Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/ZATyVbfQ8EC17OamvzXOVqGPnrM.roa
File:                     ZATyVbfQ8EC17OamvzXOVqGPnrM.roa (raw, json)
Hash identifier:          ja4uYIp8AVdz2MZjSgeppsaeXUjD85JBBoHkvfMMsS4=
Subject key identifier:   64:04:F2:55:B7:D0:F0:40:B5:EC:E6:A6:BF:35:CE:56:A1:8F:9E:B3
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01921DA2E93622B16FE53AB305A55E5F39DC
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/ZATyVbfQ8EC17OamvzXOVqGPnrM.roa
Signing time:             Mon 23 Sep 2024 06:47:48 +0000
ROA not before:           Mon 23 Sep 2024 06:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        217.177.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1d:a2:e9:36:22:b1:6f:e5:3a:b3:05:a5:5e:5f:39:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Sep 23 06:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6404f255b7d0f040b5ece6a6bf35ce56a18f9eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9e:58:39:f9:ba:fd:c3:3f:75:11:5e:30:0e:
                    69:21:f1:7e:7a:39:13:69:e9:cb:1d:91:3a:41:90:
                    a9:b5:32:bc:bf:a3:b1:bd:8e:92:13:7c:d7:28:eb:
                    2c:72:4b:e4:be:0f:de:ef:ac:07:c7:08:01:63:ac:
                    0d:69:ac:17:ad:14:e5:11:6b:c6:63:a6:6d:3a:16:
                    ec:2d:fa:17:4a:e5:a9:ce:71:c8:25:75:18:49:5f:
                    26:c6:a2:f4:b6:ae:ca:f8:5f:b5:8b:18:a9:bd:fb:
                    0a:78:33:8d:d5:9e:0f:a3:bc:24:cd:81:e9:ca:41:
                    75:96:1f:1a:a4:0b:47:8a:00:9d:77:3f:3c:a0:c4:
                    41:3a:b1:9e:57:ab:c1:c4:d5:83:92:02:de:99:f6:
                    9a:87:1e:6b:9b:a3:1e:bb:2a:90:28:8e:e3:00:17:
                    34:93:fb:f0:f3:ec:95:26:03:15:26:37:30:c1:87:
                    cb:8f:94:15:be:58:57:c6:20:70:4b:e8:94:1d:6d:
                    5d:df:ad:93:47:48:f2:48:47:e7:db:f7:84:3d:1e:
                    88:ff:4a:e8:15:62:f2:ad:06:63:2b:df:9b:2c:d4:
                    0a:c9:14:a1:54:91:41:6b:2d:f2:e9:73:cc:3f:90:
                    f0:d3:43:19:eb:72:90:e3:3b:cb:8d:00:05:18:89:
                    d6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:04:F2:55:B7:D0:F0:40:B5:EC:E6:A6:BF:35:CE:56:A1:8F:9E:B3
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/ZATyVbfQ8EC17OamvzXOVqGPnrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:33:2d:51:93:bf:bb:ec:3c:8d:99:ef:1e:47:ed:d4:c2:d9:
         8f:1b:2c:2c:94:1b:9d:68:93:63:25:28:6d:81:23:fe:c1:37:
         05:f9:a8:71:13:e5:22:1e:3b:50:41:18:3c:17:12:37:ca:4b:
         93:c1:57:61:10:51:4a:2b:a4:1e:94:a3:98:95:8f:62:8c:f5:
         58:9f:1d:85:48:9a:06:9e:b8:2b:94:bd:03:83:f1:e1:fa:d6:
         89:19:3e:24:22:e8:24:28:95:b0:90:66:df:fd:65:24:4f:51:
         65:a0:e5:f3:ca:6c:59:83:e5:23:f6:74:19:a4:19:a7:06:60:
         2c:1a:a2:88:7c:9c:4c:8f:2e:d5:26:49:74:6f:da:9b:a3:74:
         6d:b0:bc:01:9c:58:53:b7:c6:a1:9a:c3:da:68:44:71:f0:21:
         f8:37:05:53:0d:d3:c0:0f:0e:d5:bc:f7:2f:2f:96:3c:36:54:
         2c:67:a2:22:f9:70:7c:41:e9:3c:10:7c:99:cb:21:44:8a:3c:
         06:af:5c:2c:18:16:5a:5d:7d:d6:85:30:68:7c:45:a9:44:86:
         67:88:b0:6a:4b:f4:7c:ea:34:76:70:8f:d9:32:a5:3d:a2:f0:
         43:ae:b4:d9:82:7f:11:22:89:66:39:57:77:c1:f8:60:2c:d9:
         c2:b0:73:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIdouk2IrFv5TqzBaVeXzncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwOTIzMDY0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDA0ZjI1NWI3ZDBmMDQwYjVlY2U2YTZiZjM1Y2U1NmExOGY5ZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz55YOfm6/cM/dRFeMA5pIfF+ejkT
aenLHZE6QZCptTK8v6OxvY6SE3zXKOssckvkvg/e76wHxwgBY6wNaawXrRTlEWvG
Y6ZtOhbsLfoXSuWpznHIJXUYSV8mxqL0tq7K+F+1ixipvfsKeDON1Z4Po7wkzYHp
ykF1lh8apAtHigCddz88oMRBOrGeV6vBxNWDkgLemfaahx5rm6MeuyqQKI7jABc0
k/vw8+yVJgMVJjcwwYfLj5QVvlhXxiBwS+iUHW1d362TR0jySEfn2/eEPR6I/0ro
FWLyrQZjK9+bLNQKyRShVJFBay3y6XPMP5Dw00MZ63KQ4zvLjQAFGInWIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQE8lW30PBAtezmpr81zlahj56zMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvWkFUeVZiZlE4RUMxN09hbXZ6WE9WcUdQbnJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bFJMA0G
CSqGSIb3DQEBCwUAA4IBAQCCMy1Rk7+77DyNme8eR+3UwtmPGywslBudaJNjJSht
gSP+wTcF+ahxE+UiHjtQQRg8FxI3ykuTwVdhEFFKK6QelKOYlY9ijPVYnx2FSJoG
nrgrlL0Dg/Hh+taJGT4kIugkKJWwkGbf/WUkT1FloOXzymxZg+Uj9nQZpBmnBmAs
GqKIfJxMjy7VJkl0b9qbo3RtsLwBnFhTt8ahmsPaaERx8CH4NwVTDdPADw7VvPcv
L5Y8NlQsZ6Ii+XB8Qek8EHyZyyFEijwGr1wsGBZaXX3WhTBofEWpRIZniLBqS/R8
6jR2cI/ZMqU9ovBDrrTZgn8RIolmOVd3wfhgLNnCsHNL
-----END CERTIFICATE-----