Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/DE9IUhyQDVKAZFd3LetU9Q2xs6k.roa
File:                     DE9IUhyQDVKAZFd3LetU9Q2xs6k.roa (raw, json)
Hash identifier:          4yKIJoSmqEpGXf1pIollJ7FnnZ1pkmaGTlVLtjz3pSc=
Subject key identifier:   0C:4F:48:52:1C:90:0D:52:80:64:57:77:2D:EB:54:F5:0D:B1:B3:A9
Certificate issuer:       /CN=220f413fb0af0bd8fe130820d3049d0e71ed4bb0
Certificate serial:       0194258F342A4246A94EF5B58E8F316FBD59
Authority key identifier: 22:0F:41:3F:B0:AF:0B:D8:FE:13:08:20:D3:04:9D:0E:71:ED:4B:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/DE9IUhyQDVKAZFd3LetU9Q2xs6k.roa
Signing time:             Thu 02 Jan 2025 05:48:49 +0000
ROA not before:           Thu 02 Jan 2025 05:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        217.169.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:18:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:34:2a:42:46:a9:4e:f5:b5:8e:8f:31:6f:bd:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=220f413fb0af0bd8fe130820d3049d0e71ed4bb0
        Validity
            Not Before: Jan  2 05:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c4f48521c900d52806457772deb54f50db1b3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1a:de:ba:12:9d:a2:31:46:ff:82:dd:5f:bb:
                    24:36:ed:1c:a1:f4:59:f2:88:f7:84:1c:0c:f3:49:
                    1f:18:7c:d7:a1:6b:c8:ec:18:ca:93:2e:1e:55:d4:
                    12:ba:57:b1:b8:a3:f2:c5:67:b3:f0:f6:14:94:00:
                    2d:3a:c7:e6:d0:b3:75:29:82:2c:f8:dc:38:3a:20:
                    89:dd:f6:93:20:dc:d2:72:ea:71:2e:a4:5a:a6:55:
                    95:fd:8b:e6:c3:6c:92:76:6f:ec:87:82:27:74:e0:
                    e5:ca:ac:87:63:24:12:52:f3:c8:1c:88:6e:c4:b5:
                    a1:a5:da:df:43:c1:4a:72:61:2c:3f:7a:4d:6c:02:
                    d6:ee:0e:d9:6d:b6:dd:18:3d:e3:db:9a:c7:12:e4:
                    68:28:f5:af:ae:45:de:cd:03:ae:35:9c:ab:50:dd:
                    00:fe:52:29:4e:b1:b3:a8:75:a3:ff:3d:32:30:9e:
                    1d:31:ec:1a:bd:24:a9:96:ae:a8:8c:d3:3b:66:6d:
                    29:fa:2b:3a:4a:b0:a6:1d:73:2c:2b:cc:f0:77:46:
                    7d:4c:a0:7a:51:61:5d:37:44:92:6e:9a:2e:07:32:
                    eb:e1:93:2a:c7:79:9f:d9:85:b8:58:96:72:2f:19:
                    e8:78:61:88:e1:a8:97:1c:28:98:cf:57:6b:ad:90:
                    9e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:4F:48:52:1C:90:0D:52:80:64:57:77:2D:EB:54:F5:0D:B1:B3:A9
            X509v3 Authority Key Identifier:
                keyid:22:0F:41:3F:B0:AF:0B:D8:FE:13:08:20:D3:04:9D:0E:71:ED:4B:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/DE9IUhyQDVKAZFd3LetU9Q2xs6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.169.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:ad:36:62:c0:4d:41:c8:8b:a0:ba:d3:ff:62:a6:73:59:95:
         03:97:5f:f8:2e:fc:94:8b:86:5f:23:b7:02:c1:6e:ad:fa:c6:
         b0:5d:74:7a:cf:4f:c0:7e:01:20:a6:69:a9:14:e9:93:20:07:
         a5:00:c4:11:f0:62:e2:6d:d9:cb:b4:08:5b:a7:ee:fd:6e:42:
         4e:08:5d:b2:90:2e:dd:d7:d6:f6:97:85:3e:7c:7c:19:1c:ec:
         02:69:7d:79:10:b3:67:e9:08:96:b2:02:3a:63:10:76:20:87:
         1b:9d:82:31:09:a3:77:7c:55:d9:4c:29:be:25:93:e0:25:7e:
         5d:73:92:f1:87:2b:e0:91:d9:f0:d6:d7:51:12:11:32:91:d4:
         1b:eb:f3:fe:fe:56:da:20:98:4d:27:d2:7c:ef:5a:46:c9:20:
         96:ce:d4:bb:9d:6b:af:a7:47:9d:f2:30:7b:5f:6e:06:36:fe:
         fb:bb:a6:46:e5:5f:ba:4c:4d:1c:d4:f8:be:0b:cf:80:52:ee:
         55:68:5c:33:3a:e0:94:7d:1a:44:c6:08:76:96:22:f9:f5:78:
         2e:2d:67:4e:c6:e7:9a:44:f8:96:ad:c6:af:cc:21:73:4b:03:
         44:9f:4e:ad:d4:1f:7a:fa:0f:70:04:7c:be:ea:94:e9:69:60:
         3a:c5:d9:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzQqQkapTvW1jo8xb71ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMGY0MTNmYjBhZjBiZDhmZTEzMDgyMGQzMDQ5ZDBlNzFl
ZDRiYjAwHhcNMjUwMTAyMDU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzRmNDg1MjFjOTAwZDUyODA2NDU3NzcyZGViNTRmNTBkYjFiM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshreuhKdojFG/4LdX7skNu0cofRZ
8oj3hBwM80kfGHzXoWvI7BjKky4eVdQSulexuKPyxWez8PYUlAAtOsfm0LN1KYIs
+Nw4OiCJ3faTINzScupxLqRaplWV/Yvmw2ySdm/sh4IndODlyqyHYyQSUvPIHIhu
xLWhpdrfQ8FKcmEsP3pNbALW7g7ZbbbdGD3j25rHEuRoKPWvrkXezQOuNZyrUN0A
/lIpTrGzqHWj/z0yMJ4dMewavSSplq6ojNM7Zm0p+is6SrCmHXMsK8zwd0Z9TKB6
UWFdN0SSbpouBzLr4ZMqx3mf2YW4WJZyLxnoeGGI4aiXHCiYz1drrZCeSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxPSFIckA1SgGRXdy3rVPUNsbOpMB8GA1UdIwQY
MBaAFCIPQT+wrwvY/hMIINMEnQ5x7UuwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWc5QlA3Q3ZDOWotRXdnZzB3U2REbkh0UzdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjM1N2QtYjE3MC00MGE1LWE2Njkt
ODJlYmEwY2IzYjBkLzEvREU5SVVoeVFEVktBWkZkM0xldFU5UTJ4czZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjM1N2QtYjE3MC00MGE1LWE2NjktODJlYmEwY2IzYjBk
LzEvSWc5QlA3Q3ZDOWotRXdnZzB3U2REbkh0UzdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2anKMA0G
CSqGSIb3DQEBCwUAA4IBAQCqrTZiwE1ByIugutP/YqZzWZUDl1/4LvyUi4ZfI7cC
wW6t+sawXXR6z0/AfgEgpmmpFOmTIAelAMQR8GLibdnLtAhbp+79bkJOCF2ykC7d
19b2l4U+fHwZHOwCaX15ELNn6QiWsgI6YxB2IIcbnYIxCaN3fFXZTCm+JZPgJX5d
c5Lxhyvgkdnw1tdREhEykdQb6/P+/lbaIJhNJ9J871pGySCWztS7nWuvp0ed8jB7
X24GNv77u6ZG5V+6TE0c1Pi+C8+AUu5VaFwzOuCUfRpExgh2liL59XguLWdOxuea
RPiWrcavzCFzSwNEn06t1B96+g9wBHy+6pTpaWA6xdkT
-----END CERTIFICATE-----