Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FOeHfcz85xU8C62mQxxJJHB7gY8.roa
File:                     FOeHfcz85xU8C62mQxxJJHB7gY8.roa (raw, json)
Hash identifier:          E8gKY1HcgO+YpnKrz91h+Npb9mu4HbUSR/VlLgnTYD0=
Subject key identifier:   14:E7:87:7D:CC:FC:E7:15:3C:0B:AD:A6:43:1C:49:24:70:7B:81:8F
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019352EA0A54083B9F44BC53A310792DA504
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FOeHfcz85xU8C62mQxxJJHB7gY8.roa
Signing time:             Fri 22 Nov 2024 08:08:09 +0000
ROA not before:           Fri 22 Nov 2024 08:08:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        217.180.17.0/24 maxlen: 24
                          217.180.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:52:ea:0a:54:08:3b:9f:44:bc:53:a3:10:79:2d:a5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Nov 22 08:08:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14e7877dccfce7153c0bada6431c4924707b818f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b1:e3:21:16:15:e8:78:2e:78:b3:92:8a:9c:
                    bb:d3:5f:17:52:fb:df:45:16:67:48:57:52:ca:e8:
                    20:8c:18:b3:90:75:47:a9:bf:b9:a9:ee:72:be:6e:
                    f2:12:e4:29:55:4c:f3:34:06:80:51:93:99:5e:92:
                    72:20:39:9b:d5:bc:4a:0e:99:82:c9:61:b1:17:15:
                    f8:44:6b:0c:b5:dd:88:f1:a7:d3:74:95:6a:44:1f:
                    55:68:3e:49:4c:16:fe:1f:22:a0:5f:37:fe:da:57:
                    d2:68:4a:66:a7:cb:b8:79:66:b6:55:42:e9:28:f5:
                    86:00:89:88:54:c6:f6:c9:3a:c2:1d:79:fe:50:4f:
                    c8:db:da:12:65:06:f6:63:f3:4a:41:dc:8f:d8:22:
                    a2:98:40:0d:5a:b7:69:93:0f:1e:89:bd:f5:83:98:
                    3c:1f:cd:c6:b2:4b:d3:68:7b:6a:fe:99:68:86:5f:
                    92:ae:00:9c:30:dd:f6:73:c6:43:75:e4:53:f8:53:
                    c3:7b:34:27:90:d8:a4:af:17:02:45:f1:ab:03:4b:
                    b1:c7:af:96:39:8a:44:44:db:86:67:f1:93:00:2a:
                    ec:a6:fe:32:c3:2c:7b:ca:a5:a7:06:0f:63:94:83:
                    b8:55:dd:da:91:54:2c:07:ad:52:e9:14:a0:22:49:
                    d6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E7:87:7D:CC:FC:E7:15:3C:0B:AD:A6:43:1C:49:24:70:7B:81:8F
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FOeHfcz85xU8C62mQxxJJHB7gY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.17.0/24
                  217.180.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:fa:2c:c3:85:dd:a0:5c:12:ff:9d:1d:7a:fe:53:d3:50:f5:
         15:07:ee:9c:24:23:fe:d5:2f:ec:22:67:66:37:25:0d:e3:4b:
         6c:80:15:71:b8:59:b2:f1:7f:bf:8c:5a:8a:3c:f3:a5:8f:11:
         ea:50:bd:ae:6f:8f:9d:37:9c:eb:e7:23:fe:72:4e:b6:32:9b:
         b1:80:f6:c7:3e:eb:13:5c:19:2a:78:72:8c:70:fe:3c:61:d0:
         4f:74:ce:fc:f6:b4:e0:d6:4e:8d:39:7e:8b:62:79:0a:12:19:
         bd:54:42:88:15:0f:42:45:64:95:72:c0:7f:f5:5a:fa:ca:06:
         61:cc:a0:90:0a:79:3c:dd:d0:9d:78:55:55:c3:65:cd:f4:3e:
         82:f5:17:05:17:8c:6d:f3:f8:35:c9:a8:e7:0a:23:4c:ac:be:
         0e:ed:df:95:6c:d9:9c:a2:9c:7d:1a:46:e0:74:cb:8e:19:5a:
         39:a8:8e:07:0a:59:3b:5f:26:f0:8d:e6:26:f2:27:fc:41:9f:
         06:c3:36:82:88:d0:79:40:f5:aa:38:21:4f:b6:6c:6b:5f:b3:
         03:59:4e:d2:4d:c0:7a:38:9f:8f:9b:d1:8c:60:b0:93:c8:66:
         0e:d0:75:05:09:54:92:da:fd:25:3b:ec:e9:32:c3:77:1a:38:
         90:f4:0e:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNS6gpUCDufRLxToxB5LaUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQxMTIyMDgwODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGU3ODc3ZGNjZmNlNzE1M2MwYmFkYTY0MzFjNDkyNDcwN2I4MThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LHjIRYV6HgueLOSipy7018XUvvf
RRZnSFdSyuggjBizkHVHqb+5qe5yvm7yEuQpVUzzNAaAUZOZXpJyIDmb1bxKDpmC
yWGxFxX4RGsMtd2I8afTdJVqRB9VaD5JTBb+HyKgXzf+2lfSaEpmp8u4eWa2VULp
KPWGAImIVMb2yTrCHXn+UE/I29oSZQb2Y/NKQdyP2CKimEANWrdpkw8eib31g5g8
H83GskvTaHtq/plohl+SrgCcMN32c8ZDdeRT+FPDezQnkNikrxcCRfGrA0uxx6+W
OYpERNuGZ/GTACrspv4ywyx7yqWnBg9jlIO4Vd3akVQsB61S6RSgIknWlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBTnh33M/OcVPAutpkMcSSRwe4GPMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvRk9lSGZjejg1eFU4QzYybVF4eEpKSEI3Z1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2bQRAwQA
2bQuMA0GCSqGSIb3DQEBCwUAA4IBAQCd+izDhd2gXBL/nR16/lPTUPUVB+6cJCP+
1S/sImdmNyUN40tsgBVxuFmy8X+/jFqKPPOljxHqUL2ub4+dN5zr5yP+ck62Mpux
gPbHPusTXBkqeHKMcP48YdBPdM789rTg1k6NOX6LYnkKEhm9VEKIFQ9CRWSVcsB/
9Vr6ygZhzKCQCnk83dCdeFVVw2XN9D6C9RcFF4xt8/g1yajnCiNMrL4O7d+VbNmc
opx9GkbgdMuOGVo5qI4HClk7XybwjeYm8if8QZ8GwzaCiNB5QPWqOCFPtmxrX7MD
WU7STcB6OJ+Pm9GMYLCTyGYO0HUFCVSS2v0lO+zpMsN3GjiQ9A7I
-----END CERTIFICATE-----