:59:
         be:64:b6:a2:e1:0f:5b:2b:86:eb:30:a2:1f:4a:ef:d3:9b:10:
         ea:2b:d4:11:61:15:f6:8e:23:db:a9:85:f7:60:40:8b:d5:d1:
         c6:b1:cd:a8:22:82:3a:8a:c4:f6:c0:d1:01:7f:db:f7:a4:80:
         4d:88:15:a8:a9:a3:11:68:77:6a:84:9e:11:89:a2:e8:39:4a:
         18:09:8e:98:a4:95:ef:eb:1e:a8:c1:09:ac:0e:61:d8:a4:83:
         7d:fb:5d:55:b5:45:61:2c:42:b6:7f:e0:67:c6:8c:6b:97:29:
         82:62:0f:dc:10:94:ab:79:9f:7c:fb:13:52:c6:da:40:6d:2e:
         95:8f:21:e3:3d:a1:6c:7a:be:f2:c8:f5:7c:d1:72:a7:7d:31:
         e4:e1:c4:8c:e5:94:5c:3d:c6:42:be:06:a3:20:be:e9:e9:e8:
         6c:bf:6e:d9:9a:57:33:93:91:bc:f3:58:0a:0e:36:7f:80:58:
         06:22:ae:2d:b6:22:04:6c:4c:39:ee:ef:6d:e9:86:22:80:6d:
         a7:23:4e:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQktABZ72MNmIiQ0Xw83h7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTE4Njg3ZmRkNmZmODBmYjA5OGE5ZWVlZjA2ZGUzNzdm
ODVkNmUwHhcNMjUwMTAyMDE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjViMjU5NDkyMDY3YTZhOTlmM2RjNDc4OTk0MjQ3NjUzYjU3Y2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LuArtu74jDBsijfsihWIxk5bVKA
6mp9CwcWtAwZmDwgCueEkNIRiCsSAfPzoDfAoMMKebM64kgQqjx7s/J2XOz51qgT
qtrxuVHbalXAqyjunNbj2iS8R5bR8qc+MVr0EWRfT0ZkYwd6TLghwIgCUP8h0hSJ
Qmnmy5u1eCOzVSZQQw/UULpUuIJO3+QRU7V71PmFAcJclqZreS4T9PTZ3T4RHPS5
WrP1IxKLhE6Lhko0JSENHsbsE6Xzbq8FmHJsPmiAWbU6HFwMKObXUTxqhCSAAUjs
joiiHz8zivxASSx5oxBR3NB4Of6aNel1FM2TuKw4mXWtYvafGP/wqX1L+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNZbJZSSBnpqmfPcR4mUJHZTtXysMB8GA1UdIwQY
MBaAFJgRhof91v+A+wmKnu7wbeN3+F1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYt
NjlhZjBhNmU5ODliLzEvMWxzbGxKSUdlbXFaODl4SGlaUWtkbE8xZkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYtNjlhZjBhNmU5ODli
LzEvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2UVgMA0E
AgACMAcDBQAqAFgAMA0GCSqGSIb3DQEBCwUAA4IBAQBmjScdbTO8HUCn5mtzT6cp
n7hICvmlWtTsBX9ejj5uGkseCzrbn9xI7aC5MShOle/VOwYBmFm+ZLai4Q9bK4br
MKIfSu/TmxDqK9QRYRX2jiPbqYX3YECL1dHGsc2oIoI6isT2wNEBf9v3pIBNiBWo
qaMRaHdqhJ4RiaLoOUoYCY6YpJXv6x6owQmsDmHYpIN9+11VtUVhLEK2f+Bnxoxr
lymCYg/cEJSreZ98+xNSxtpAbS6VjyHjPaFser7yyPV80XKnfTHk4cSM5ZRcPcZC
vgajIL7p6ehsv27Zmlczk5G881gKDjZ/gFgGIq4ttiIEbEw57u9t6YYigG2nI065
-----END CERTIFICATE-----