Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/5Dsuy3pwInf0DO5B0RNoed9MF2I.roa
File:                     5Dsuy3pwInf0DO5B0RNoed9MF2I.roa (raw, json)
Hash identifier:          vhO85IJ6xa6a9MizAeI699B1jJv37rgdlwh9Hh3mWV8=
Subject key identifier:   E4:3B:2E:CB:7A:70:22:77:F4:0C:EE:41:D1:13:68:79:DF:4C:17:62
Certificate issuer:       /CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Certificate serial:       018D9D7E6136EBD98415C300C8D47CEA83EF
Authority key identifier: DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/5Dsuy3pwInf0DO5B0RNoed9MF2I.roa
Signing time:             Mon 12 Feb 2024 13:25:21 +0000
ROA not before:           Mon 12 Feb 2024 13:25:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8434
IP address blocks:        217.147.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:7e:61:36:eb:d9:84:15:c3:00:c8:d4:7c:ea:83:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df9c64e170b7f255d7ca30035d6532c8957eb169
        Validity
            Not Before: Feb 12 13:25:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e43b2ecb7a702277f40cee41d1136879df4c1762
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:64:41:14:07:0c:28:79:ae:f9:3a:1f:ab:de:
                    22:e0:8c:78:7f:74:f5:9b:1c:5c:3a:b1:da:b9:e0:
                    b0:fe:b0:10:9b:0a:26:60:7c:e0:53:8b:51:be:a5:
                    ab:96:8f:da:d6:8d:88:1f:d2:21:ee:be:fe:26:66:
                    7f:ed:f3:0a:6c:c7:db:b1:66:bf:1a:37:46:40:ef:
                    f9:2d:9e:87:53:43:dc:2d:b1:ff:5a:23:60:4e:92:
                    99:89:1b:fd:05:ee:aa:a3:ee:3e:1e:2a:93:a2:2e:
                    62:45:bc:bf:da:d6:c2:cb:ff:6b:fb:36:27:b6:dd:
                    98:38:50:bd:d4:ab:a5:a3:51:84:29:84:05:3f:0f:
                    cf:f5:46:23:31:4d:7d:cb:db:c0:77:0a:78:1a:19:
                    ce:de:11:84:5c:c7:a0:76:ac:a0:0b:c0:90:7a:3d:
                    c0:09:7a:d6:95:b2:b4:42:f4:28:e1:fc:62:ff:6d:
                    4a:53:0d:00:a0:9b:ab:9a:fa:dc:eb:b7:6b:d4:7b:
                    31:6f:b4:95:0e:e2:19:63:50:da:46:71:f0:bd:a5:
                    49:f2:4a:56:2b:6b:ff:b2:cb:d8:e1:07:2b:24:b4:
                    7e:05:8b:d4:5e:26:5c:42:6f:eb:04:4f:10:3b:27:
                    d8:77:fa:cb:ff:6c:96:27:04:f3:51:19:30:43:ac:
                    c3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:3B:2E:CB:7A:70:22:77:F4:0C:EE:41:D1:13:68:79:DF:4C:17:62
            X509v3 Authority Key Identifier:
                keyid:DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/5Dsuy3pwInf0DO5B0RNoed9MF2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:95:65:d7:1b:5f:f1:23:eb:44:18:d2:c1:1c:e0:31:99:30:
         dd:4e:0c:83:86:cc:97:cb:23:ac:7d:c6:00:73:6b:d5:2c:3a:
         f8:1d:8f:bf:86:f1:88:ec:e7:bc:f7:f6:43:dd:a1:19:36:c3:
         94:57:fb:48:f9:7f:5b:73:d0:bd:b3:45:37:21:3f:d7:62:11:
         52:22:95:48:23:21:94:9d:4c:c8:9a:bc:9d:37:62:79:54:9a:
         64:3b:a8:ad:00:25:39:81:76:20:97:16:ec:02:48:d4:d0:f2:
         53:b4:c9:4d:dd:74:9b:cb:8d:68:69:30:b5:d3:ce:d5:92:60:
         ba:a6:db:71:68:f5:83:74:70:9a:65:e6:bd:38:d2:77:a7:0c:
         07:cc:4b:46:5f:ea:77:1d:00:65:ab:a7:f0:0a:bd:af:02:23:
         7b:8c:f1:2b:c0:27:0d:e5:bc:16:8f:d2:48:9b:7e:3b:e8:47:
         66:ae:9e:fa:0e:6a:f0:a0:1c:02:86:14:0d:99:7d:42:31:a7:
         77:db:0b:ce:81:e4:71:70:68:94:a2:87:01:5a:0a:a3:17:70:
         be:f8:d7:1e:f9:93:5e:e6:56:5a:bc:bb:18:07:c7:01:91:18:
         61:d5:09:3e:9d:d8:2b:e3:76:ae:46:b8:e7:87:f8:76:10:d9:
         1d:3a:e0:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2dfmE269mEFcMAyNR86oPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOWM2NGUxNzBiN2YyNTVkN2NhMzAwMzVkNjUzMmM4OTU3
ZWIxNjkwHhcNMjQwMjEyMTMyNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDNiMmVjYjdhNzAyMjc3ZjQwY2VlNDFkMTEzNjg3OWRmNGMxNzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWRBFAcMKHmu+Tofq94i4Ix4f3T1
mxxcOrHaueCw/rAQmwomYHzgU4tRvqWrlo/a1o2IH9Ih7r7+JmZ/7fMKbMfbsWa/
GjdGQO/5LZ6HU0PcLbH/WiNgTpKZiRv9Be6qo+4+HiqToi5iRby/2tbCy/9r+zYn
tt2YOFC91Kulo1GEKYQFPw/P9UYjMU19y9vAdwp4GhnO3hGEXMegdqygC8CQej3A
CXrWlbK0QvQo4fxi/21KUw0AoJurmvrc67dr1Hsxb7SVDuIZY1DaRnHwvaVJ8kpW
K2v/ssvY4QcrJLR+BYvUXiZcQm/rBE8QOyfYd/rL/2yWJwTzURkwQ6zDjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQ7Lst6cCJ39AzuQdETaHnfTBdiMB8GA1UdIwQY
MBaAFN+cZOFwt/JV18owA11lMsiVfrFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTIt
MjhjYjNiYmYwNWFlLzEvNURzdXkzcHdJbmYwRE81QjBSTm9lZDlNRjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTItMjhjYjNiYmYwNWFl
LzEvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZMEMA0G
CSqGSIb3DQEBCwUAA4IBAQBwlWXXG1/xI+tEGNLBHOAxmTDdTgyDhsyXyyOsfcYA
c2vVLDr4HY+/hvGI7Oe89/ZD3aEZNsOUV/tI+X9bc9C9s0U3IT/XYhFSIpVIIyGU
nUzImrydN2J5VJpkO6itACU5gXYglxbsAkjU0PJTtMlN3XSby41oaTC1087VkmC6
pttxaPWDdHCaZea9ONJ3pwwHzEtGX+p3HQBlq6fwCr2vAiN7jPErwCcN5bwWj9JI
m3476Edmrp76DmrwoBwChhQNmX1CMad32wvOgeRxcGiUoocBWgqjF3C++Nce+ZNe
5lZavLsYB8cBkRhh1Qk+ndgr43auRrjnh/h2ENkdOuAn
-----END CERTIFICATE-----