Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/d_hw3MOdjBSgVRUiNYJewNYRUQ8.roa
File:                     d_hw3MOdjBSgVRUiNYJewNYRUQ8.roa (raw, json)
Hash identifier:          NnuJ7Fae87j1ccVsRLVAdTVOi2FVHIAivL0ixwT36K8=
Subject key identifier:   77:F8:70:DC:C3:9D:8C:14:A0:55:15:22:35:82:5E:C0:D6:11:51:0F
Certificate issuer:       /CN=17d2cc9e0b8186b60b270313cd96821022d04b95
Certificate serial:       018EAD8EB2CC24E4AD66ACCD6D8AD62E1D94
Authority key identifier: 17:D2:CC:9E:0B:81:86:B6:0B:27:03:13:CD:96:82:10:22:D0:4B:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9LMnguBhrYLJwMTzZaCECLQS5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/d_hw3MOdjBSgVRUiNYJewNYRUQ8.roa
Signing time:             Fri 05 Apr 2024 09:19:54 +0000
ROA not before:           Fri 05 Apr 2024 09:19:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205185
IP address blocks:        212.125.141.0/24 maxlen: 24
                          2a14:2940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/F9LMnguBhrYLJwMTzZaCECLQS5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/F9LMnguBhrYLJwMTzZaCECLQS5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9LMnguBhrYLJwMTzZaCECLQS5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ad:8e:b2:cc:24:e4:ad:66:ac:cd:6d:8a:d6:2e:1d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d2cc9e0b8186b60b270313cd96821022d04b95
        Validity
            Not Before: Apr  5 09:19:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77f870dcc39d8c14a055152235825ec0d611510f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fa:3f:eb:f1:50:fc:f9:7e:7c:1d:36:00:ab:
                    d7:5f:98:b7:bc:eb:7a:74:dd:11:aa:22:b2:ad:ac:
                    ae:5b:a9:e1:e3:20:68:35:b3:01:72:61:98:60:7c:
                    ea:b0:05:64:22:cd:5f:ec:cd:cd:32:3e:d7:60:a0:
                    b3:5d:2e:3f:f3:db:95:5b:df:2e:f5:f8:aa:86:d2:
                    5b:ef:bd:b9:db:fc:d7:82:3e:1f:92:b5:9a:e5:f5:
                    73:f4:ee:0f:a7:36:6f:81:ec:57:fd:91:9a:65:de:
                    75:de:d8:d8:3b:af:86:67:a5:56:f4:59:88:a4:9b:
                    f3:e7:d0:d2:92:96:b5:d4:d2:8e:c9:e9:40:73:b2:
                    5a:9d:e2:04:0f:f3:5e:f6:8a:92:7c:af:4d:dd:b0:
                    18:04:80:6b:4f:b1:bc:5d:fa:69:bb:0c:41:8c:79:
                    67:39:fd:bd:f4:57:8c:e6:0b:50:95:a4:00:b4:6e:
                    d4:56:13:aa:f1:d1:ad:bb:3b:33:dd:ff:a4:28:d9:
                    b5:aa:a4:5f:c7:86:02:51:e6:f7:87:0f:bd:86:99:
                    3f:43:e6:f3:40:43:a0:0f:8a:42:cb:dc:14:57:e3:
                    df:3e:38:d7:dd:4c:2f:7b:f4:73:a7:d2:fc:b3:cd:
                    5b:d3:c1:9c:cc:49:6a:d9:9c:ab:61:d0:e0:38:9e:
                    ce:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:F8:70:DC:C3:9D:8C:14:A0:55:15:22:35:82:5E:C0:D6:11:51:0F
            X509v3 Authority Key Identifier:
                keyid:17:D2:CC:9E:0B:81:86:B6:0B:27:03:13:CD:96:82:10:22:D0:4B:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9LMnguBhrYLJwMTzZaCECLQS5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/d_hw3MOdjBSgVRUiNYJewNYRUQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/F9LMnguBhrYLJwMTzZaCECLQS5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.125.141.0/24
                IPv6:
                  2a14:2940::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:1f:c1:76:ff:39:2e:48:25:16:7c:16:20:83:67:46:10:9e:
         f7:6b:72:be:e6:27:1a:18:0b:ab:b9:3e:6c:25:68:62:dd:a5:
         f4:55:14:0f:05:53:1a:93:a8:d7:97:a5:00:ad:32:3c:73:18:
         04:5c:51:46:05:f7:2e:7e:e7:11:49:17:5c:d5:7d:eb:3e:36:
         65:96:8c:91:17:b9:c1:a4:f1:a1:f0:f7:9e:3b:4a:f3:c5:e8:
         54:49:90:c7:c6:82:68:53:6a:92:47:99:f5:42:09:f5:73:71:
         44:ee:96:a1:f7:1c:78:e5:51:db:ae:37:d1:e7:d5:b5:d4:5b:
         d8:60:06:4f:15:97:7a:1c:45:c2:6c:1c:15:73:00:53:14:fa:
         44:ff:1c:6d:ac:61:69:27:cf:56:6a:55:13:11:bd:d4:68:90:
         ca:2c:a2:bc:10:9a:68:f0:30:ae:21:4c:a0:40:37:90:eb:15:
         42:06:67:b3:e2:f4:1b:24:d0:f0:94:ec:06:9a:db:04:ad:d1:
         86:5d:ee:f9:32:3b:f4:44:0c:84:d9:ff:13:1e:38:0f:f6:8a:
         a0:d4:e8:71:c8:86:c9:6c:44:19:47:0a:73:e3:13:d0:4f:08:
         e6:79:fc:10:62:9c:d4:df:9b:b9:2d:ab:77:ed:6b:b6:2d:19:
         8f:36:13:97
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY6tjrLMJOStZqzNbYrWLh2UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDJjYzllMGI4MTg2YjYwYjI3MDMxM2NkOTY4MjEwMjJk
MDRiOTUwHhcNMjQwNDA1MDkxOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2Y4NzBkY2MzOWQ4YzE0YTA1NTE1MjIzNTgyNWVjMGQ2MTE1MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fo/6/FQ/Pl+fB02AKvXX5i3vOt6
dN0RqiKyrayuW6nh4yBoNbMBcmGYYHzqsAVkIs1f7M3NMj7XYKCzXS4/89uVW98u
9fiqhtJb77252/zXgj4fkrWa5fVz9O4PpzZvgexX/ZGaZd513tjYO6+GZ6VW9FmI
pJvz59DSkpa11NKOyelAc7JaneIED/Ne9oqSfK9N3bAYBIBrT7G8XfppuwxBjHln
Of299FeM5gtQlaQAtG7UVhOq8dGtuzsz3f+kKNm1qqRfx4YCUeb3hw+9hpk/Q+bz
QEOgD4pCy9wUV+PfPjjX3Uwve/Rzp9L8s81b08GczElq2ZyrYdDgOJ7ORQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHf4cNzDnYwUoFUVIjWCXsDWEVEPMB8GA1UdIwQY
MBaAFBfSzJ4LgYa2CycDE82WghAi0EuVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlMTW5ndUJocllMSndNVHpaYUNFQ0xRUzVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8wZDM4ZjktZTBjMS00NmNjLTlhMjIt
ZGZiYjZlYzM0MzBlLzEvZF9odzNNT2RqQlNnVlJVaU5ZSmV3TllSVVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8wZDM4ZjktZTBjMS00NmNjLTlhMjItZGZiYjZlYzM0MzBl
LzEvRjlMTW5ndUJocllMSndNVHpaYUNFQ0xRUzVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1H2NMA0E
AgACMAcDBQMqFClAMA0GCSqGSIb3DQEBCwUAA4IBAQBqH8F2/zkuSCUWfBYgg2dG
EJ73a3K+5icaGAuruT5sJWhi3aX0VRQPBVMak6jXl6UArTI8cxgEXFFGBfcufucR
SRdc1X3rPjZlloyRF7nBpPGh8PeeO0rzxehUSZDHxoJoU2qSR5n1Qgn1c3FE7pah
9xx45VHbrjfR59W11FvYYAZPFZd6HEXCbBwVcwBTFPpE/xxtrGFpJ89WalUTEb3U
aJDKLKK8EJpo8DCuIUygQDeQ6xVCBmez4vQbJNDwlOwGmtsErdGGXe75Mjv0RAyE
2f8THjgP9oqg1OhxyIbJbEQZRwpz4xPQTwjmefwQYpzU35u5Lat37Wu2LRmPNhOX
-----END CERTIFICATE-----