Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/a72da1-af81-4787-a085-ff34a8ae901a/1/xG5nFDK1Nyvy5vl4sT_P7td-s98.roa
File:                     xG5nFDK1Nyvy5vl4sT_P7td-s98.roa (raw, json)
Hash identifier:          9ZslVC10Wq5A6L0EoqSP1oGGII0oefI9/cuRC4XS49Y=
Subject key identifier:   C4:6E:67:14:32:B5:37:2B:F2:E6:F9:78:B1:3F:CF:EE:D7:7E:B3:DF
Certificate issuer:       /CN=f1f17ebcc2a525afcfc92218159caf52882978d2
Certificate serial:       01942444E6BC4EA0DA3B9D9F28E04C35E4E0
Authority key identifier: F1:F1:7E:BC:C2:A5:25:AF:CF:C9:22:18:15:9C:AF:52:88:29:78:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8fF-vMKlJa_PySIYFZyvUogpeNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/a72da1-af81-4787-a085-ff34a8ae901a/1/xG5nFDK1Nyvy5vl4sT_P7td-s98.roa
Signing time:             Wed 01 Jan 2025 23:48:02 +0000
ROA not before:           Wed 01 Jan 2025 23:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197119
IP address blocks:        178.217.168.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/a72da1-af81-4787-a085-ff34a8ae901a/1/8fF-vMKlJa_PySIYFZyvUogpeNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/a72da1-af81-4787-a085-ff34a8ae901a/1/8fF-vMKlJa_PySIYFZyvUogpeNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8fF-vMKlJa_PySIYFZyvUogpeNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:e6:bc:4e:a0:da:3b:9d:9f:28:e0:4c:35:e4:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1f17ebcc2a525afcfc92218159caf52882978d2
        Validity
            Not Before: Jan  1 23:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c46e671432b5372bf2e6f978b13fcfeed77eb3df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c4:f6:f6:00:d7:6d:66:fa:e0:1c:e9:3a:80:
                    27:a6:22:5e:46:cb:36:83:fd:89:b1:13:ce:96:c6:
                    e9:bb:8e:57:ba:5b:cb:6f:96:56:24:b9:ea:73:d7:
                    e6:1c:e2:dc:14:3d:72:84:9b:b3:2c:62:70:6b:6d:
                    1e:34:5c:7e:b4:e8:6e:ce:87:6f:bd:3a:33:53:6a:
                    2c:c6:76:9c:12:ce:b5:c4:b3:bd:9c:6d:61:3c:12:
                    5c:b2:09:84:7a:dc:92:19:45:ed:0a:1c:c4:59:87:
                    49:b7:6e:fd:f2:22:e1:06:90:96:a2:e8:ea:41:37:
                    a0:6d:a3:36:47:03:72:b1:9d:40:5a:cf:2e:7b:bb:
                    6d:d0:37:66:57:b1:ea:f4:a7:6c:05:4a:5b:fd:99:
                    77:7f:13:21:82:17:a4:b4:a8:cc:c2:f3:8a:19:9d:
                    8c:b5:21:31:ea:e4:45:57:e9:d4:c2:13:e8:05:65:
                    89:92:4a:8e:64:e5:d4:69:f6:de:8d:b2:24:15:33:
                    d5:67:bd:27:76:d6:65:42:02:fb:aa:65:81:95:41:
                    1b:e7:0e:19:a1:a1:be:f5:9b:0f:69:9d:f9:7c:0b:
                    05:7e:9f:4a:19:90:ad:01:54:5c:31:cd:a5:be:f3:
                    d6:2f:eb:37:2a:3a:f1:e2:45:c7:c4:1b:b5:1c:30:
                    aa:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:6E:67:14:32:B5:37:2B:F2:E6:F9:78:B1:3F:CF:EE:D7:7E:B3:DF
            X509v3 Authority Key Identifier:
                keyid:F1:F1:7E:BC:C2:A5:25:AF:CF:C9:22:18:15:9C:AF:52:88:29:78:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8fF-vMKlJa_PySIYFZyvUogpeNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a72da1-af81-4787-a085-ff34a8ae901a/1/xG5nFDK1Nyvy5vl4sT_P7td-s98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a72da1-af81-4787-a085-ff34a8ae901a/1/8fF-vMKlJa_PySIYFZyvUogpeNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.217.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         03:16:d0:2b:ba:ed:78:52:ed:98:83:a5:77:83:c8:1d:ce:c6:
         63:11:8b:a1:69:e5:86:16:b3:0d:27:8d:ec:39:c7:80:67:e3:
         22:52:8c:d2:02:4f:d4:3d:15:a2:77:52:0e:ae:1d:69:7a:31:
         2c:1b:81:9f:5d:ae:d2:15:0a:5f:e5:2a:39:d7:bf:56:16:74:
         60:36:81:38:85:de:b2:b5:7c:67:c1:d2:1c:fb:20:e6:b8:c5:
         f6:8f:d8:12:ed:57:ed:a5:90:cf:e6:f4:fe:1b:c4:d2:72:11:
         c3:86:0b:e9:b3:6f:87:40:63:97:a6:b8:c9:97:8d:71:a1:da:
         73:a3:9f:b1:49:2e:a9:d9:59:1b:2e:e3:5e:cb:8e:cc:80:0d:
         9a:22:e9:21:d3:e8:67:39:db:ae:1f:f5:5b:9e:47:92:84:e9:
         fb:7a:ec:4f:9a:be:0f:0e:39:13:5d:f5:35:78:b3:41:80:70:
         a6:65:68:d7:cb:44:dc:df:1a:b0:6a:7a:23:b1:73:57:e8:85:
         8e:03:ec:5c:32:23:2e:6c:e7:b8:bc:45:83:0a:af:30:fb:8e:
         ec:e6:6b:61:26:f1:14:4c:31:9f:5b:44:1f:58:4f:ea:ad:df:
         fd:5f:fe:23:6f:b7:f0:c5:3a:5e:58:59:15:f9:ca:fe:55:f8:
         83:13:86:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkROa8TqDaO52fKOBMNeTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZjE3ZWJjYzJhNTI1YWZjZmM5MjIxODE1OWNhZjUyODgy
OTc4ZDIwHhcNMjUwMTAxMjM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDZlNjcxNDMyYjUzNzJiZjJlNmY5NzhiMTNmY2ZlZWQ3N2ViM2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMT29gDXbWb64BzpOoAnpiJeRss2
g/2JsRPOlsbpu45XulvLb5ZWJLnqc9fmHOLcFD1yhJuzLGJwa20eNFx+tOhuzodv
vTozU2osxnacEs61xLO9nG1hPBJcsgmEetySGUXtChzEWYdJt2798iLhBpCWoujq
QTegbaM2RwNysZ1AWs8ue7tt0DdmV7Hq9KdsBUpb/Zl3fxMhghektKjMwvOKGZ2M
tSEx6uRFV+nUwhPoBWWJkkqOZOXUafbejbIkFTPVZ70ndtZlQgL7qmWBlUEb5w4Z
oaG+9ZsPaZ35fAsFfp9KGZCtAVRcMc2lvvPWL+s3Kjrx4kXHxBu1HDCqBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRuZxQytTcr8ub5eLE/z+7XfrPfMB8GA1UdIwQY
MBaAFPHxfrzCpSWvz8kiGBWcr1KIKXjSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGZGLXZNS2xKYV9QeVNJWUZaeXZVb2dwZU5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hNzJkYTEtYWY4MS00Nzg3LWEwODUt
ZmYzNGE4YWU5MDFhLzEveEc1bkZESzFOeXZ5NXZsNHNUX1A3dGQtczk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hNzJkYTEtYWY4MS00Nzg3LWEwODUtZmYzNGE4YWU5MDFh
LzEvOGZGLXZNS2xKYV9QeVNJWUZaeXZVb2dwZU5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstmoMA0G
CSqGSIb3DQEBCwUAA4IBAQADFtAruu14Uu2Yg6V3g8gdzsZjEYuhaeWGFrMNJ43s
OceAZ+MiUozSAk/UPRWid1IOrh1pejEsG4GfXa7SFQpf5So5179WFnRgNoE4hd6y
tXxnwdIc+yDmuMX2j9gS7VftpZDP5vT+G8TSchHDhgvps2+HQGOXprjJl41xodpz
o5+xSS6p2VkbLuNey47MgA2aIukh0+hnOduuH/VbnkeShOn7euxPmr4PDjkTXfU1
eLNBgHCmZWjXy0Tc3xqwanojsXNX6IWOA+xcMiMubOe4vEWDCq8w+47s5mthJvEU
TDGfW0QfWE/qrd/9X/4jb7fwxTpeWFkV+cr+VfiDE4Zp
-----END CERTIFICATE-----