Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/5F43apFtp5lCm9vhwNNQQY4Fn2s.roa
File:                     5F43apFtp5lCm9vhwNNQQY4Fn2s.roa (raw, json)
Hash identifier:          wgZWalgJ1O7hBjOpag2lMAToyW9tJ/E08tor7rA+1pA=
Subject key identifier:   E4:5E:37:6A:91:6D:A7:99:42:9B:DB:E1:C0:D3:50:41:8E:05:9F:6B
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C42DA032C79192C0391E197BDBE37
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/5F43apFtp5lCm9vhwNNQQY4Fn2s.roa
Signing time:             Wed 01 Jan 2025 01:47:53 +0000
ROA not before:           Wed 01 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212593
IP address blocks:        217.156.24.0/24 maxlen: 24
                          217.156.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:42:da:03:2c:79:19:2c:03:91:e1:97:bd:be:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e45e376a916da799429bdbe1c0d350418e059f6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d5:fa:b5:b8:a7:0d:37:a1:13:f0:34:fe:e5:
                    34:b5:a2:73:d6:0d:c0:11:a9:fb:89:a6:f1:bf:42:
                    6a:d4:b9:21:0c:1d:45:c8:97:50:ab:4b:5f:7f:cb:
                    f7:aa:68:75:74:6b:65:3c:f0:41:b4:bc:72:50:a2:
                    d1:0f:ef:79:2d:83:65:d6:78:b9:1c:0c:50:f6:8c:
                    fd:ef:9e:97:59:e5:fc:01:f7:df:e9:e8:86:04:23:
                    6d:51:f3:28:00:7e:9a:3b:d7:a3:71:4c:f9:20:d5:
                    ba:29:bb:c7:70:15:39:64:be:2c:aa:b3:c1:08:7e:
                    e8:b0:c6:12:b1:72:61:51:52:ee:67:97:0c:7e:17:
                    7e:49:fc:e2:21:59:d1:fb:ba:74:1b:26:35:df:80:
                    b4:04:91:29:a5:b2:f2:d9:9c:27:d6:b4:ed:5f:07:
                    1d:b1:2a:89:07:b3:a4:da:07:a0:9f:d4:bf:06:21:
                    26:1d:d3:76:76:9e:aa:80:11:35:ac:4e:0f:c1:62:
                    f2:1f:8c:fb:a9:b9:a3:3a:d1:f0:21:b1:26:f5:fa:
                    f0:a7:19:70:a5:57:4e:9c:96:47:1d:cb:e2:12:95:
                    5a:6d:e6:40:9a:a7:03:b2:04:91:33:2b:7a:ba:65:
                    03:48:00:84:aa:fc:21:a5:37:ca:73:89:32:53:26:
                    15:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:5E:37:6A:91:6D:A7:99:42:9B:DB:E1:C0:D3:50:41:8E:05:9F:6B
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/5F43apFtp5lCm9vhwNNQQY4Fn2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.156.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:f0:ae:0f:6a:b0:41:54:42:03:df:0a:94:aa:1e:fc:21:24:
         29:2d:80:6a:23:ad:1b:b6:4e:42:7e:09:31:70:7d:63:ac:a9:
         6b:57:a9:62:21:d4:1f:45:54:df:7d:e3:41:df:3b:0f:2b:b2:
         61:6d:f0:ce:00:fc:9f:7a:49:a5:7d:64:63:4a:59:59:6b:1e:
         6c:63:31:d2:13:a0:70:5a:0b:0f:d5:50:2b:ef:f1:05:cc:f5:
         b2:1b:db:2e:85:b5:31:9b:83:98:6d:e3:41:74:ed:17:ae:6d:
         8c:a0:94:f0:b2:c7:4e:46:67:42:1c:96:e1:14:81:d6:b3:c4:
         42:33:22:e5:0e:a1:29:09:c1:0b:0b:05:9f:50:19:e3:32:0e:
         c2:72:51:2a:9e:72:81:57:4c:3c:48:c0:a3:ac:cd:e5:75:59:
         0d:ed:27:12:85:00:34:9c:bf:9a:c5:d3:7c:9d:22:2c:4d:d8:
         9e:e2:4a:34:99:59:05:09:6d:e7:40:fe:a4:43:c0:21:08:3b:
         12:7c:79:7d:11:70:85:78:a3:2c:c6:74:f4:86:3c:92:56:ef:
         38:83:ce:45:73:0e:40:7c:18:14:3a:a3:6a:ac:43:67:6a:ed:
         fb:9d:67:b0:05:61:d4:e7:f3:79:4f:7e:f6:60:02:5d:c1:b8:
         5e:8f:27:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjELaAyx5GSwDkeGXvb43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDVlMzc2YTkxNmRhNzk5NDI5YmRiZTFjMGQzNTA0MThlMDU5ZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdX6tbinDTehE/A0/uU0taJz1g3A
Ean7iabxv0Jq1LkhDB1FyJdQq0tff8v3qmh1dGtlPPBBtLxyUKLRD+95LYNl1ni5
HAxQ9oz9756XWeX8Afff6eiGBCNtUfMoAH6aO9ejcUz5INW6KbvHcBU5ZL4sqrPB
CH7osMYSsXJhUVLuZ5cMfhd+SfziIVnR+7p0GyY134C0BJEppbLy2Zwn1rTtXwcd
sSqJB7Ok2gegn9S/BiEmHdN2dp6qgBE1rE4PwWLyH4z7qbmjOtHwIbEm9frwpxlw
pVdOnJZHHcviEpVabeZAmqcDsgSRMyt6umUDSACEqvwhpTfKc4kyUyYVWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOReN2qRbaeZQpvb4cDTUEGOBZ9rMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvNUY0M2FwRnRwNWxDbTl2aHdOTlFRWTRGbjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2ZwYMA0G
CSqGSIb3DQEBCwUAA4IBAQA+8K4ParBBVEID3wqUqh78ISQpLYBqI60btk5Cfgkx
cH1jrKlrV6liIdQfRVTffeNB3zsPK7JhbfDOAPyfekmlfWRjSllZax5sYzHSE6Bw
WgsP1VAr7/EFzPWyG9suhbUxm4OYbeNBdO0Xrm2MoJTwssdORmdCHJbhFIHWs8RC
MyLlDqEpCcELCwWfUBnjMg7CclEqnnKBV0w8SMCjrM3ldVkN7ScShQA0nL+axdN8
nSIsTdie4ko0mVkFCW3nQP6kQ8AhCDsSfHl9EXCFeKMsxnT0hjySVu84g85Fcw5A
fBgUOqNqrENnau37nWewBWHU5/N5T372YAJdwbhejyfn
-----END CERTIFICATE-----