Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/cfEsFaqWSPCCkOLVncTFYjEK5D0.roa
File:                     cfEsFaqWSPCCkOLVncTFYjEK5D0.roa (raw, json)
Hash identifier:          HJzhNUmj17on4T5kQbTCIy+MkbW/P6jzybbl8sYQy68=
Subject key identifier:   71:F1:2C:15:AA:96:48:F0:82:90:E2:D5:9D:C4:C5:62:31:0A:E4:3D
Certificate issuer:       /CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
Certificate serial:       018CC2DB31EAF637D7AF648C16CA75504AC3
Authority key identifier: 98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/cfEsFaqWSPCCkOLVncTFYjEK5D0.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198500
IP address blocks:        217.69.96.0/20 maxlen: 20
                          2a00:5800::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:31:ea:f6:37:d7:af:64:8c:16:ca:75:50:4a:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71f12c15aa9648f08290e2d59dc4c562310ae43d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:78:7b:6a:0a:87:c9:47:b3:80:32:17:43:03:
                    da:32:c7:d6:8d:11:c8:4d:a3:a2:df:24:c7:52:54:
                    0c:2e:e1:fd:8b:6f:a8:c8:12:29:e8:1c:7d:04:a3:
                    2c:fe:d7:38:39:83:11:d1:b6:f5:3d:60:03:ff:7d:
                    fd:de:36:ec:05:49:f2:9c:41:d5:c0:27:fe:5a:c1:
                    3a:c0:0a:5d:36:09:d4:0b:df:09:8b:58:f8:1b:ea:
                    4e:67:9c:78:3e:a2:b2:54:cc:ca:ee:79:e9:80:cc:
                    f9:43:af:e7:17:7b:98:60:d9:06:f2:3b:2f:f5:35:
                    aa:97:aa:85:55:36:1a:dc:8c:d0:09:9f:5d:a9:16:
                    4f:78:45:d2:e4:c9:b3:7a:11:c4:23:84:11:36:e8:
                    e2:41:ff:58:54:51:c7:a5:44:77:bd:0d:4d:0b:1a:
                    9d:19:d3:1d:65:b5:25:ac:df:49:90:c9:b8:48:85:
                    08:4e:3c:86:76:c0:1e:8a:cb:49:74:89:1d:63:d2:
                    3f:32:7b:32:38:f0:de:06:18:f7:97:87:63:35:bb:
                    96:94:d2:73:1f:1e:51:c5:e9:5a:12:8f:53:cf:72:
                    17:60:8b:9d:72:1c:d9:89:7d:bc:fc:23:27:3a:31:
                    0e:1e:94:ef:c7:ce:f6:74:74:14:2f:da:59:91:fb:
                    d7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:F1:2C:15:AA:96:48:F0:82:90:E2:D5:9D:C4:C5:62:31:0A:E4:3D
            X509v3 Authority Key Identifier:
                keyid:98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/cfEsFaqWSPCCkOLVncTFYjEK5D0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.69.96.0/20
                IPv6:
                  2a00:5800::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:a8:ed:0f:ee:cf:51:3f:8b:0c:04:66:51:b3:d2:12:97:79:
         9e:ba:f5:ef:7d:cc:4d:95:fc:49:51:c3:ee:47:cc:5a:87:ab:
         de:9d:9b:b1:a1:64:1a:0b:c0:5a:40:64:73:b4:21:c4:40:ed:
         02:c8:98:75:0d:f2:c2:b2:fd:13:93:a3:48:3e:f1:8b:ee:34:
         1e:49:75:a2:2f:93:9b:a8:62:a6:20:9a:de:08:4e:38:70:dd:
         15:51:e0:b6:dd:89:54:14:50:2e:f2:39:ee:1f:e3:8d:51:22:
         ef:b4:5a:df:53:be:9f:ee:92:87:9d:d2:74:cc:a4:7b:57:52:
         80:bb:5d:ea:36:01:18:01:18:4e:a8:ab:6c:57:cd:5a:c9:42:
         22:de:17:07:97:a0:ca:a8:44:2c:f6:91:ab:69:55:85:89:67:
         47:65:2e:5c:94:fd:af:cf:55:ad:53:26:51:fe:6d:17:91:bb:
         b0:69:6b:0f:77:66:e4:d3:da:63:b0:c1:32:40:1b:da:98:82:
         ce:94:90:f9:56:de:5a:25:dd:ee:6c:7c:bf:4f:c1:37:90:a3:
         5d:41:df:03:d0:c9:fb:e5:f1:bf:ff:02:76:cf:b7:b5:e9:7b:
         ee:56:44:62:71:cd:c2:8f:a2:3f:8f:e4:52:43:15:ff:1e:f7:
         c2:03:21:f1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2zHq9jfXr2SMFsp1UErDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTE4Njg3ZmRkNmZmODBmYjA5OGE5ZWVlZjA2ZGUzNzdm
ODVkNmUwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWYxMmMxNWFhOTY0OGYwODI5MGUyZDU5ZGM0YzU2MjMxMGFlNDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnh7agqHyUezgDIXQwPaMsfWjRHI
TaOi3yTHUlQMLuH9i2+oyBIp6Bx9BKMs/tc4OYMR0bb1PWAD/3393jbsBUnynEHV
wCf+WsE6wApdNgnUC98Ji1j4G+pOZ5x4PqKyVMzK7nnpgMz5Q6/nF3uYYNkG8jsv
9TWql6qFVTYa3IzQCZ9dqRZPeEXS5MmzehHEI4QRNujiQf9YVFHHpUR3vQ1NCxqd
GdMdZbUlrN9JkMm4SIUITjyGdsAeistJdIkdY9I/MnsyOPDeBhj3l4djNbuWlNJz
Hx5RxelaEo9Tz3IXYIudchzZiX28/CMnOjEOHpTvx872dHQUL9pZkfvXTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHHxLBWqlkjwgpDi1Z3ExWIxCuQ9MB8GA1UdIwQY
MBaAFJgRhof91v+A+wmKnu7wbeN3+F1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYt
NjlhZjBhNmU5ODliLzEvY2ZFc0ZhcVdTUENDa09MVm5jVEZZakVLNUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYtNjlhZjBhNmU5ODli
LzEvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2UVgMA0E
AgACMAcDBQAqAFgAMA0GCSqGSIb3DQEBCwUAA4IBAQBqqO0P7s9RP4sMBGZRs9IS
l3meuvXvfcxNlfxJUcPuR8xah6venZuxoWQaC8BaQGRztCHEQO0CyJh1DfLCsv0T
k6NIPvGL7jQeSXWiL5ObqGKmIJreCE44cN0VUeC23YlUFFAu8jnuH+ONUSLvtFrf
U76f7pKHndJ0zKR7V1KAu13qNgEYARhOqKtsV81ayUIi3hcHl6DKqEQs9pGraVWF
iWdHZS5clP2vz1WtUyZR/m0XkbuwaWsPd2bk09pjsMEyQBvamILOlJD5Vt5aJd3u
bHy/T8E3kKNdQd8D0Mn75fG//wJ2z7e16XvuVkRicc3Cj6I/j+RSQxX/HvfCAyHx
-----END CERTIFICATE-----