Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/vP9Td1ZEUHX74eZZo8Kn2Or7mjg.roa
File:                     vP9Td1ZEUHX74eZZo8Kn2Or7mjg.roa (raw, json)
Hash identifier:          XiqL6aHd9FQouBl44BB/rofyzh/8nuPHWVvGXnODFbU=
Subject key identifier:   BC:FF:53:77:56:44:50:75:FB:E1:E6:59:A3:C2:A7:D8:EA:FB:9A:38
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CC56DFDA2789671933142DF64581FEFED
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/vP9Td1ZEUHX74eZZo8Kn2Or7mjg.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17941
IP address blocks:        217.147.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fd:a2:78:96:71:93:31:42:df:64:58:1f:ef:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcff537756445075fbe1e659a3c2a7d8eafb9a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4a:94:44:59:b6:f7:b3:3d:45:c3:e9:57:bc:
                    61:36:45:51:78:67:38:ec:9e:78:e0:6e:e2:ba:2e:
                    35:9b:bd:63:5f:97:c6:19:62:e9:03:02:47:2c:07:
                    bd:45:16:16:b8:d5:03:ad:37:62:68:b0:8a:6a:29:
                    74:f9:9e:8b:5e:b6:e6:6f:f5:c2:f0:0b:b8:0a:99:
                    ce:45:54:ae:c2:a4:04:d5:da:19:eb:bc:ab:be:ba:
                    0e:dc:fd:0e:b7:52:ef:b5:59:62:dd:18:89:9d:5e:
                    eb:9b:fa:bb:c6:21:24:6a:90:65:9a:bf:3b:50:00:
                    21:06:55:24:94:98:8e:2b:b5:3d:b8:3b:47:e6:0d:
                    98:63:7f:dc:8f:7a:00:4e:13:4c:ac:fa:1d:9f:a4:
                    79:1a:20:81:dc:f3:e0:02:f8:0a:12:9e:b7:ab:b6:
                    29:60:c9:62:28:8a:07:c2:0d:21:9e:da:ba:08:2e:
                    66:cd:d4:b8:ee:1b:55:96:9a:48:59:fb:c0:42:1c:
                    8c:30:51:39:c5:4e:92:6e:01:e6:a8:dd:67:36:32:
                    ad:ec:16:18:ab:8f:79:a2:1f:77:9b:a0:f9:a9:26:
                    a4:0e:18:a8:7c:4a:66:89:bf:d5:1e:05:d2:f2:0b:
                    35:dc:d2:20:93:8a:7d:a6:09:aa:11:c6:59:40:43:
                    c7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:FF:53:77:56:44:50:75:FB:E1:E6:59:A3:C2:A7:D8:EA:FB:9A:38
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/vP9Td1ZEUHX74eZZo8Kn2Or7mjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:4b:51:11:14:d6:9f:79:bd:6b:b2:4a:37:58:09:b4:33:ec:
         61:5b:b7:fc:6a:ee:3c:ca:9e:e5:e1:c6:63:cb:f1:69:8b:45:
         6a:ec:f2:b0:99:f3:ec:cf:2c:e1:aa:50:cc:4a:09:d9:47:f8:
         a5:dc:60:12:26:5e:f6:84:1a:45:c0:3d:c5:32:65:ac:9b:da:
         32:10:b0:49:95:37:1e:17:8f:2b:af:80:30:99:5b:6c:6d:78:
         68:f1:6b:f3:75:0f:81:e8:49:31:09:f2:76:9d:d8:7c:5b:6d:
         fa:f0:6c:5b:10:49:9d:6e:9a:3a:e5:49:fe:f6:0a:d1:f0:2d:
         b7:bf:2d:ac:a2:9f:d1:67:4c:ff:8b:9c:a3:c6:c1:61:8f:89:
         c4:74:04:8f:61:0f:48:c2:06:0b:cc:41:dd:dc:1d:45:2f:93:
         f9:f7:f7:ce:76:58:22:df:3d:d1:ac:f0:33:23:16:ae:5f:e5:
         15:6c:28:c9:67:54:39:d0:22:90:a8:77:65:da:90:cf:50:43:
         76:87:b0:2e:e3:99:74:d5:bb:61:b8:f0:e2:a8:cc:25:ba:b9:
         f2:18:af:c0:98:2c:33:45:b9:00:da:5a:3e:c3:2e:b4:82:79:
         3d:8b:1b:b7:a5:67:ed:ac:5d:17:ff:c8:1f:f3:07:7e:d3:5c:
         24:57:47:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf2ieJZxkzFC32RYH+/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2ZmNTM3NzU2NDQ1MDc1ZmJlMWU2NTlhM2MyYTdkOGVhZmI5YTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUqURFm297M9RcPpV7xhNkVReGc4
7J544G7iui41m71jX5fGGWLpAwJHLAe9RRYWuNUDrTdiaLCKail0+Z6LXrbmb/XC
8Au4CpnORVSuwqQE1doZ67yrvroO3P0Ot1LvtVli3RiJnV7rm/q7xiEkapBlmr87
UAAhBlUklJiOK7U9uDtH5g2YY3/cj3oAThNMrPodn6R5GiCB3PPgAvgKEp63q7Yp
YMliKIoHwg0hntq6CC5mzdS47htVlppIWfvAQhyMMFE5xU6SbgHmqN1nNjKt7BYY
q495oh93m6D5qSakDhiofEpmib/VHgXS8gs13NIgk4p9pgmqEcZZQEPHEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLz/U3dWRFB1++HmWaPCp9jq+5o4MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvdlA5VGQxWkVVSFg3NGVaWm84S24yT3I3bWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZMMMA0G
CSqGSIb3DQEBCwUAA4IBAQA+S1ERFNafeb1rsko3WAm0M+xhW7f8au48yp7l4cZj
y/Fpi0Vq7PKwmfPszyzhqlDMSgnZR/il3GASJl72hBpFwD3FMmWsm9oyELBJlTce
F48rr4AwmVtsbXho8WvzdQ+B6EkxCfJ2ndh8W2368GxbEEmdbpo65Un+9grR8C23
vy2sop/RZ0z/i5yjxsFhj4nEdASPYQ9IwgYLzEHd3B1FL5P59/fOdlgi3z3RrPAz
IxauX+UVbCjJZ1Q50CKQqHdl2pDPUEN2h7Au45l01bthuPDiqMwlurnyGK/AmCwz
RbkA2lo+wy60gnk9ixu3pWftrF0X/8gf8wd+01wkV0e2
-----END CERTIFICATE-----