Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/VRgYt7ZRdWAYZrqBW81BUQOUb0w.roa
File:                     VRgYt7ZRdWAYZrqBW81BUQOUb0w.roa (raw, json)
Hash identifier:          MSlZ7pUJkkKrSi7/c6yFOAISpydLYmUK3HjKU9xQZBg=
Subject key identifier:   55:18:18:B7:B6:51:75:60:18:66:BA:81:5B:CD:41:51:03:94:6F:4C
Certificate issuer:       /CN=a952d0d266557385836aab7ae3fdced4ca74ad89
Certificate serial:       018CC64B10932DDAFD9A9F286047FC6288BB
Authority key identifier: A9:52:D0:D2:66:55:73:85:83:6A:AB:7A:E3:FD:CE:D4:CA:74:AD:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/VRgYt7ZRdWAYZrqBW81BUQOUb0w.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216139
IP address blocks:        217.144.102.0/24 maxlen: 24
                          2a03:80c0:abba::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:10:93:2d:da:fd:9a:9f:28:60:47:fc:62:88:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a952d0d266557385836aab7ae3fdced4ca74ad89
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=551818b7b65175601866ba815bcd415103946f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6e:39:61:22:a1:e8:15:27:b7:22:39:85:35:
                    44:df:2d:16:ab:b1:5b:99:ef:d7:34:a6:0f:1f:12:
                    45:d4:c2:09:e7:a7:cb:9f:d6:e3:d1:49:ba:42:0a:
                    61:7a:fc:f2:8a:8b:37:59:84:86:7f:60:0d:0a:1c:
                    08:7c:90:c5:c5:86:d2:45:74:0e:63:90:e5:11:78:
                    ab:4f:da:ab:ee:cb:8a:b9:52:ed:37:3d:a7:d0:b0:
                    0a:2b:82:84:9b:2a:c2:2f:d2:04:ae:05:43:e8:92:
                    d4:5e:e9:8a:79:20:5e:26:9b:99:a4:26:38:a6:47:
                    df:f6:72:8b:d2:be:1b:eb:c5:67:15:0a:80:0d:00:
                    2e:d6:21:8b:d2:21:a7:1a:4a:8d:1e:a5:8e:fc:25:
                    2a:d4:5c:ca:2a:ea:b4:c0:f6:96:0e:37:46:b5:76:
                    0f:69:38:0b:55:2e:99:b4:71:d7:be:af:51:e5:85:
                    cd:d0:d8:a0:fb:f8:c1:82:01:b4:33:62:84:01:6a:
                    26:4d:8b:f4:97:bf:dd:c2:55:08:ae:83:fa:1b:1d:
                    1f:b3:d9:5b:45:d4:93:a7:31:c5:fb:16:75:16:7f:
                    2c:9b:b1:da:a0:c6:bf:b5:0d:90:41:fc:80:f8:7b:
                    64:df:db:05:9b:13:65:b1:ac:66:8c:af:6c:7f:6b:
                    1e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:18:18:B7:B6:51:75:60:18:66:BA:81:5B:CD:41:51:03:94:6F:4C
            X509v3 Authority Key Identifier:
                keyid:A9:52:D0:D2:66:55:73:85:83:6A:AB:7A:E3:FD:CE:D4:CA:74:AD:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/VRgYt7ZRdWAYZrqBW81BUQOUb0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.102.0/24
                IPv6:
                  2a03:80c0:abba::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:13:ea:20:a2:4e:87:53:f5:11:43:fa:ad:5c:70:c9:ad:8f:
         e5:e1:94:00:04:df:e5:e3:8e:90:8b:b6:95:9b:d3:a1:92:81:
         7b:6c:5b:de:90:cc:52:3f:05:4f:cd:12:b3:ba:4e:67:0d:1d:
         88:0b:75:4f:0a:7e:0f:62:de:ab:36:59:e2:3c:78:fa:14:68:
         f5:07:14:2b:80:dd:15:63:9d:33:57:7d:86:e8:e4:a0:ad:4a:
         26:e7:b9:ff:20:b1:b6:76:f4:74:6d:18:c5:73:c7:d6:65:17:
         02:73:f7:92:fe:db:9b:f9:38:53:38:08:e2:f3:73:17:40:1f:
         65:89:1e:4f:c1:6e:45:ed:51:c5:51:0e:41:0e:2e:12:01:a6:
         90:a4:47:ba:59:32:0e:cd:6b:8c:9a:bd:97:59:2e:0b:12:13:
         46:01:97:86:e4:31:1c:21:ae:2b:1f:d2:8e:cc:e6:4e:1f:cf:
         72:a6:ac:b6:59:aa:af:36:6c:e1:87:ec:a3:56:d8:be:1e:43:
         2f:c3:cc:19:dc:39:b1:eb:00:89:e1:30:6d:e8:a8:2e:e3:44:
         fc:9e:ac:c4:ca:b6:1d:43:2e:d2:fe:10:41:f2:3c:6c:60:83:
         c3:60:77:62:f8:39:fb:5e:04:c5:d3:d9:a4:72:be:f7:30:0b:
         85:48:fa:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSxCTLdr9mp8oYEf8Yoi7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NTJkMGQyNjY1NTczODU4MzZhYWI3YWUzZmRjZWQ0Y2E3
NGFkODkwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTE4MThiN2I2NTE3NTYwMTg2NmJhODE1YmNkNDE1MTAzOTQ2ZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim45YSKh6BUntyI5hTVE3y0Wq7Fb
me/XNKYPHxJF1MIJ56fLn9bj0Um6Qgphevzyios3WYSGf2ANChwIfJDFxYbSRXQO
Y5DlEXirT9qr7suKuVLtNz2n0LAKK4KEmyrCL9IErgVD6JLUXumKeSBeJpuZpCY4
pkff9nKL0r4b68VnFQqADQAu1iGL0iGnGkqNHqWO/CUq1FzKKuq0wPaWDjdGtXYP
aTgLVS6ZtHHXvq9R5YXN0Nig+/jBggG0M2KEAWomTYv0l7/dwlUIroP6Gx0fs9lb
RdSTpzHF+xZ1Fn8sm7HaoMa/tQ2QQfyA+Htk39sFmxNlsaxmjK9sf2selwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFUYGLe2UXVgGGa6gVvNQVEDlG9MMB8GA1UdIwQY
MBaAFKlS0NJmVXOFg2qreuP9ztTKdK2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVZMUTBtWlZjNFdEYXF0NjRfM08xTXAwcllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8yNzBhOTEtY2JmZC00NTAzLWI5NjAt
NGMyMWE1MDVmMzQ2LzEvVlJnWXQ3WlJkV0FZWnJxQlc4MUJVUU9VYjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8yNzBhOTEtY2JmZC00NTAzLWI5NjAtNGMyMWE1MDVmMzQ2
LzEvcVZMUTBtWlZjNFdEYXF0NjRfM08xTXAwcllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2ZBmMA8E
AgACMAkDBwAqA4DAq7owDQYJKoZIhvcNAQELBQADggEBADUT6iCiTodT9RFD+q1c
cMmtj+XhlAAE3+XjjpCLtpWb06GSgXtsW96QzFI/BU/NErO6TmcNHYgLdU8Kfg9i
3qs2WeI8ePoUaPUHFCuA3RVjnTNXfYbo5KCtSibnuf8gsbZ29HRtGMVzx9ZlFwJz
95L+25v5OFM4COLzcxdAH2WJHk/BbkXtUcVRDkEOLhIBppCkR7pZMg7Na4yavZdZ
LgsSE0YBl4bkMRwhrisf0o7M5k4fz3KmrLZZqq82bOGH7KNW2L4eQy/DzBncObHr
AInhMG3oqC7jRPyerMTKth1DLtL+EEHyPGxgg8Ngd2L4OfteBMXT2aRyvvcwC4VI
+vY=
-----END CERTIFICATE-----