Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/8jf2XNRzBx5QyA3HLVePZL6fm9Q.roa
File:                     8jf2XNRzBx5QyA3HLVePZL6fm9Q.roa (raw, json)
Hash identifier:          pAnO1ov+7nF/52OLU3jsz1UvlXHOTuVVY5UNL4uGIOg=
Subject key identifier:   F2:37:F6:5C:D4:73:07:1E:50:C8:0D:C7:2D:57:8F:64:BE:9F:9B:D4
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01928752050D5B23275DFA89704B3D5AF935
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/8jf2XNRzBx5QyA3HLVePZL6fm9Q.roa
Signing time:             Sun 13 Oct 2024 19:19:12 +0000
ROA not before:           Sun 13 Oct 2024 19:19:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        217.177.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:87:52:05:0d:5b:23:27:5d:fa:89:70:4b:3d:5a:f9:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Oct 13 19:19:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f237f65cd473071e50c80dc72d578f64be9f9bd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fb:63:4c:64:ee:52:26:eb:ed:46:60:61:cc:
                    ab:8f:c2:3c:58:ab:d9:93:87:bf:ed:df:cd:ad:fd:
                    5b:9f:79:8a:49:a3:13:f6:9c:01:84:11:1b:52:45:
                    ef:fa:28:e1:61:17:58:65:b8:6f:2b:97:0d:eb:ab:
                    17:16:09:3d:7f:5b:61:cd:d4:7c:71:83:16:a9:96:
                    e1:f4:69:d0:19:81:21:9f:18:d9:dc:02:db:69:71:
                    7d:21:40:dd:1b:2f:38:92:6f:26:05:62:b2:34:f8:
                    f1:35:dd:d4:cd:52:78:fa:fd:af:38:fa:db:09:d2:
                    11:f3:28:09:67:58:95:9d:13:d4:e9:be:40:b9:c9:
                    21:28:02:eb:fe:ac:63:ec:ae:93:f9:8e:65:f9:84:
                    f5:58:a1:2a:3b:31:78:fb:0b:97:a8:35:a5:d0:e7:
                    5b:ea:9e:e1:7e:6c:e4:6a:af:30:6a:0d:b3:e6:81:
                    45:fc:cc:8b:22:77:ae:b5:6f:ab:1c:fa:5b:ee:c1:
                    4b:2a:ff:30:67:aa:3d:83:ff:1d:18:87:87:73:c6:
                    4a:96:1a:c6:ad:68:d6:cb:91:36:b3:5a:55:62:42:
                    b6:e3:37:5c:07:ad:84:a0:2b:a3:cc:6a:27:bc:2b:
                    7c:96:cc:c3:a3:ee:59:8f:10:0c:fa:46:db:68:7a:
                    c2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:37:F6:5C:D4:73:07:1E:50:C8:0D:C7:2D:57:8F:64:BE:9F:9B:D4
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/8jf2XNRzBx5QyA3HLVePZL6fm9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:7e:88:1a:b2:ad:1e:0d:6e:53:50:fa:36:3a:49:3c:43:28:
         bd:10:b8:e6:d0:03:4f:36:e7:c7:8a:7e:d3:15:ba:cf:d1:b0:
         fe:83:78:8d:4a:9b:be:1a:c1:c3:a1:e5:75:44:90:cd:64:89:
         23:c4:b5:b0:01:9d:84:8a:3d:3f:88:23:d5:91:fc:17:ff:64:
         8b:69:87:94:ca:66:12:7d:64:e4:44:65:da:4b:2e:fd:53:e5:
         29:be:9d:7b:22:ef:d1:fe:7d:db:9a:7d:ab:34:cd:96:b4:31:
         9e:40:43:c0:cb:02:ac:a4:c6:88:d4:aa:94:a5:12:5d:18:fa:
         0e:04:ed:c9:be:87:b3:99:41:7e:4a:f1:50:c9:4e:f4:25:7e:
         b0:9f:bd:b6:43:13:de:7e:99:61:d9:ee:f3:e2:a4:95:12:60:
         f0:79:ec:95:43:d1:b6:de:8c:ab:9a:57:b4:7b:7c:d8:a6:c8:
         35:ad:53:07:cb:ab:49:67:52:ca:7d:18:f1:be:a4:71:7a:68:
         a6:85:be:9b:4c:c8:48:03:7c:f3:3e:19:13:7e:a6:0e:ea:b0:
         12:4f:8f:20:0e:c1:69:ab:60:8c:af:ff:f3:0b:26:0f:8b:8d:
         fb:e1:c9:db:a6:b9:14:08:55:00:1b:2c:82:ec:bf:a2:dd:17:
         6f:7e:dd:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKHUgUNWyMnXfqJcEs9Wvk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQxMDEzMTkxOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjM3ZjY1Y2Q0NzMwNzFlNTBjODBkYzcyZDU3OGY2NGJlOWY5YmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPtjTGTuUibr7UZgYcyrj8I8WKvZ
k4e/7d/Nrf1bn3mKSaMT9pwBhBEbUkXv+ijhYRdYZbhvK5cN66sXFgk9f1thzdR8
cYMWqZbh9GnQGYEhnxjZ3ALbaXF9IUDdGy84km8mBWKyNPjxNd3UzVJ4+v2vOPrb
CdIR8ygJZ1iVnRPU6b5AuckhKALr/qxj7K6T+Y5l+YT1WKEqOzF4+wuXqDWl0Odb
6p7hfmzkaq8wag2z5oFF/MyLIneutW+rHPpb7sFLKv8wZ6o9g/8dGIeHc8ZKlhrG
rWjWy5E2s1pVYkK24zdcB62EoCujzGonvCt8lszDo+5ZjxAM+kbbaHrCoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI39lzUcwceUMgNxy1Xj2S+n5vUMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvOGpmMlhOUnpCeDVReUEzSExWZVBaTDZmbTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bEhMA0G
CSqGSIb3DQEBCwUAA4IBAQCPfogasq0eDW5TUPo2Okk8Qyi9ELjm0ANPNufHin7T
FbrP0bD+g3iNSpu+GsHDoeV1RJDNZIkjxLWwAZ2Eij0/iCPVkfwX/2SLaYeUymYS
fWTkRGXaSy79U+Upvp17Iu/R/n3bmn2rNM2WtDGeQEPAywKspMaI1KqUpRJdGPoO
BO3JvoezmUF+SvFQyU70JX6wn722QxPefplh2e7z4qSVEmDweeyVQ9G23oyrmle0
e3zYpsg1rVMHy6tJZ1LKfRjxvqRxemimhb6bTMhIA3zzPhkTfqYO6rAST48gDsFp
q2CMr//zCyYPi4374cnbprkUCFUAGyyC7L+i3Rdvft3u
-----END CERTIFICATE-----