Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/TyzAwlmuhvRPiOrf72FiYJT6toA.roa
File:                     TyzAwlmuhvRPiOrf72FiYJT6toA.roa (raw, json)
Hash identifier:          ddtni5CLrNX+R1V43modjr4KXsfSu81HbAF2hee59mY=
Subject key identifier:   4F:2C:C0:C2:59:AE:86:F4:4F:88:EA:DF:EF:61:62:60:94:FA:B6:80
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018D35A8CEFC9C92038896ADC9DDCE3562F8
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/TyzAwlmuhvRPiOrf72FiYJT6toA.roa
Signing time:             Tue 23 Jan 2024 09:31:11 +0000
ROA not before:           Tue 23 Jan 2024 09:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        217.25.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:35:a8:ce:fc:9c:92:03:88:96:ad:c9:dd:ce:35:62:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan 23 09:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f2cc0c259ae86f44f88eadfef61626094fab680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:70:13:17:cd:71:c3:a4:cc:b3:c8:da:dc:7d:
                    68:95:fe:21:82:a9:1f:0e:c5:5c:d7:79:56:6d:f3:
                    2e:3c:94:54:ce:06:86:54:74:c3:3a:66:60:3d:45:
                    ab:84:79:a8:f5:b7:b8:ff:12:89:04:5f:c5:58:ba:
                    e5:e3:ef:a0:3f:cb:be:14:0f:b5:3f:35:82:bb:46:
                    01:3f:c0:da:0b:01:51:16:e5:45:a3:dd:2e:6a:f6:
                    97:1b:77:6a:e4:c7:8e:b4:f5:fe:26:1d:fa:1b:c6:
                    3d:da:d8:f9:e3:fb:32:c4:98:31:b8:09:12:58:88:
                    cd:c6:01:fc:bb:13:fd:ba:eb:65:4c:3c:5a:bd:19:
                    b7:a4:c5:f1:ad:c3:f4:6b:2c:24:8d:34:3a:4e:b9:
                    e3:d1:d7:e4:2f:5c:38:28:e4:44:01:0d:a2:2f:f1:
                    8b:c6:86:43:8f:31:10:6c:0d:bc:da:b4:86:01:fe:
                    55:30:9a:2b:6d:1b:f2:ea:67:f7:25:34:0a:8f:19:
                    ac:3a:c9:67:10:0c:ab:e6:7f:89:1e:ee:15:45:e8:
                    88:46:3d:72:3f:53:86:f0:8d:3f:8e:28:68:f3:01:
                    7d:96:c2:92:c3:a1:18:f9:fd:7e:2a:45:01:b3:65:
                    dc:8f:40:b3:ff:55:d6:8e:18:cc:8a:f5:85:4b:f9:
                    2c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:2C:C0:C2:59:AE:86:F4:4F:88:EA:DF:EF:61:62:60:94:FA:B6:80
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/TyzAwlmuhvRPiOrf72FiYJT6toA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:74:c8:f0:37:f0:c1:e8:6d:40:ef:9e:ae:45:7c:b9:87:e0:
         55:6a:90:8e:14:7c:93:aa:d7:98:4c:1d:0d:be:e0:d1:63:00:
         2e:8d:c5:e5:bc:cb:a3:af:91:b3:f3:e7:aa:02:7d:a1:65:f1:
         5f:1a:b6:60:af:d0:de:ad:22:2a:a6:4f:1d:cd:ea:0c:51:7e:
         81:d7:a7:12:09:3d:a0:e5:c1:3f:f8:d9:99:21:18:1c:93:0b:
         d3:24:28:5f:42:c9:91:dd:e2:46:fa:c1:f8:43:4a:48:0e:4d:
         75:54:77:58:87:99:c0:b9:49:a2:a3:e6:d0:dd:b8:b1:5d:6c:
         9a:27:6f:32:70:aa:99:7c:20:ad:a1:91:70:4a:d6:40:ac:7f:
         cd:35:51:b5:de:40:f1:e0:57:db:41:52:ba:27:62:7e:c0:b8:
         e0:72:2e:47:6a:61:65:65:a5:54:15:cc:de:7d:8a:6f:38:2e:
         25:ab:50:54:7c:73:68:01:ee:0f:2b:a1:6c:ad:da:c2:35:37:
         70:cd:b0:e9:8b:68:c8:46:7b:fb:21:b9:f9:39:51:e7:e0:74:
         00:08:3e:9d:e0:52:96:16:84:51:28:55:d2:29:14:c2:74:36:
         d5:60:0f:f9:eb:6d:23:5d:2f:7f:3c:74:4b:f2:d5:36:79:80:
         e3:35:8e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY01qM78nJIDiJatyd3ONWL4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwMTIzMDkzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjJjYzBjMjU5YWU4NmY0NGY4OGVhZGZlZjYxNjI2MDk0ZmFiNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HATF81xw6TMs8ja3H1olf4hgqkf
DsVc13lWbfMuPJRUzgaGVHTDOmZgPUWrhHmo9be4/xKJBF/FWLrl4++gP8u+FA+1
PzWCu0YBP8DaCwFRFuVFo90uavaXG3dq5MeOtPX+Jh36G8Y92tj54/syxJgxuAkS
WIjNxgH8uxP9uutlTDxavRm3pMXxrcP0aywkjTQ6Trnj0dfkL1w4KOREAQ2iL/GL
xoZDjzEQbA282rSGAf5VMJorbRvy6mf3JTQKjxmsOslnEAyr5n+JHu4VReiIRj1y
P1OG8I0/jiho8wF9lsKSw6EY+f1+KkUBs2Xcj0Cz/1XWjhjMivWFS/ksTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8swMJZrob0T4jq3+9hYmCU+raAMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvVHl6QXdsbXVodlJQaU9yZjcyRmlZSlQ2dG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkMMA0G
CSqGSIb3DQEBCwUAA4IBAQBhdMjwN/DB6G1A756uRXy5h+BVapCOFHyTqteYTB0N
vuDRYwAujcXlvMujr5Gz8+eqAn2hZfFfGrZgr9DerSIqpk8dzeoMUX6B16cSCT2g
5cE/+NmZIRgckwvTJChfQsmR3eJG+sH4Q0pIDk11VHdYh5nAuUmio+bQ3bixXWya
J28ycKqZfCCtoZFwStZArH/NNVG13kDx4FfbQVK6J2J+wLjgci5HamFlZaVUFcze
fYpvOC4lq1BUfHNoAe4PK6FsrdrCNTdwzbDpi2jIRnv7Ibn5OVHn4HQACD6d4FKW
FoRRKFXSKRTCdDbVYA/5620jXS9/PHRL8tU2eYDjNY6G
-----END CERTIFICATE-----