Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/5e46c1-f43b-4e12-bb7d-a5feb3973512/1/1-Qi1N7J5muj7jfEmkgOKsHowU5w.roa
File:                     1-Qi1N7J5muj7jfEmkgOKsHowU5w.roa (raw, json)
Hash identifier:          6uP4xqqgeu/Eqc9TBEwh3LfGxhy00gMZFgAl5gZq4kA=
Subject key identifier:   F9:08:B5:37:B2:79:9A:E8:FB:8D:F1:26:92:03:8A:B0:7A:30:53:9C
Certificate issuer:       /CN=b71627b9239fea3457cd87cb937ab4c7986cac09
Certificate serial:       0190A7BE237FEA0D3505D2BE67E3549D7416
Authority key identifier: B7:16:27:B9:23:9F:EA:34:57:CD:87:CB:93:7A:B4:C7:98:6C:AC:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txYnuSOf6jRXzYfLk3q0x5hsrAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/5e46c1-f43b-4e12-bb7d-a5feb3973512/1/1-Qi1N7J5muj7jfEmkgOKsHowU5w.roa
Signing time:             Fri 12 Jul 2024 16:19:34 +0000
ROA not before:           Fri 12 Jul 2024 16:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        171.25.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/5e46c1-f43b-4e12-bb7d-a5feb3973512/1/txYnuSOf6jRXzYfLk3q0x5hsrAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/5e46c1-f43b-4e12-bb7d-a5feb3973512/1/txYnuSOf6jRXzYfLk3q0x5hsrAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txYnuSOf6jRXzYfLk3q0x5hsrAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a7:be:23:7f:ea:0d:35:05:d2:be:67:e3:54:9d:74:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b71627b9239fea3457cd87cb937ab4c7986cac09
        Validity
            Not Before: Jul 12 16:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f908b537b2799ae8fb8df12692038ab07a30539c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9e:c5:5d:a8:0b:b0:8b:8c:2a:b0:99:33:2a:
                    78:18:17:a9:6f:e0:6d:5c:fb:6d:d1:01:eb:64:f3:
                    0d:c2:07:b5:28:0f:34:87:e0:47:ea:18:41:9c:1b:
                    0f:f4:34:8f:8e:88:cf:e5:ce:28:76:ef:c1:8e:1b:
                    a8:38:c3:d2:4d:34:52:a1:40:f6:2d:07:d4:ab:d7:
                    96:97:00:34:19:19:4e:2e:34:3f:29:95:4e:ee:de:
                    79:9d:0a:58:0d:64:43:d8:3c:93:72:95:f9:43:60:
                    ab:ce:90:41:eb:23:02:18:12:42:4d:d6:65:5d:71:
                    aa:44:0b:bc:dc:3c:bb:6b:7f:48:79:9b:72:20:97:
                    63:06:34:8f:5f:5f:c6:6f:f3:de:7f:26:9e:5c:9d:
                    25:2a:a5:68:a0:08:21:7a:32:3d:49:b3:87:49:04:
                    6b:e1:29:e4:86:7a:a6:4b:b1:95:7e:f1:b6:f2:dd:
                    9d:d1:3d:41:a8:9a:a9:50:6c:75:53:2d:1c:0f:58:
                    0b:86:9a:5d:96:a9:3a:bd:2f:d9:4c:38:b2:31:a6:
                    f1:b8:fd:5c:12:2c:a0:aa:72:ec:35:25:ef:88:ff:
                    28:e0:c6:c9:8b:de:92:6d:c2:7a:91:7a:15:85:ab:
                    77:76:50:ae:8b:e9:c3:71:11:0d:17:16:66:82:0f:
                    a4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:08:B5:37:B2:79:9A:E8:FB:8D:F1:26:92:03:8A:B0:7A:30:53:9C
            X509v3 Authority Key Identifier:
                keyid:B7:16:27:B9:23:9F:EA:34:57:CD:87:CB:93:7A:B4:C7:98:6C:AC:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txYnuSOf6jRXzYfLk3q0x5hsrAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5e46c1-f43b-4e12-bb7d-a5feb3973512/1/1-Qi1N7J5muj7jfEmkgOKsHowU5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5e46c1-f43b-4e12-bb7d-a5feb3973512/1/txYnuSOf6jRXzYfLk3q0x5hsrAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b3:da:52:09:81:04:46:59:4b:50:61:fe:d8:09:3b:4a:30:
         81:fd:cf:44:3f:79:b7:2f:ca:8f:32:1a:f3:fd:a8:98:b2:03:
         25:1e:98:b8:89:8f:cf:a8:25:32:01:84:cb:ae:7d:ab:c8:94:
         c9:84:16:c9:fa:1e:63:13:30:09:0e:f9:3f:a9:6a:1d:13:63:
         36:55:f2:b4:64:06:f2:be:02:d7:48:0f:fe:f8:ac:4c:9f:7b:
         af:6d:e7:2f:92:66:d7:98:ab:d9:3b:d2:d9:78:83:9e:3e:17:
         e4:ab:19:7f:e6:17:35:75:53:a3:13:b6:bd:f0:31:7c:cb:23:
         f4:92:77:5e:b9:40:13:0f:b8:ca:f7:84:69:4a:1c:bf:50:ac:
         ec:87:c5:60:03:ab:5f:36:82:9f:ca:30:35:fb:49:27:d2:ab:
         10:2a:34:e2:d9:6b:3c:52:67:96:ec:c1:0b:08:8a:70:d6:96:
         46:06:76:11:fd:83:52:47:40:1f:60:19:62:4a:29:fa:7b:b8:
         f7:97:05:a6:b8:46:4c:c3:dd:7d:be:7e:90:71:93:ed:ce:3b:
         0e:a7:2a:30:94:fa:a0:ba:60:d6:a3:4b:ff:f2:39:b5:5c:86:
         e9:2b:05:e7:14:5d:df:1e:a9:2b:f3:31:4e:35:05:00:af:20:
         e9:3e:9d:6c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCnviN/6g01BdK+Z+NUnXQWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTYyN2I5MjM5ZmVhMzQ1N2NkODdjYjkzN2FiNGM3OTg2
Y2FjMDkwHhcNMjQwNzEyMTYxOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTA4YjUzN2IyNzk5YWU4ZmI4ZGYxMjY5MjAzOGFiMDdhMzA1MzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ7FXagLsIuMKrCZMyp4GBepb+Bt
XPtt0QHrZPMNwge1KA80h+BH6hhBnBsP9DSPjojP5c4odu/BjhuoOMPSTTRSoUD2
LQfUq9eWlwA0GRlOLjQ/KZVO7t55nQpYDWRD2DyTcpX5Q2CrzpBB6yMCGBJCTdZl
XXGqRAu83Dy7a39IeZtyIJdjBjSPX1/Gb/PefyaeXJ0lKqVooAghejI9SbOHSQRr
4SnkhnqmS7GVfvG28t2d0T1BqJqpUGx1Uy0cD1gLhppdlqk6vS/ZTDiyMabxuP1c
EiygqnLsNSXviP8o4MbJi96SbcJ6kXoVhat3dlCui+nDcRENFxZmgg+k1QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkItTeyeZro+43xJpIDirB6MFOcMB8GA1UdIwQY
MBaAFLcWJ7kjn+o0V82Hy5N6tMeYbKwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhZbnVTT2Y2alJYellmTGszcTB4NWhzckFrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy81ZTQ2YzEtZjQzYi00ZTEyLWJiN2Qt
YTVmZWIzOTczNTEyLzEvMS1RaTFON0o1bXVqN2pmRW1rZ09Lc0hvd1U1dy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGMvNWU0NmMxLWY0M2ItNGUxMi1iYjdkLWE1ZmViMzk3MzUx
Mi8xL3R4WW51U09mNmpSWHpZZkxrM3EweDVoc3JBay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKsZ2DAN
BgkqhkiG9w0BAQsFAAOCAQEARrPaUgmBBEZZS1Bh/tgJO0owgf3PRD95ty/KjzIa
8/2omLIDJR6YuImPz6glMgGEy659q8iUyYQWyfoeYxMwCQ75P6lqHRNjNlXytGQG
8r4C10gP/visTJ97r23nL5Jm15ir2TvS2XiDnj4X5KsZf+YXNXVToxO2vfAxfMsj
9JJ3XrlAEw+4yveEaUocv1Cs7IfFYAOrXzaCn8owNftJJ9KrECo04tlrPFJnluzB
CwiKcNaWRgZ2Ef2DUkdAH2AZYkop+nu495cFprhGTMPdfb5+kHGT7c47DqcqMJT6
oLpg1qNL//I5tVyG6SsF5xRd3x6pK/MxTjUFAK8g6T6dbA==
-----END CERTIFICATE-----