Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/25a747-8426-430a-9e30-45b3443a76f9/1/iVdHUBGY7AFSa0d6QrwYJllGlnQ.roa
File:                     iVdHUBGY7AFSa0d6QrwYJllGlnQ.roa (raw, json)
Hash identifier:          mQB9zLaIQgjwbAmqlEFqEGKE0+snZeIyGwYFcNYrpTU=
Subject key identifier:   89:57:47:50:11:98:EC:01:52:6B:47:7A:42:BC:18:26:59:46:96:74
Certificate issuer:       /CN=556c9a9c61980a90b5d0c51f86d7cbac9ff142da
Certificate serial:       018CC26D72272730952BC626E5F4E16E65D7
Authority key identifier: 55:6C:9A:9C:61:98:0A:90:B5:D0:C5:1F:86:D7:CB:AC:9F:F1:42:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VWyanGGYCpC10MUfhtfLrJ_xQto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/25a747-8426-430a-9e30-45b3443a76f9/1/iVdHUBGY7AFSa0d6QrwYJllGlnQ.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20553
IP address blocks:        217.168.192.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/25a747-8426-430a-9e30-45b3443a76f9/1/VWyanGGYCpC10MUfhtfLrJ_xQto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/25a747-8426-430a-9e30-45b3443a76f9/1/VWyanGGYCpC10MUfhtfLrJ_xQto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VWyanGGYCpC10MUfhtfLrJ_xQto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:72:27:27:30:95:2b:c6:26:e5:f4:e1:6e:65:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=556c9a9c61980a90b5d0c51f86d7cbac9ff142da
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=895747501198ec01526b477a42bc182659469674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:65:8d:e7:6f:a4:72:ef:1e:50:5d:44:7b:c4:
                    3a:6a:37:66:a1:82:4a:10:b8:d0:94:37:b6:a5:e6:
                    ea:0f:f2:02:a5:5b:fd:88:74:0f:e9:6f:8a:58:42:
                    e4:d4:e0:28:7b:8e:08:bf:1c:0c:3e:ad:3f:38:cd:
                    3f:84:f0:7b:78:1f:71:79:cf:47:bf:ad:24:8a:84:
                    92:2d:07:99:ce:19:7c:ec:6a:7d:e4:dd:ca:27:3c:
                    62:76:85:fb:30:b9:9a:db:b2:5d:a6:41:83:b0:6b:
                    b0:83:c4:13:b0:1b:9a:46:c5:4e:89:f1:d4:ac:ec:
                    90:ba:6a:40:04:52:48:d8:dd:ed:17:0b:cc:8e:16:
                    9d:84:01:51:3d:9f:17:ab:69:93:31:14:88:88:bc:
                    90:8b:b2:fe:e8:0b:89:b8:5b:74:1c:ef:24:e0:ee:
                    66:e1:e4:71:26:87:ad:56:5d:07:df:44:a3:a1:f2:
                    4c:a4:6f:b4:61:db:bd:34:d2:e8:80:ee:0c:06:ef:
                    8d:33:85:72:e7:17:43:d8:1b:94:61:9f:45:56:23:
                    78:7d:39:f9:52:96:96:e5:1e:70:2c:3d:1c:cf:f9:
                    b7:ab:bc:06:26:1b:83:53:13:ed:e5:c6:72:53:28:
                    91:66:69:9f:b3:ba:90:36:c8:41:4e:b3:32:f5:b6:
                    fb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:57:47:50:11:98:EC:01:52:6B:47:7A:42:BC:18:26:59:46:96:74
            X509v3 Authority Key Identifier:
                keyid:55:6C:9A:9C:61:98:0A:90:B5:D0:C5:1F:86:D7:CB:AC:9F:F1:42:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VWyanGGYCpC10MUfhtfLrJ_xQto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/25a747-8426-430a-9e30-45b3443a76f9/1/iVdHUBGY7AFSa0d6QrwYJllGlnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/25a747-8426-430a-9e30-45b3443a76f9/1/VWyanGGYCpC10MUfhtfLrJ_xQto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.168.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         74:b9:2f:10:a9:51:1a:2d:72:a6:41:2e:18:dc:12:2e:b1:c1:
         f8:e7:65:ef:79:4d:a1:8e:1e:21:47:e7:61:8b:e8:e1:de:4a:
         ef:40:3b:f9:12:07:a8:d0:14:0b:be:23:85:32:18:98:0c:72:
         9b:2b:9b:1b:47:17:e1:dd:6d:d6:16:4a:52:91:23:ca:77:d2:
         cf:1a:50:04:fe:bf:5c:66:3f:a6:e7:15:c6:e4:a5:7c:e7:ab:
         9e:9f:7c:52:28:b2:f1:89:02:c7:d7:b5:c2:2b:74:90:fc:34:
         68:22:d2:e3:8d:fc:d6:9d:70:7a:b9:53:e5:63:63:25:b6:d0:
         96:71:07:6b:df:e8:aa:2b:68:46:5f:aa:2a:24:fd:80:29:c2:
         f4:04:28:ef:b8:c0:c4:5b:c8:7b:2b:82:52:8b:c2:d6:0b:8f:
         35:af:49:d7:55:c2:2d:92:5c:29:5c:f9:9e:dd:50:71:b8:47:
         1e:c0:a7:74:ae:f1:7e:da:af:bb:22:4d:fb:62:47:ab:f9:5b:
         ac:a0:e2:c2:5d:d1:de:a4:53:81:6c:47:21:be:11:f3:24:1c:
         d5:4a:71:fd:32:72:fa:fe:11:c7:60:64:73:b5:8b:2e:c3:24:
         12:26:9e:34:ca:10:5a:87:23:14:db:12:2a:65:88:4d:68:53:
         ea:17:44:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXInJzCVK8Ym5fThbmXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NmM5YTljNjE5ODBhOTBiNWQwYzUxZjg2ZDdjYmFjOWZm
MTQyZGEwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTU3NDc1MDExOThlYzAxNTI2YjQ3N2E0MmJjMTgyNjU5NDY5Njc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWWN52+kcu8eUF1Ee8Q6ajdmoYJK
ELjQlDe2pebqD/ICpVv9iHQP6W+KWELk1OAoe44IvxwMPq0/OM0/hPB7eB9xec9H
v60kioSSLQeZzhl87Gp95N3KJzxidoX7MLma27JdpkGDsGuwg8QTsBuaRsVOifHU
rOyQumpABFJI2N3tFwvMjhadhAFRPZ8Xq2mTMRSIiLyQi7L+6AuJuFt0HO8k4O5m
4eRxJoetVl0H30SjofJMpG+0Ydu9NNLogO4MBu+NM4Vy5xdD2BuUYZ9FViN4fTn5
UpaW5R5wLD0cz/m3q7wGJhuDUxPt5cZyUyiRZmmfs7qQNshBTrMy9bb7PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlXR1ARmOwBUmtHekK8GCZZRpZ0MB8GA1UdIwQY
MBaAFFVsmpxhmAqQtdDFH4bXy6yf8ULaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVld5YW5HR1lDcEMxME1VZmh0ZkxySl94UXRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8yNWE3NDctODQyNi00MzBhLTllMzAt
NDViMzQ0M2E3NmY5LzEvaVZkSFVCR1k3QUZTYTBkNlFyd1lKbGxHbG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8yNWE3NDctODQyNi00MzBhLTllMzAtNDViMzQ0M2E3NmY5
LzEvVld5YW5HR1lDcEMxME1VZmh0ZkxySl94UXRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ajAMA0G
CSqGSIb3DQEBCwUAA4IBAQB0uS8QqVEaLXKmQS4Y3BIuscH452XveU2hjh4hR+dh
i+jh3krvQDv5Egeo0BQLviOFMhiYDHKbK5sbRxfh3W3WFkpSkSPKd9LPGlAE/r9c
Zj+m5xXG5KV856uen3xSKLLxiQLH17XCK3SQ/DRoItLjjfzWnXB6uVPlY2MlttCW
cQdr3+iqK2hGX6oqJP2AKcL0BCjvuMDEW8h7K4JSi8LWC481r0nXVcItklwpXPme
3VBxuEcewKd0rvF+2q+7Ik37Yker+VusoOLCXdHepFOBbEchvhHzJBzVSnH9MnL6
/hHHYGRztYsuwyQSJp40yhBahyMU2xIqZYhNaFPqF0Q8
-----END CERTIFICATE-----