Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/n2lcggvA6IF6FmSgwSo16hSkbdE.roa
File:                     n2lcggvA6IF6FmSgwSo16hSkbdE.roa (raw, json)
Hash identifier:          lxepvrw1OSqDco8B+eKaJaNtRp96e1ToC5301lORdB8=
Subject key identifier:   9F:69:5C:82:0B:C0:E8:81:7A:16:64:A0:C1:2A:35:EA:14:A4:6D:D1
Certificate issuer:       /CN=69226ceb40c671f30acf11fa36b8d7d1c6754704
Certificate serial:       018D7909664C1BF3C6D2BF855E99AE51D401
Authority key identifier: 69:22:6C:EB:40:C6:71:F3:0A:CF:11:FA:36:B8:D7:D1:C6:75:47:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/n2lcggvA6IF6FmSgwSo16hSkbdE.roa
Signing time:             Mon 05 Feb 2024 11:31:15 +0000
ROA not before:           Mon 05 Feb 2024 11:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38968
IP address blocks:        89.28.216.0/21 maxlen: 21
                          89.28.219.0/24 maxlen: 24
                          89.28.220.0/24 maxlen: 24
                          89.28.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:09:66:4c:1b:f3:c6:d2:bf:85:5e:99:ae:51:d4:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69226ceb40c671f30acf11fa36b8d7d1c6754704
        Validity
            Not Before: Feb  5 11:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f695c820bc0e8817a1664a0c12a35ea14a46dd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:fb:6c:2b:9c:55:6a:d6:1e:30:6f:ff:18:fc:
                    b9:43:85:f0:59:08:60:9a:1b:aa:57:bb:11:8e:ec:
                    82:03:32:ee:e9:6b:78:bd:7c:06:7e:95:80:3f:a3:
                    5c:75:4b:24:86:68:2a:19:8d:e8:4a:cf:b8:fb:43:
                    1d:a7:6a:de:e6:34:51:a5:8c:78:0d:52:f9:ca:85:
                    a9:b2:4e:dc:b3:75:8f:5a:25:f1:da:b6:b5:a0:5e:
                    9e:5f:e8:5e:7c:f5:97:e5:b3:c8:d0:b5:3b:3f:fc:
                    04:07:bf:73:c8:aa:5a:11:f1:1b:4d:5a:d6:6f:0f:
                    93:42:48:f3:12:b1:d6:66:3b:09:f6:c1:aa:88:e8:
                    ec:7d:5c:6f:91:df:58:96:b6:56:32:0a:f4:ac:bb:
                    c5:bf:b5:56:2a:78:54:d0:2e:0f:20:90:80:81:fb:
                    fe:ec:5f:a6:f3:b4:62:96:99:ec:e1:de:1b:40:ef:
                    ed:75:27:d3:8a:23:17:3f:2f:be:bc:17:23:85:2c:
                    81:6b:5a:01:45:b5:d7:37:c5:69:3d:83:9d:e7:d3:
                    aa:40:77:64:4b:fb:c3:d7:84:b5:dd:7f:52:a6:80:
                    05:3b:c4:3c:32:76:db:73:13:2b:7a:00:81:82:4b:
                    d9:c8:dd:ce:fd:1a:3b:10:bc:99:54:d6:20:4a:b3:
                    32:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:69:5C:82:0B:C0:E8:81:7A:16:64:A0:C1:2A:35:EA:14:A4:6D:D1
            X509v3 Authority Key Identifier:
                keyid:69:22:6C:EB:40:C6:71:F3:0A:CF:11:FA:36:B8:D7:D1:C6:75:47:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/n2lcggvA6IF6FmSgwSo16hSkbdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:c2:0a:17:49:b4:74:7e:74:c3:28:00:fa:23:d5:c2:c1:fd:
         5d:7f:48:b7:a6:a9:7c:5b:c6:3b:c5:9e:2e:5c:4a:a8:82:39:
         ad:a3:51:c8:4b:3c:79:6f:d3:f7:8c:ca:a1:3f:f9:b8:1e:5f:
         31:d0:a9:ee:55:20:3d:50:87:50:8c:63:73:c3:dc:0c:4f:aa:
         42:a8:ab:13:97:dd:4e:fb:1e:76:6f:e8:df:f6:7b:f8:72:e3:
         e6:61:81:16:6c:e5:37:8c:4c:2f:4d:77:b1:91:02:6e:8f:db:
         e4:78:fa:c1:eb:7d:8f:76:98:6b:bb:56:9a:d6:a6:ce:88:78:
         58:55:6a:87:44:35:c1:b8:42:fa:77:0d:7d:51:5f:52:0d:9a:
         ab:54:1c:d2:a6:d5:29:cc:8f:f5:95:e5:44:7b:46:91:9e:29:
         c6:bb:cf:e2:33:c5:bb:83:2b:8a:04:82:3d:a8:d7:77:3c:0f:
         51:7f:7d:e1:d8:2b:22:31:45:a7:97:ee:3a:04:e5:41:88:cd:
         5f:f4:11:09:78:e0:6b:78:0f:51:b7:8d:91:db:18:e7:98:2e:
         51:56:3b:a0:07:81:67:4e:aa:ea:49:17:a2:8b:03:cb:5c:f5:
         d3:e4:1b:67:0c:42:b4:53:83:a1:e9:79:fa:26:22:da:4c:3f:
         37:4b:af:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY15CWZMG/PG0r+FXpmuUdQBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MjI2Y2ViNDBjNjcxZjMwYWNmMTFmYTM2YjhkN2QxYzY3
NTQ3MDQwHhcNMjQwMjA1MTEzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjY5NWM4MjBiYzBlODgxN2ExNjY0YTBjMTJhMzVlYTE0YTQ2ZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvtsK5xVatYeMG//GPy5Q4XwWQhg
mhuqV7sRjuyCAzLu6Wt4vXwGfpWAP6NcdUskhmgqGY3oSs+4+0Mdp2re5jRRpYx4
DVL5yoWpsk7cs3WPWiXx2ra1oF6eX+hefPWX5bPI0LU7P/wEB79zyKpaEfEbTVrW
bw+TQkjzErHWZjsJ9sGqiOjsfVxvkd9YlrZWMgr0rLvFv7VWKnhU0C4PIJCAgfv+
7F+m87Rilpns4d4bQO/tdSfTiiMXPy++vBcjhSyBa1oBRbXXN8VpPYOd59OqQHdk
S/vD14S13X9SpoAFO8Q8MnbbcxMregCBgkvZyN3O/Ro7ELyZVNYgSrMytwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9pXIILwOiBehZkoMEqNeoUpG3RMB8GA1UdIwQY
MBaAFGkibOtAxnHzCs8R+ja419HGdUcEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVNKczYwREdjZk1LenhINk5yalgwY1oxUndRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9mZmYxYzctY2VlMS00ZmE2LWE5OWIt
YzljOGFiMTg4ODUzLzEvbjJsY2dndkE2SUY2Rm1TZ3dTbzE2aFNrYmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9mZmYxYzctY2VlMS00ZmE2LWE5OWItYzljOGFiMTg4ODUz
LzEvYVNKczYwREdjZk1LenhINk5yalgwY1oxUndRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWRzYMA0G
CSqGSIb3DQEBCwUAA4IBAQBiwgoXSbR0fnTDKAD6I9XCwf1df0i3pql8W8Y7xZ4u
XEqogjmto1HISzx5b9P3jMqhP/m4Hl8x0KnuVSA9UIdQjGNzw9wMT6pCqKsTl91O
+x52b+jf9nv4cuPmYYEWbOU3jEwvTXexkQJuj9vkePrB632Pdphru1aa1qbOiHhY
VWqHRDXBuEL6dw19UV9SDZqrVBzSptUpzI/1leVEe0aRninGu8/iM8W7gyuKBII9
qNd3PA9Rf33h2CsiMUWnl+46BOVBiM1f9BEJeOBreA9Rt42R2xjnmC5RVjugB4Fn
TqrqSReiiwPLXPXT5BtnDEK0U4Oh6Xn6JiLaTD83S68c
-----END CERTIFICATE-----