Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/hOg_cmo_1iPWo-TSIDavHMMiNf0.roa
File:                     hOg_cmo_1iPWo-TSIDavHMMiNf0.roa (raw, json)
Hash identifier:          x2NoBu31Yw8pVlDgk5TVKt6dy/zU3kvxFv7RpieFwqA=
Subject key identifier:   84:E8:3F:72:6A:3F:D6:23:D6:A3:E4:D2:20:36:AF:1C:C3:22:35:FD
Certificate issuer:       /CN=68cc325c8ad9769a1b54da296305fe0c36573775
Certificate serial:       01941F8C9E9084FD61A0C557923E42363A68
Authority key identifier: 68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/hOg_cmo_1iPWo-TSIDavHMMiNf0.roa
Signing time:             Wed 01 Jan 2025 01:48:16 +0000
ROA not before:           Wed 01 Jan 2025 01:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199653
IP address blocks:        217.61.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9e:90:84:fd:61:a0:c5:57:92:3e:42:36:3a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68cc325c8ad9769a1b54da296305fe0c36573775
        Validity
            Not Before: Jan  1 01:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84e83f726a3fd623d6a3e4d22036af1cc32235fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3f:c2:d8:20:e8:e5:bc:f1:cd:38:dd:c0:b1:
                    7d:7d:9b:cf:d2:e0:48:97:ef:5e:34:a2:70:f2:6f:
                    0a:81:3f:8e:ec:41:6f:b7:c1:a4:bc:06:9a:17:83:
                    fd:1d:28:15:90:b1:f6:a9:14:a7:bb:b5:a5:b5:4d:
                    23:c0:d0:89:bb:dd:70:7a:7e:68:d5:43:fa:9b:d5:
                    24:06:f9:9b:3c:17:9c:9f:bb:06:7a:be:1c:29:9a:
                    95:5c:bb:19:fa:3c:62:13:3e:94:c0:e0:4a:b5:3a:
                    42:e8:e4:d4:3b:1e:53:1c:75:33:94:bb:eb:31:d1:
                    c1:0b:3a:4c:0e:a6:ef:79:7e:33:d1:cd:f6:e8:69:
                    37:9e:71:e7:75:07:e2:7f:fc:5f:0e:a6:8f:2b:ae:
                    1e:43:10:ac:c4:69:38:5a:d2:00:96:74:00:af:cd:
                    9e:8d:bc:6c:d8:8b:65:d8:dc:7c:3b:b9:12:77:dc:
                    c8:2c:09:84:4c:b1:e1:87:24:1e:ef:d6:5d:22:1b:
                    f8:71:f4:ce:aa:d6:5e:3f:ff:80:70:80:d6:61:32:
                    68:26:40:19:2a:b1:46:f1:e7:8d:e4:90:c2:58:17:
                    11:3f:18:45:bd:e1:b5:84:25:fd:db:80:4f:40:1d:
                    e9:12:e9:4f:a0:02:78:01:be:a0:28:4e:91:de:f6:
                    c7:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E8:3F:72:6A:3F:D6:23:D6:A3:E4:D2:20:36:AF:1C:C3:22:35:FD
            X509v3 Authority Key Identifier:
                keyid:68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/hOg_cmo_1iPWo-TSIDavHMMiNf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         81:46:9b:31:0b:92:9d:78:7d:99:b1:7f:3d:6e:41:4c:a8:1e:
         b0:f7:9f:2a:31:2f:52:ba:52:64:53:24:f2:6b:c4:f0:b7:b8:
         0a:e0:bd:23:eb:e3:25:e2:36:b6:36:7d:69:3f:d7:25:65:91:
         c7:37:c0:33:13:d3:fc:cd:89:ae:8c:47:9d:41:1a:72:5c:04:
         80:a4:42:cc:e6:e5:9a:0a:90:05:87:4c:c6:90:d8:d2:f9:c9:
         46:61:c1:1d:f2:90:0d:d2:8d:0c:8f:2a:cb:0a:7a:75:5b:44:
         79:19:b8:87:07:21:a2:4f:82:c4:f5:a2:26:59:31:7b:65:ce:
         e1:07:63:e9:b1:7b:d1:c0:1a:6a:7b:a5:f8:c4:4b:39:94:6d:
         f0:45:65:35:e4:f8:f9:ba:2d:3e:f7:cb:fb:f7:5d:9f:e5:98:
         0f:44:54:c4:35:24:94:30:64:33:90:7d:b1:9a:81:09:46:7c:
         27:ff:83:54:66:b4:19:7e:54:f8:e1:31:48:45:4c:1b:d9:ea:
         b0:9e:be:45:f6:33:a6:8f:ea:90:c3:f5:6d:cd:c6:df:9f:d5:
         0e:cc:0b:b0:3a:2f:44:d9:d5:6d:ea:ae:da:ad:24:39:3a:4c:
         61:d0:ee:8a:4d:5a:33:3f:49:e9:12:08:0d:84:f5:ca:da:ff:
         8e:97:69:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJ6QhP1hoMVXkj5CNjpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2MzMjVjOGFkOTc2OWExYjU0ZGEyOTYzMDVmZTBjMzY1
NzM3NzUwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGU4M2Y3MjZhM2ZkNjIzZDZhM2U0ZDIyMDM2YWYxY2MzMjIzNWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2z/C2CDo5bzxzTjdwLF9fZvP0uBI
l+9eNKJw8m8KgT+O7EFvt8GkvAaaF4P9HSgVkLH2qRSnu7WltU0jwNCJu91wen5o
1UP6m9UkBvmbPBecn7sGer4cKZqVXLsZ+jxiEz6UwOBKtTpC6OTUOx5THHUzlLvr
MdHBCzpMDqbveX4z0c326Gk3nnHndQfif/xfDqaPK64eQxCsxGk4WtIAlnQAr82e
jbxs2Itl2Nx8O7kSd9zILAmETLHhhyQe79ZdIhv4cfTOqtZeP/+AcIDWYTJoJkAZ
KrFG8eeN5JDCWBcRPxhFveG1hCX924BPQB3pEulPoAJ4Ab6gKE6R3vbHhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIToP3JqP9Yj1qPk0iA2rxzDIjX9MB8GA1UdIwQY
MBaAFGjMMlyK2XaaG1TaKWMF/gw2Vzd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEt
NzRjOTc5YTY1MzZlLzEvaE9nX2Ntb18xaVBXby1UU0lEYXZITU1pTmYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEtNzRjOTc5YTY1MzZl
LzEvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2T1gMA0G
CSqGSIb3DQEBCwUAA4IBAQCBRpsxC5KdeH2ZsX89bkFMqB6w958qMS9SulJkUyTy
a8Twt7gK4L0j6+Ml4ja2Nn1pP9clZZHHN8AzE9P8zYmujEedQRpyXASApELM5uWa
CpAFh0zGkNjS+clGYcEd8pAN0o0MjyrLCnp1W0R5GbiHByGiT4LE9aImWTF7Zc7h
B2PpsXvRwBpqe6X4xEs5lG3wRWU15Pj5ui0+98v7912f5ZgPRFTENSSUMGQzkH2x
moEJRnwn/4NUZrQZflT44TFIRUwb2eqwnr5F9jOmj+qQw/Vtzcbfn9UOzAuwOi9E
2dVt6q7arSQ5Okxh0O6KTVozP0npEggNhPXK2v+Ol2nj
-----END CERTIFICATE-----