Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/507THO5dSIj7LdWG8g8XVK755Y0.roa
File:                     507THO5dSIj7LdWG8g8XVK755Y0.roa (raw, json)
Hash identifier:          k708wccd30u6jz4kYVPuam78Zj3k5ZZTQId0uERtVOk=
Subject key identifier:   E7:4E:D3:1C:EE:5D:48:88:FB:2D:D5:86:F2:0F:17:54:AE:F9:E5:8D
Certificate issuer:       /CN=498fd453f5e35f9c77d1d706e565138adf82256a
Certificate serial:       019428274BBA43536FDA90427D3D2BCC5AE0
Authority key identifier: 49:8F:D4:53:F5:E3:5F:9C:77:D1:D7:06:E5:65:13:8A:DF:82:25:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SY_UU_XjX5x30dcG5WUTit-CJWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/507THO5dSIj7LdWG8g8XVK755Y0.roa
Signing time:             Thu 02 Jan 2025 17:54:11 +0000
ROA not before:           Thu 02 Jan 2025 17:54:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203931
IP address blocks:        217.29.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/SY_UU_XjX5x30dcG5WUTit-CJWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/SY_UU_XjX5x30dcG5WUTit-CJWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SY_UU_XjX5x30dcG5WUTit-CJWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:4b:ba:43:53:6f:da:90:42:7d:3d:2b:cc:5a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=498fd453f5e35f9c77d1d706e565138adf82256a
        Validity
            Not Before: Jan  2 17:54:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e74ed31cee5d4888fb2dd586f20f1754aef9e58d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:20:60:b6:e5:41:23:b2:b3:a8:9a:87:e2:29:
                    97:c4:d7:da:49:14:a5:d9:5d:8b:ed:a9:40:2c:f3:
                    d5:ac:79:68:06:f5:73:7a:ec:88:fa:06:e8:9f:d7:
                    a8:b5:ec:29:cf:c8:1c:6f:59:4a:16:2c:8f:05:4f:
                    c9:c3:d0:2d:c5:74:dd:27:ba:76:d5:ef:14:2c:6b:
                    5e:58:8d:f6:3d:52:1f:31:27:bb:a9:db:8f:03:84:
                    29:46:e5:6c:a0:e3:9b:66:50:2c:e0:fd:b7:ca:70:
                    66:b0:33:9d:c8:8b:48:f7:f1:c0:49:64:93:15:6d:
                    f7:68:b2:1c:e7:9f:05:9d:9a:07:ff:d4:a6:fe:a5:
                    47:98:e5:3e:97:15:5b:73:4f:cd:8e:2f:85:f9:ee:
                    25:2d:91:5e:5a:f9:bb:2f:61:03:bf:58:aa:70:eb:
                    a6:32:20:76:4b:8a:38:40:62:de:eb:a3:1e:14:bc:
                    f8:d0:a6:12:c4:ec:51:54:64:b8:66:df:29:1c:59:
                    e4:19:b3:96:ba:d7:08:0e:93:80:4c:2b:d1:11:3e:
                    a5:a0:16:75:3b:b8:aa:48:b9:cc:d9:0b:2b:0e:62:
                    d8:e8:40:15:1f:9d:9d:c5:c9:f8:a8:98:5b:3f:20:
                    a8:2f:75:42:7a:d0:7e:a8:03:be:f5:76:43:90:77:
                    b3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:4E:D3:1C:EE:5D:48:88:FB:2D:D5:86:F2:0F:17:54:AE:F9:E5:8D
            X509v3 Authority Key Identifier:
                keyid:49:8F:D4:53:F5:E3:5F:9C:77:D1:D7:06:E5:65:13:8A:DF:82:25:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SY_UU_XjX5x30dcG5WUTit-CJWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/507THO5dSIj7LdWG8g8XVK755Y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/545b06-8572-412f-a80f-3979ef0d32db/1/SY_UU_XjX5x30dcG5WUTit-CJWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.29.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:ec:19:46:d2:30:dd:cf:3a:cb:e0:2c:0a:2a:1e:9b:47:24:
         b7:01:c7:2e:7f:dc:11:90:6c:30:95:82:83:9d:eb:f0:25:56:
         c5:c8:05:2e:c4:9f:bf:62:e6:7b:8a:b6:ed:d1:54:f1:57:91:
         8d:db:4d:0a:ef:af:82:17:8c:f5:b7:c1:95:ba:77:1b:31:98:
         fd:c0:6e:9d:08:59:21:b9:d7:85:ec:e6:5f:23:9d:8e:6a:8e:
         cd:f1:5f:d8:98:df:ff:48:ed:20:1e:38:de:f8:ee:e0:28:d4:
         f3:fa:0d:4a:07:8d:3d:44:7a:ce:03:a7:b2:ef:d2:11:32:ff:
         0c:db:0d:f0:bc:df:df:2f:f8:fc:41:52:e0:97:6e:2a:7f:1b:
         8b:96:0c:01:56:27:cb:86:29:bf:4e:d0:32:b2:65:66:eb:9a:
         ff:22:9a:af:0a:a0:aa:36:62:21:d3:33:80:9f:a1:52:88:f7:
         d4:6d:0d:1a:62:88:f5:a9:6d:81:67:90:a1:3e:a3:c8:7d:f0:
         da:a5:1d:39:d3:85:5a:f4:66:21:37:79:8b:9f:e8:24:24:8d:
         a9:5e:89:4f:90:cb:9c:40:84:cb:36:58:fd:0c:0c:3c:47:74:
         5a:3a:21:17:ab:3c:c6:91:74:5a:25:c6:31:a7:78:ec:1f:73:
         9e:ac:88:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ0u6Q1Nv2pBCfT0rzFrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5OGZkNDUzZjVlMzVmOWM3N2QxZDcwNmU1NjUxMzhhZGY4
MjI1NmEwHhcNMjUwMTAyMTc1NDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzRlZDMxY2VlNWQ0ODg4ZmIyZGQ1ODZmMjBmMTc1NGFlZjllNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSBgtuVBI7KzqJqH4imXxNfaSRSl
2V2L7alALPPVrHloBvVzeuyI+gbon9eotewpz8gcb1lKFiyPBU/Jw9AtxXTdJ7p2
1e8ULGteWI32PVIfMSe7qduPA4QpRuVsoOObZlAs4P23ynBmsDOdyItI9/HASWST
FW33aLIc558FnZoH/9Sm/qVHmOU+lxVbc0/Nji+F+e4lLZFeWvm7L2EDv1iqcOum
MiB2S4o4QGLe66MeFLz40KYSxOxRVGS4Zt8pHFnkGbOWutcIDpOATCvRET6loBZ1
O7iqSLnM2QsrDmLY6EAVH52dxcn4qJhbPyCoL3VCetB+qAO+9XZDkHezfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdO0xzuXUiI+y3VhvIPF1Su+eWNMB8GA1UdIwQY
MBaAFEmP1FP141+cd9HXBuVlE4rfgiVqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1lfVVVfWGpYNXgzMGRjRzVXVVRpdC1DSldvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi81NDViMDYtODU3Mi00MTJmLWE4MGYt
Mzk3OWVmMGQzMmRiLzEvNTA3VEhPNWRTSWo3TGRXRzhnOFhWSzc1NVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi81NDViMDYtODU3Mi00MTJmLWE4MGYtMzk3OWVmMGQzMmRi
LzEvU1lfVVVfWGpYNXgzMGRjRzVXVVRpdC1DSldvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2R3wMA0G
CSqGSIb3DQEBCwUAA4IBAQA/7BlG0jDdzzrL4CwKKh6bRyS3Accuf9wRkGwwlYKD
nevwJVbFyAUuxJ+/YuZ7irbt0VTxV5GN200K76+CF4z1t8GVuncbMZj9wG6dCFkh
udeF7OZfI52Oao7N8V/YmN//SO0gHjje+O7gKNTz+g1KB409RHrOA6ey79IRMv8M
2w3wvN/fL/j8QVLgl24qfxuLlgwBVifLhim/TtAysmVm65r/IpqvCqCqNmIh0zOA
n6FSiPfUbQ0aYoj1qW2BZ5ChPqPIffDapR0504Va9GYhN3mLn+gkJI2pXolPkMuc
QITLNlj9DAw8R3RaOiEXqzzGkXRaJcYxp3jsH3OerIgJ
-----END CERTIFICATE-----