Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/aTxlaFN4mu5w3B9fPU0VoYRZ8rw.roa
File:                     aTxlaFN4mu5w3B9fPU0VoYRZ8rw.roa (raw, json)
Hash identifier:          DRxaaJ5dblHp3qqZiPB9qyOZJ+pEdC20JKMWpEOqrgQ=
Subject key identifier:   69:3C:65:68:53:78:9A:EE:70:DC:1F:5F:3D:4D:15:A1:84:59:F2:BC
Certificate issuer:       /CN=f497673c78efae5f6bd80a25ace3d3c37193e789
Certificate serial:       018CC4923740853DCB829054ECD584DD7492
Authority key identifier: F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/aTxlaFN4mu5w3B9fPU0VoYRZ8rw.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33567
IP address blocks:        217.15.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:37:40:85:3d:cb:82:90:54:ec:d5:84:dd:74:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f497673c78efae5f6bd80a25ace3d3c37193e789
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=693c656853789aee70dc1f5f3d4d15a18459f2bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3a:a4:54:ce:a3:f3:b3:14:29:b9:07:fe:d7:
                    b2:c0:39:37:ed:f0:e3:7e:1a:58:d6:f2:83:71:8a:
                    a5:60:3a:6d:b8:ac:28:57:7d:f1:1a:93:b0:48:c8:
                    b3:b6:3a:88:37:a8:96:b0:19:6c:07:d6:19:15:9b:
                    d0:c6:f1:ee:b7:01:a1:5a:24:70:33:35:d9:d2:66:
                    79:89:f9:bb:7a:64:61:cd:44:f0:f1:29:1b:61:09:
                    31:59:ee:77:46:81:f5:f7:cd:30:f3:1a:85:90:8b:
                    26:f2:58:a7:c5:2e:b2:5e:76:f6:61:60:ff:62:48:
                    13:62:8e:ed:f9:85:bd:03:21:39:de:5a:06:97:b7:
                    49:4c:3c:37:01:93:ea:1e:0e:db:99:44:e4:a8:d1:
                    df:a6:ee:f7:a4:c9:0e:db:8a:fe:d3:cd:d5:0f:88:
                    e2:0b:c7:b9:9a:ae:bb:54:93:b3:5b:a1:d4:60:5a:
                    b1:97:3b:4b:1f:0a:9d:f4:94:23:9e:a9:c0:7a:c2:
                    bc:23:9c:7f:02:3d:be:47:db:68:c3:5c:41:0c:d3:
                    a4:08:9c:78:1f:f4:95:52:ea:13:c1:29:a8:71:2b:
                    ed:aa:ae:92:1e:0b:9e:23:b5:fb:ad:70:32:d1:60:
                    e4:a6:cb:3b:74:09:38:ed:29:15:6f:3b:8a:df:49:
                    cd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3C:65:68:53:78:9A:EE:70:DC:1F:5F:3D:4D:15:A1:84:59:F2:BC
            X509v3 Authority Key Identifier:
                keyid:F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/aTxlaFN4mu5w3B9fPU0VoYRZ8rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.15.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:41:6d:7f:94:28:40:44:42:07:49:00:bc:b0:19:09:67:e9:
         f4:66:4c:57:a6:7b:b0:06:ec:07:e1:ce:ac:46:ea:90:99:e8:
         c9:6b:ae:2c:ce:24:aa:54:be:20:3c:ee:93:6a:2b:3c:07:2d:
         e6:61:65:73:cc:e7:6a:e5:f7:f2:da:20:fd:5b:e0:37:45:ef:
         70:01:6d:a1:15:ef:9f:3f:d4:94:31:72:0a:b7:14:6f:73:5f:
         ff:a6:40:f5:e8:33:3d:8c:5e:cf:9a:79:48:71:6f:c3:05:89:
         de:0c:92:65:b6:a2:c6:88:01:b4:da:d6:c5:4c:1d:3a:1a:0b:
         02:1a:dd:62:63:9f:ac:11:a8:54:9d:7c:27:3b:73:4b:7e:b9:
         10:ee:16:71:cf:6e:dc:df:6f:42:15:9d:e3:4f:9d:fd:76:fd:
         d0:4b:24:f6:fb:f8:b7:f3:dc:13:57:2a:ea:cf:f7:3e:78:f5:
         0c:26:be:ef:fa:7c:45:68:3e:5a:a8:80:75:8a:7c:59:3c:15:
         45:00:6e:c3:44:5b:33:74:87:e3:e6:76:05:7c:20:fe:cc:03:
         19:91:bc:c7:05:6c:3b:3b:ea:84:c9:52:15:f9:a0:08:93:53:
         e8:0b:2f:9f:d1:70:5c:4f:ed:08:6d:8e:1a:a8:94:d7:19:7c:
         3c:ad:a8:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjdAhT3LgpBU7NWE3XSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OTc2NzNjNzhlZmFlNWY2YmQ4MGEyNWFjZTNkM2MzNzE5
M2U3ODkwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNjNjU2ODUzNzg5YWVlNzBkYzFmNWYzZDRkMTVhMTg0NTlmMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjqkVM6j87MUKbkH/teywDk37fDj
fhpY1vKDcYqlYDptuKwoV33xGpOwSMiztjqIN6iWsBlsB9YZFZvQxvHutwGhWiRw
MzXZ0mZ5ifm7emRhzUTw8SkbYQkxWe53RoH1980w8xqFkIsm8linxS6yXnb2YWD/
YkgTYo7t+YW9AyE53loGl7dJTDw3AZPqHg7bmUTkqNHfpu73pMkO24r+083VD4ji
C8e5mq67VJOzW6HUYFqxlztLHwqd9JQjnqnAesK8I5x/Aj2+R9tow1xBDNOkCJx4
H/SVUuoTwSmocSvtqq6SHgueI7X7rXAy0WDkpss7dAk47SkVbzuK30nNVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGk8ZWhTeJrucNwfXz1NFaGEWfK8MB8GA1UdIwQY
MBaAFPSXZzx4765fa9gKJazj08Nxk+eJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYt
NmUwNjk2ZmVlOGU2LzEvYVR4bGFGTjRtdTV3M0I5ZlBVMFZvWVJaOHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYtNmUwNjk2ZmVlOGU2
LzEvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Q99MA0G
CSqGSIb3DQEBCwUAA4IBAQCaQW1/lChAREIHSQC8sBkJZ+n0ZkxXpnuwBuwH4c6s
RuqQmejJa64sziSqVL4gPO6Tais8By3mYWVzzOdq5ffy2iD9W+A3Re9wAW2hFe+f
P9SUMXIKtxRvc1//pkD16DM9jF7PmnlIcW/DBYneDJJltqLGiAG02tbFTB06GgsC
Gt1iY5+sEahUnXwnO3NLfrkQ7hZxz27c329CFZ3jT539dv3QSyT2+/i389wTVyrq
z/c+ePUMJr7v+nxFaD5aqIB1inxZPBVFAG7DRFszdIfj5nYFfCD+zAMZkbzHBWw7
O+qEyVIV+aAIk1PoCy+f0XBcT+0IbY4aqJTXGXw8raiR
-----END CERTIFICATE-----