Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/lwZvZLSkgVgj7X6XkNT41AbBYgw.roa
File:                     lwZvZLSkgVgj7X6XkNT41AbBYgw.roa (raw, json)
Hash identifier:          5JRyBmqFqXnBgLPUfpTxyT6JhRaIVnN/w8OhXLpVl7s=
Subject key identifier:   97:06:6F:64:B4:A4:81:58:23:ED:7E:97:90:D4:F8:D4:06:C1:62:0C
Certificate issuer:       /CN=87e965e78831a88ba8fa419432a9d7bac9db38a3
Certificate serial:       018D896A834B744CF9DF544F4706AC9F4F5D
Authority key identifier: 87:E9:65:E7:88:31:A8:8B:A8:FA:41:94:32:A9:D7:BA:C9:DB:38:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h-ll54gxqIuo-kGUMqnXusnbOKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/lwZvZLSkgVgj7X6XkNT41AbBYgw.roa
Signing time:             Thu 08 Feb 2024 15:51:15 +0000
ROA not before:           Thu 08 Feb 2024 15:51:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215557
IP address blocks:        217.13.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/h-ll54gxqIuo-kGUMqnXusnbOKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/h-ll54gxqIuo-kGUMqnXusnbOKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h-ll54gxqIuo-kGUMqnXusnbOKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:89:6a:83:4b:74:4c:f9:df:54:4f:47:06:ac:9f:4f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87e965e78831a88ba8fa419432a9d7bac9db38a3
        Validity
            Not Before: Feb  8 15:51:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97066f64b4a4815823ed7e9790d4f8d406c1620c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:48:ed:2c:03:f4:85:61:47:c0:89:a3:e7:33:
                    71:32:4b:81:04:13:a7:ec:6b:91:2c:4f:21:93:33:
                    71:0d:84:7c:e0:25:49:0f:ac:3a:23:37:b3:2b:a8:
                    88:dd:58:38:50:13:b5:ee:fe:3e:77:58:20:29:9b:
                    d2:33:5c:c9:1a:1d:86:34:da:59:8e:c5:75:1b:84:
                    37:05:a6:c7:53:e9:73:0c:89:2a:8c:18:be:e0:70:
                    68:eb:51:4e:05:78:c4:be:ce:51:a9:72:06:a1:47:
                    2b:dd:ef:4f:e3:75:e9:07:d3:a0:cd:df:5e:f1:6a:
                    09:91:ba:59:21:83:75:ec:2a:96:ca:2e:21:fb:77:
                    ed:64:56:76:3c:fe:c6:c4:12:49:0e:41:f1:9b:ba:
                    f2:45:17:34:62:76:37:e9:76:da:8a:33:60:90:cb:
                    9b:cf:90:de:fd:7b:d9:34:e3:e4:91:61:e0:2d:87:
                    b3:ee:94:9e:5c:ba:15:2f:38:d3:0c:ac:c2:2c:7e:
                    07:ed:14:3a:39:ef:59:de:18:65:71:f7:2a:62:2e:
                    e4:3c:69:ca:53:b0:ab:c5:86:a9:a1:ae:2d:28:9d:
                    9c:eb:b8:f2:ce:2d:88:91:e4:91:2f:12:da:be:9c:
                    62:e4:e5:55:90:68:4e:38:52:a9:d5:e7:5c:4a:23:
                    59:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:06:6F:64:B4:A4:81:58:23:ED:7E:97:90:D4:F8:D4:06:C1:62:0C
            X509v3 Authority Key Identifier:
                keyid:87:E9:65:E7:88:31:A8:8B:A8:FA:41:94:32:A9:D7:BA:C9:DB:38:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h-ll54gxqIuo-kGUMqnXusnbOKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/lwZvZLSkgVgj7X6XkNT41AbBYgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/h-ll54gxqIuo-kGUMqnXusnbOKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.13.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:e6:fe:b4:d9:a1:e5:10:15:16:ee:16:68:25:47:ba:7c:99:
         73:e1:87:b9:a3:e3:5c:c8:80:eb:33:97:45:e8:cd:3f:ab:34:
         a7:b3:02:3c:dc:6c:68:0b:2d:65:d0:cc:e2:5b:fc:cc:2e:16:
         11:e3:b1:24:27:0e:a4:b7:b4:bb:5b:1f:0a:e1:bd:4e:fe:ce:
         5e:4a:62:d0:f1:aa:8a:3e:2f:59:cb:18:95:41:4a:7b:df:70:
         ba:01:97:c6:90:fa:02:ff:4e:78:54:04:75:07:75:41:64:30:
         8c:47:f7:ce:37:f6:a2:f0:52:35:41:55:55:56:91:39:2e:d2:
         2a:8a:0b:16:ef:c0:b6:96:c1:f4:fb:34:4d:43:40:9e:09:8d:
         8b:d8:14:24:59:f6:f0:16:76:10:22:10:75:29:cf:b2:9a:c2:
         b4:98:13:04:17:df:58:ff:31:fa:54:d8:c5:78:e2:96:e4:f5:
         b4:b7:f1:cf:aa:5b:97:26:d9:7b:77:a2:dd:22:58:83:1e:8a:
         53:e3:da:85:dd:c9:cc:00:d2:a8:34:95:df:29:24:95:fc:45:
         db:be:c8:22:01:c1:c1:df:d4:e1:fc:3b:3d:a6:8d:f6:49:86:
         4c:46:23:02:94:7a:31:ee:0c:2a:5d:2d:f1:11:f5:48:60:a2:
         c8:d1:cd:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2JaoNLdEz531RPRwasn09dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZTk2NWU3ODgzMWE4OGJhOGZhNDE5NDMyYTlkN2JhYzlk
YjM4YTMwHhcNMjQwMjA4MTU1MTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzA2NmY2NGI0YTQ4MTU4MjNlZDdlOTc5MGQ0ZjhkNDA2YzE2MjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkjtLAP0hWFHwImj5zNxMkuBBBOn
7GuRLE8hkzNxDYR84CVJD6w6IzezK6iI3Vg4UBO17v4+d1ggKZvSM1zJGh2GNNpZ
jsV1G4Q3BabHU+lzDIkqjBi+4HBo61FOBXjEvs5RqXIGoUcr3e9P43XpB9Ogzd9e
8WoJkbpZIYN17CqWyi4h+3ftZFZ2PP7GxBJJDkHxm7ryRRc0YnY36XbaijNgkMub
z5De/XvZNOPkkWHgLYez7pSeXLoVLzjTDKzCLH4H7RQ6Oe9Z3hhlcfcqYi7kPGnK
U7CrxYapoa4tKJ2c67jyzi2IkeSRLxLavpxi5OVVkGhOOFKp1edcSiNZXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcGb2S0pIFYI+1+l5DU+NQGwWIMMB8GA1UdIwQY
MBaAFIfpZeeIMaiLqPpBlDKp17rJ2zijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaC1sbDU0Z3hxSXVvLWtHVU1xblh1c25iT0tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wNTA1MzMtYTU3ZS00YThiLWJmMGQt
Y2VlM2I0OTI5MDJlLzEvbHdadlpMU2tnVmdqN1g2WGtOVDQxQWJCWWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wNTA1MzMtYTU3ZS00YThiLWJmMGQtY2VlM2I0OTI5MDJl
LzEvaC1sbDU0Z3hxSXVvLWtHVU1xblh1c25iT0tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Q1iMA0G
CSqGSIb3DQEBCwUAA4IBAQB35v602aHlEBUW7hZoJUe6fJlz4Ye5o+NcyIDrM5dF
6M0/qzSnswI83GxoCy1l0MziW/zMLhYR47EkJw6kt7S7Wx8K4b1O/s5eSmLQ8aqK
Pi9ZyxiVQUp733C6AZfGkPoC/054VAR1B3VBZDCMR/fON/ai8FI1QVVVVpE5LtIq
igsW78C2lsH0+zRNQ0CeCY2L2BQkWfbwFnYQIhB1Kc+ymsK0mBMEF99Y/zH6VNjF
eOKW5PW0t/HPqluXJtl7d6LdIliDHopT49qF3cnMANKoNJXfKSSV/EXbvsgiAcHB
39Th/Ds9po32SYZMRiMClHox7gwqXS3xEfVIYKLI0c26
-----END CERTIFICATE-----