Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/9ea08a-1a99-4ee3-a3c4-8426aa1a6d2f/1/C3-yjnr__DerTC_e1GXjoVkQvBQ.roa
File:                     C3-yjnr__DerTC_e1GXjoVkQvBQ.roa (raw, json)
Hash identifier:          d/Nn3XAq2ps6xfczFFE/c16PuwFM2mFTvQtFbJQXC60=
Subject key identifier:   0B:7F:B2:8E:7A:FF:FC:37:AB:4C:2F:DE:D4:65:E3:A1:59:10:BC:14
Certificate issuer:       /CN=4a46ad8b510cf559485e3611555b8b439ef533bb
Certificate serial:       019006BD19979E7C5FBBBF5BA52AC7258B21
Authority key identifier: 4A:46:AD:8B:51:0C:F5:59:48:5E:36:11:55:5B:8B:43:9E:F5:33:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skati1EM9VlIXjYRVVuLQ571M7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/9ea08a-1a99-4ee3-a3c4-8426aa1a6d2f/1/C3-yjnr__DerTC_e1GXjoVkQvBQ.roa
Signing time:             Tue 11 Jun 2024 09:59:34 +0000
ROA not before:           Tue 11 Jun 2024 09:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216016
IP address blocks:        217.23.208.0/24 maxlen: 24
                          2a14:300::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/9ea08a-1a99-4ee3-a3c4-8426aa1a6d2f/1/Skati1EM9VlIXjYRVVuLQ571M7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/9ea08a-1a99-4ee3-a3c4-8426aa1a6d2f/1/Skati1EM9VlIXjYRVVuLQ571M7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skati1EM9VlIXjYRVVuLQ571M7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:bd:19:97:9e:7c:5f:bb:bf:5b:a5:2a:c7:25:8b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a46ad8b510cf559485e3611555b8b439ef533bb
        Validity
            Not Before: Jun 11 09:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b7fb28e7afffc37ab4c2fded465e3a15910bc14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7e:8a:88:a7:76:27:8c:69:44:66:11:d9:43:
                    d4:77:46:cc:43:bf:66:4d:05:39:8a:be:91:57:0b:
                    37:f2:33:c0:86:e4:a3:6c:a1:ee:94:da:67:d1:c5:
                    68:21:46:08:3e:63:e4:39:49:ae:7b:85:6b:a8:8b:
                    8f:f3:16:4d:80:fd:e9:c1:10:e9:8e:2c:fd:da:c0:
                    42:f2:6d:60:6d:cc:2e:66:bc:f5:56:89:52:e2:a5:
                    8b:98:77:68:9e:5a:32:03:71:69:50:ef:b9:36:6b:
                    0d:6b:17:b2:69:49:59:a3:84:a2:88:3b:ae:b0:0a:
                    98:19:f7:71:f4:23:63:3b:7a:a6:e7:73:66:aa:e4:
                    05:46:23:2d:3a:3f:d8:a0:9e:37:c3:81:02:f8:a8:
                    3e:db:d9:a2:90:e5:22:fb:fe:af:5e:fb:b5:20:5f:
                    ba:f0:bf:77:7b:3e:69:47:9d:b1:94:af:d8:3d:17:
                    eb:00:8e:3c:ce:af:98:ec:06:e9:97:30:cf:51:0b:
                    14:a2:a8:54:ef:cd:23:13:7e:67:05:d6:af:d5:71:
                    bd:85:15:27:08:02:af:15:3a:ea:cf:9c:4a:7f:96:
                    ff:fe:5a:10:1c:08:fd:6f:27:fc:37:a0:8e:f1:86:
                    ef:a4:40:4d:31:83:bf:ca:b2:d4:6e:7b:37:57:ef:
                    d5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7F:B2:8E:7A:FF:FC:37:AB:4C:2F:DE:D4:65:E3:A1:59:10:BC:14
            X509v3 Authority Key Identifier:
                keyid:4A:46:AD:8B:51:0C:F5:59:48:5E:36:11:55:5B:8B:43:9E:F5:33:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skati1EM9VlIXjYRVVuLQ571M7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/9ea08a-1a99-4ee3-a3c4-8426aa1a6d2f/1/C3-yjnr__DerTC_e1GXjoVkQvBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/9ea08a-1a99-4ee3-a3c4-8426aa1a6d2f/1/Skati1EM9VlIXjYRVVuLQ571M7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.23.208.0/24
                IPv6:
                  2a14:300::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:e0:4f:a6:42:66:a5:23:a7:2f:2b:85:00:31:ca:b7:34:60:
         6a:76:45:83:f5:e4:19:4a:b1:27:e8:45:e5:10:dc:10:16:3b:
         0d:4f:15:df:4d:e0:d2:a9:31:7e:94:33:bb:a4:36:4a:a3:e8:
         ab:32:68:8e:fa:5f:3d:82:c8:92:fd:44:86:2f:0b:44:b4:fb:
         b3:2d:9a:4d:59:46:7c:d2:0d:fd:77:35:5b:b4:5b:93:ea:ab:
         64:bc:30:92:45:d2:58:57:f7:7c:ce:a6:78:da:1f:89:98:e1:
         00:92:62:23:05:15:60:ed:59:6c:de:2b:c8:36:cd:4f:d7:61:
         95:02:37:00:ef:6e:e8:b6:0c:90:ef:62:b3:8f:5e:22:50:dc:
         49:2c:3b:25:d2:a5:87:91:b5:3f:85:3b:9c:88:f2:22:73:e6:
         1e:36:5d:d3:51:39:c4:c2:55:55:e8:62:5b:ee:c3:d2:03:4a:
         91:4a:b8:6c:fe:8b:eb:92:f9:c5:7e:b4:38:db:7c:da:fb:85:
         25:d6:ba:1e:5b:83:eb:21:3a:94:fb:91:b8:23:db:60:6e:7f:
         74:fe:c5:86:9f:54:81:9a:27:a2:40:8c:74:82:06:91:d5:d1:
         02:6a:43:01:18:e1:05:6a:c5:be:47:8c:4b:e4:00:36:f4:b6:
         17:55:8e:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZAGvRmXnnxfu79bpSrHJYshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDZhZDhiNTEwY2Y1NTk0ODVlMzYxMTU1NWI4YjQzOWVm
NTMzYmIwHhcNMjQwNjExMDk1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjdmYjI4ZTdhZmZmYzM3YWI0YzJmZGVkNDY1ZTNhMTU5MTBiYzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo36KiKd2J4xpRGYR2UPUd0bMQ79m
TQU5ir6RVws38jPAhuSjbKHulNpn0cVoIUYIPmPkOUmue4VrqIuP8xZNgP3pwRDp
jiz92sBC8m1gbcwuZrz1VolS4qWLmHdonloyA3FpUO+5NmsNaxeyaUlZo4SiiDuu
sAqYGfdx9CNjO3qm53NmquQFRiMtOj/YoJ43w4EC+Kg+29mikOUi+/6vXvu1IF+6
8L93ez5pR52xlK/YPRfrAI48zq+Y7AbplzDPUQsUoqhU780jE35nBdav1XG9hRUn
CAKvFTrqz5xKf5b//loQHAj9byf8N6CO8YbvpEBNMYO/yrLUbns3V+/VvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAt/so56//w3q0wv3tRl46FZELwUMB8GA1UdIwQY
MBaAFEpGrYtRDPVZSF42EVVbi0Oe9TO7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2thdGkxRU05VmxJWGpZUlZWdUxRNTcxTTdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS85ZWEwOGEtMWE5OS00ZWUzLWEzYzQt
ODQyNmFhMWE2ZDJmLzEvQzMteWpucl9fRGVyVENfZTFHWGpvVmtRdkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS85ZWEwOGEtMWE5OS00ZWUzLWEzYzQtODQyNmFhMWE2ZDJm
LzEvU2thdGkxRU05VmxJWGpZUlZWdUxRNTcxTTdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RfQMA0E
AgACMAcDBQMqFAMAMA0GCSqGSIb3DQEBCwUAA4IBAQAI4E+mQmalI6cvK4UAMcq3
NGBqdkWD9eQZSrEn6EXlENwQFjsNTxXfTeDSqTF+lDO7pDZKo+irMmiO+l89gsiS
/USGLwtEtPuzLZpNWUZ80g39dzVbtFuT6qtkvDCSRdJYV/d8zqZ42h+JmOEAkmIj
BRVg7Vls3ivINs1P12GVAjcA727otgyQ72Kzj14iUNxJLDsl0qWHkbU/hTuciPIi
c+YeNl3TUTnEwlVV6GJb7sPSA0qRSrhs/ovrkvnFfrQ423za+4Ul1roeW4PrITqU
+5G4I9tgbn90/sWGn1SBmieiQIx0ggaR1dECakMBGOEFasW+R4xL5AA29LYXVY7X
-----END CERTIFICATE-----