Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/FiD902gb4HEnDOn1H5YMhdgHuyg.roa
File:                     FiD902gb4HEnDOn1H5YMhdgHuyg.roa (raw, json)
Hash identifier:          T8Vil+6iLaiUjx9lE8uoX0qEWGF4E7/o0j6A3rM0w7o=
Subject key identifier:   16:20:FD:D3:68:1B:E0:71:27:0C:E9:F5:1F:96:0C:85:D8:07:BB:28
Certificate issuer:       /CN=498fd453f5e35f9c77d1d706e565138adf82256a
Certificate serial:       018CC3B6935E8E079168DFD2E4060549E0C8
Authority key identifier: 49:8F:D4:53:F5:E3:5F:9C:77:D1:D7:06:E5:65:13:8A:DF:82:25:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SY_UU_XjX5x30dcG5WUTit-CJWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/FiD902gb4HEnDOn1H5YMhdgHuyg.roa
Signing time:             Mon 01 Jan 2024 06:29:31 +0000
ROA not before:           Mon 01 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203931
IP address blocks:        217.29.240.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/SY_UU_XjX5x30dcG5WUTit-CJWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/SY_UU_XjX5x30dcG5WUTit-CJWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SY_UU_XjX5x30dcG5WUTit-CJWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:93:5e:8e:07:91:68:df:d2:e4:06:05:49:e0:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=498fd453f5e35f9c77d1d706e565138adf82256a
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1620fdd3681be071270ce9f51f960c85d807bb28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4a:e9:a1:ff:3f:00:77:70:96:76:ca:9c:68:
                    f8:01:eb:8c:d5:1a:00:cc:8c:a2:f1:45:fb:7a:f7:
                    dc:97:a1:7c:f5:5c:a7:06:27:e5:39:6e:d2:df:55:
                    3a:db:e0:aa:48:94:24:fa:18:85:80:ad:53:7a:84:
                    2a:03:5f:9b:66:c8:d4:95:d1:a3:0d:3d:4a:86:da:
                    93:95:72:db:51:eb:c6:1c:21:f1:79:d2:50:af:9f:
                    18:cc:86:ca:6f:41:39:49:a9:b6:59:1b:c1:7c:fd:
                    7d:22:a7:59:5c:4b:62:8c:92:d2:68:1a:96:4c:bb:
                    d3:53:6b:f0:db:09:bc:39:c1:a6:0d:67:e3:f4:80:
                    0e:87:78:b3:93:0e:03:18:3c:79:c2:f3:44:1f:72:
                    91:fe:da:f6:7b:03:9d:9a:46:25:4f:5b:71:fc:0c:
                    71:ad:9e:ea:00:aa:24:0d:f4:8b:24:18:9e:b2:b4:
                    1a:c3:9c:0a:11:2b:6f:ab:95:85:68:46:0c:61:03:
                    09:c6:ae:64:b5:86:3c:93:b7:88:e1:c3:93:09:08:
                    6a:34:47:4e:09:8b:fe:05:4e:fc:90:41:9b:97:ca:
                    1e:d7:ff:4d:79:ab:03:80:15:95:66:08:3e:42:ac:
                    db:a8:74:43:ec:01:36:9b:72:7c:4b:a7:a0:38:cd:
                    8a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:20:FD:D3:68:1B:E0:71:27:0C:E9:F5:1F:96:0C:85:D8:07:BB:28
            X509v3 Authority Key Identifier:
                keyid:49:8F:D4:53:F5:E3:5F:9C:77:D1:D7:06:E5:65:13:8A:DF:82:25:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SY_UU_XjX5x30dcG5WUTit-CJWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/FiD902gb4HEnDOn1H5YMhdgHuyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/SY_UU_XjX5x30dcG5WUTit-CJWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.29.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:7d:e6:f1:a3:05:23:61:9a:bf:00:9d:07:53:2e:08:fb:6f:
         ee:8f:83:80:14:6b:19:ac:47:09:d1:5f:e0:6d:85:7d:79:84:
         f6:07:f9:e1:2d:7a:97:4d:0f:2a:50:bf:01:c3:0f:77:bf:ae:
         1e:0a:78:43:6a:16:6e:4f:52:ce:0f:da:7c:d6:e6:a4:84:09:
         66:33:79:50:95:48:7b:95:42:0b:55:68:69:58:42:e1:b0:85:
         1c:eb:90:6a:2d:48:3d:f5:07:89:69:75:74:da:87:5e:b1:05:
         2b:89:f7:7e:77:4d:19:60:16:d1:94:47:72:9d:ed:5a:d8:de:
         18:bf:1a:12:f9:59:f1:09:e0:34:75:55:ea:a8:58:df:48:ec:
         77:6b:26:66:ae:17:96:86:ee:a4:42:cd:22:97:fe:b0:0d:94:
         20:36:e6:bc:c5:76:e5:5d:85:d9:56:e2:9c:57:46:43:4e:67:
         ad:30:97:83:f4:56:ab:a3:a6:03:d6:53:9b:7b:09:61:50:c7:
         9a:30:a3:d4:29:e0:34:54:ae:63:21:61:48:92:0a:51:5f:81:
         d4:1c:b8:6d:9c:e7:a1:aa:33:19:39:0b:a7:0f:13:25:c4:94:
         87:1f:16:76:8e:6a:30:53:5f:0f:6f:0f:64:06:bc:8a:8a:bb:
         ed:39:b0:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpNejgeRaN/S5AYFSeDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5OGZkNDUzZjVlMzVmOWM3N2QxZDcwNmU1NjUxMzhhZGY4
MjI1NmEwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjIwZmRkMzY4MWJlMDcxMjcwY2U5ZjUxZjk2MGM4NWQ4MDdiYjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUrpof8/AHdwlnbKnGj4AeuM1RoA
zIyi8UX7evfcl6F89VynBiflOW7S31U62+CqSJQk+hiFgK1TeoQqA1+bZsjUldGj
DT1KhtqTlXLbUevGHCHxedJQr58YzIbKb0E5Sam2WRvBfP19IqdZXEtijJLSaBqW
TLvTU2vw2wm8OcGmDWfj9IAOh3izkw4DGDx5wvNEH3KR/tr2ewOdmkYlT1tx/Axx
rZ7qAKokDfSLJBiesrQaw5wKEStvq5WFaEYMYQMJxq5ktYY8k7eI4cOTCQhqNEdO
CYv+BU78kEGbl8oe1/9NeasDgBWVZgg+QqzbqHRD7AE2m3J8S6egOM2KwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYg/dNoG+BxJwzp9R+WDIXYB7soMB8GA1UdIwQY
MBaAFEmP1FP141+cd9HXBuVlE4rfgiVqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1lfVVVfWGpYNXgzMGRjRzVXVVRpdC1DSldvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi81NDViMDYtODU3Mi00MTJmLWE4MGYt
Mzk3OWVmMGQzMmRiLzEvRmlEOTAyZ2I0SEVuRE9uMUg1WU1oZGdIdXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi81NDViMDYtODU3Mi00MTJmLWE4MGYtMzk3OWVmMGQzMmRi
LzEvU1lfVVVfWGpYNXgzMGRjRzVXVVRpdC1DSldvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2R3wMA0G
CSqGSIb3DQEBCwUAA4IBAQAgfebxowUjYZq/AJ0HUy4I+2/uj4OAFGsZrEcJ0V/g
bYV9eYT2B/nhLXqXTQ8qUL8Bww93v64eCnhDahZuT1LOD9p81uakhAlmM3lQlUh7
lUILVWhpWELhsIUc65BqLUg99QeJaXV02odesQUrifd+d00ZYBbRlEdyne1a2N4Y
vxoS+VnxCeA0dVXqqFjfSOx3ayZmrheWhu6kQs0il/6wDZQgNua8xXblXYXZVuKc
V0ZDTmetMJeD9Faro6YD1lObewlhUMeaMKPUKeA0VK5jIWFIkgpRX4HUHLhtnOeh
qjMZOQunDxMlxJSHHxZ2jmowU18Pbw9kBryKirvtObBC
-----END CERTIFICATE-----