Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/r3cWbqyb9HgoTXK9cVNeKGx5WVc.roa
File:                     r3cWbqyb9HgoTXK9cVNeKGx5WVc.roa (raw, json)
Hash identifier:          yyB4q0s1+lO0MUxRgNhJm9ecE94W+tKbHHcE3lo6URY=
Subject key identifier:   AF:77:16:6E:AC:9B:F4:78:28:4D:72:BD:71:53:5E:28:6C:79:59:57
Certificate issuer:       /CN=a3d31f1799bf5588ffa988e49286bfc70a4b34be
Certificate serial:       019420680843FE0CCEB21683D4B3D29EE2FF
Authority key identifier: A3:D3:1F:17:99:BF:55:88:FF:A9:88:E4:92:86:BF:C7:0A:4B:34:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o9MfF5m_VYj_qYjkkoa_xwpLNL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/r3cWbqyb9HgoTXK9cVNeKGx5WVc.roa
Signing time:             Wed 01 Jan 2025 05:47:56 +0000
ROA not before:           Wed 01 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20768
IP address blocks:        217.151.208.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/o9MfF5m_VYj_qYjkkoa_xwpLNL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/o9MfF5m_VYj_qYjkkoa_xwpLNL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o9MfF5m_VYj_qYjkkoa_xwpLNL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 08:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:08:43:fe:0c:ce:b2:16:83:d4:b3:d2:9e:e2:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3d31f1799bf5588ffa988e49286bfc70a4b34be
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af77166eac9bf478284d72bd71535e286c795957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:80:1a:80:f2:4c:fa:1a:24:3d:34:f2:91:f5:
                    6c:64:90:03:45:c6:df:54:07:5d:6b:0d:c1:c8:be:
                    25:82:f6:46:ac:dd:42:23:22:36:12:18:6c:b3:5e:
                    04:2f:56:c1:51:f4:be:5f:49:d2:60:11:73:bf:59:
                    d4:12:31:31:ad:77:8a:39:1f:6c:f2:48:78:2b:ad:
                    c5:6e:48:77:4d:fc:13:6a:86:58:ee:aa:8d:00:9d:
                    33:9c:2b:43:c1:e8:14:1e:74:f0:5a:68:7d:7d:f2:
                    6e:fd:3f:ca:92:1f:f7:0e:5e:93:ae:8b:0b:4c:54:
                    fb:5c:d8:19:37:ad:21:8b:8a:81:e2:de:71:97:e0:
                    76:f4:e8:83:50:04:ce:c2:74:1c:5a:7b:0f:c7:5e:
                    fd:5c:b7:2a:b8:3e:4b:17:7c:de:4c:40:19:7c:d5:
                    43:5c:a5:ca:cf:5e:7a:71:73:7f:77:59:bf:d0:13:
                    35:76:07:1e:40:b5:70:7c:c0:87:80:0a:44:85:01:
                    79:4c:34:d3:e0:8d:85:98:0b:67:65:c7:8c:1c:eb:
                    d0:a6:34:aa:bc:a2:87:82:2f:62:ee:83:cb:dc:88:
                    2a:a2:06:48:1c:6f:97:46:4e:51:25:ea:ab:6d:8b:
                    55:96:f3:9f:01:8b:8d:f1:7c:81:c6:9c:a0:20:12:
                    86:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:77:16:6E:AC:9B:F4:78:28:4D:72:BD:71:53:5E:28:6C:79:59:57
            X509v3 Authority Key Identifier:
                keyid:A3:D3:1F:17:99:BF:55:88:FF:A9:88:E4:92:86:BF:C7:0A:4B:34:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o9MfF5m_VYj_qYjkkoa_xwpLNL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/r3cWbqyb9HgoTXK9cVNeKGx5WVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/o9MfF5m_VYj_qYjkkoa_xwpLNL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.151.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         33:73:1f:1b:01:97:8f:54:08:1b:55:b6:23:38:d2:be:0f:f0:
         f9:f5:06:ed:18:81:2f:08:fd:40:6c:cd:66:33:08:a6:37:7d:
         9e:03:48:1c:a1:28:e5:dd:aa:70:eb:ec:40:88:ae:43:5c:e2:
         de:fc:6e:8f:9a:c9:ce:01:a0:0c:c0:60:05:e4:aa:65:ad:f5:
         29:71:7e:3e:74:2f:b8:a0:4c:57:e7:86:45:0b:3a:d3:86:32:
         3f:4c:9d:49:f3:fc:31:54:a3:67:ec:a0:b3:a0:5f:ba:9c:74:
         c5:dd:d3:41:f8:50:6b:76:dc:32:54:d6:1d:b9:7b:67:35:aa:
         0b:71:a1:6f:b3:08:f3:22:be:c2:fb:2b:76:86:bc:41:08:3c:
         48:94:e1:aa:9a:b2:b8:d2:da:97:5e:49:17:8e:bd:39:46:fd:
         73:5a:0d:31:85:17:82:bc:13:4d:22:10:f3:13:90:41:a4:3b:
         45:f4:06:0e:ef:fb:40:83:42:17:99:97:90:9e:56:18:9e:97:
         4a:5f:53:6a:1c:4d:4f:7c:e0:5d:f1:87:de:f9:79:9c:2c:a9:
         f1:00:50:f9:ae:06:2d:de:39:51:2c:90:40:70:15:b4:68:78:
         3b:1a:fd:37:68:d2:7d:a0:95:74:e9:89:ee:6e:5e:a9:dc:fb:
         7a:cd:b8:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaAhD/gzOshaD1LPSnuL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZDMxZjE3OTliZjU1ODhmZmE5ODhlNDkyODZiZmM3MGE0
YjM0YmUwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjc3MTY2ZWFjOWJmNDc4Mjg0ZDcyYmQ3MTUzNWUyODZjNzk1OTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIAagPJM+hokPTTykfVsZJADRcbf
VAddaw3ByL4lgvZGrN1CIyI2Ehhss14EL1bBUfS+X0nSYBFzv1nUEjExrXeKOR9s
8kh4K63Fbkh3TfwTaoZY7qqNAJ0znCtDwegUHnTwWmh9ffJu/T/Kkh/3Dl6TrosL
TFT7XNgZN60hi4qB4t5xl+B29OiDUATOwnQcWnsPx179XLcquD5LF3zeTEAZfNVD
XKXKz156cXN/d1m/0BM1dgceQLVwfMCHgApEhQF5TDTT4I2FmAtnZceMHOvQpjSq
vKKHgi9i7oPL3IgqogZIHG+XRk5RJeqrbYtVlvOfAYuN8XyBxpygIBKGLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK93Fm6sm/R4KE1yvXFTXihseVlXMB8GA1UdIwQY
MBaAFKPTHxeZv1WI/6mI5JKGv8cKSzS+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzlNZkY1bV9WWWpfcVlqa2tvYV94d3BMTkw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xYWNkNmMtODkyZi00NWUxLWIxNDUt
YWRlNTI2MWMxMDQzLzEvcjNjV2JxeWI5SGdvVFhLOWNWTmVLR3g1V1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xYWNkNmMtODkyZi00NWUxLWIxNDUtYWRlNTI2MWMxMDQz
LzEvbzlNZkY1bV9WWWpfcVlqa2tvYV94d3BMTkw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZfQMA0G
CSqGSIb3DQEBCwUAA4IBAQAzcx8bAZePVAgbVbYjONK+D/D59QbtGIEvCP1AbM1m
MwimN32eA0gcoSjl3apw6+xAiK5DXOLe/G6PmsnOAaAMwGAF5KplrfUpcX4+dC+4
oExX54ZFCzrThjI/TJ1J8/wxVKNn7KCzoF+6nHTF3dNB+FBrdtwyVNYduXtnNaoL
caFvswjzIr7C+yt2hrxBCDxIlOGqmrK40tqXXkkXjr05Rv1zWg0xhReCvBNNIhDz
E5BBpDtF9AYO7/tAg0IXmZeQnlYYnpdKX1NqHE1PfOBd8Yfe+XmcLKnxAFD5rgYt
3jlRLJBAcBW0aHg7Gv03aNJ9oJV06Ynubl6p3Pt6zbiy
-----END CERTIFICATE-----