Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/oCdnapI8_jAqvSx-q8QqfeZBfpI.roa
File:                     oCdnapI8_jAqvSx-q8QqfeZBfpI.roa (raw, json)
Hash identifier:          4dP+f2erpGi6jIqWI+u+ltnYaQjR1Rx/ox+mHYa6aIY=
Subject key identifier:   A0:27:67:6A:92:3C:FE:30:2A:BD:2C:7E:AB:C4:2A:7D:E6:41:7E:92
Certificate issuer:       /CN=217b491dccb5632216d80b48f8d6286b1effd8d7
Certificate serial:       0194266C1CEA4AAC28D2F6E9F3B35BC67650
Authority key identifier: 21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/oCdnapI8_jAqvSx-q8QqfeZBfpI.roa
Signing time:             Thu 02 Jan 2025 09:50:07 +0000
ROA not before:           Thu 02 Jan 2025 09:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211145
IP address blocks:        185.244.176.0/24 maxlen: 24
                          185.244.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:1c:ea:4a:ac:28:d2:f6:e9:f3:b3:5b:c6:76:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b491dccb5632216d80b48f8d6286b1effd8d7
        Validity
            Not Before: Jan  2 09:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a027676a923cfe302abd2c7eabc42a7de6417e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:37:46:91:ab:78:03:b4:fc:fa:ac:66:ea:30:
                    cb:5f:2c:b8:0f:95:9b:bb:3d:de:69:9d:bd:7a:99:
                    6e:87:07:1c:4c:4a:95:a8:18:3c:4a:32:20:d4:72:
                    4a:b1:3d:0f:d7:09:66:6d:23:52:44:d0:07:0c:98:
                    1b:da:39:cb:96:ef:dc:7c:bf:d9:89:79:32:c0:df:
                    ed:48:3d:8a:75:51:40:c5:21:99:c0:b3:b8:e7:2a:
                    31:3d:20:49:12:53:4e:80:ea:a8:93:9e:a4:14:87:
                    dd:6d:b6:4f:17:c3:b7:72:b1:cf:fc:6e:0d:75:8a:
                    5d:69:b6:4b:33:5c:a5:6e:15:6c:4c:25:c4:da:d4:
                    4c:b5:99:92:e7:7f:13:ae:c5:6c:0b:e3:ce:ce:15:
                    14:fc:82:f6:a9:22:d7:9f:eb:60:c7:a8:f4:c0:19:
                    e0:6f:47:c7:33:44:de:a8:fd:f8:de:3f:d4:1e:6c:
                    df:76:bf:74:ba:89:69:cc:f8:f6:68:87:ea:30:d5:
                    2c:e4:81:2f:71:c0:7f:1b:9b:63:20:30:45:ae:ae:
                    50:a7:ff:c2:f7:9e:75:70:2c:40:a7:fd:08:34:2b:
                    05:b4:f7:ff:85:a1:73:27:df:f6:95:8a:da:f7:99:
                    6e:6e:49:4f:37:c8:8b:3f:ff:3a:c3:1c:1f:1f:be:
                    06:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:27:67:6A:92:3C:FE:30:2A:BD:2C:7E:AB:C4:2A:7D:E6:41:7E:92
            X509v3 Authority Key Identifier:
                keyid:21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/oCdnapI8_jAqvSx-q8QqfeZBfpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:9c:27:e4:41:cd:91:9a:9c:58:85:09:b4:72:ef:20:9f:36:
         98:f5:83:0e:99:3b:cc:39:1a:5e:22:5c:8b:07:56:6b:e1:f3:
         d2:84:3b:dd:50:95:0a:1b:62:5c:e7:a1:a9:dd:d2:bb:2b:cb:
         6a:b1:25:c8:c0:e7:d2:df:fa:29:0f:34:6e:fb:ff:64:02:d1:
         57:09:97:37:c3:ea:86:9c:92:bd:84:f1:29:f1:7e:11:41:93:
         c1:c6:8d:50:e7:13:6c:ac:3b:97:8c:08:02:4c:7d:07:d8:8e:
         5e:ab:92:56:d9:f0:95:e2:4e:61:55:5c:ec:c3:8b:ea:92:88:
         28:51:bd:19:4b:00:8e:e1:13:a9:2d:6c:6f:11:0a:48:10:9a:
         db:af:2a:15:8c:5c:66:4e:4e:0c:9a:cc:88:79:9a:f7:81:29:
         d9:93:b0:99:18:e5:76:74:b5:df:1d:d1:a4:8b:0c:a1:ff:81:
         df:34:3b:a0:d3:80:76:50:9f:c9:94:ed:e2:cc:8b:30:a4:22:
         9e:5f:e0:62:a0:ec:78:ed:86:3c:b1:3b:a9:16:b2:6c:7e:dd:
         93:af:04:47:65:52:10:fa:e7:88:d8:b8:dd:06:fe:1b:03:b3:
         7a:e6:e0:54:60:c8:92:e4:ef:07:90:ec:a6:f7:73:94:47:f6:
         a2:1d:56:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbBzqSqwo0vbp87NbxnZQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I0OTFkY2NiNTYzMjIxNmQ4MGI0OGY4ZDYyODZiMWVm
ZmQ4ZDcwHhcNMjUwMTAyMDk1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDI3Njc2YTkyM2NmZTMwMmFiZDJjN2VhYmM0MmE3ZGU2NDE3ZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojdGkat4A7T8+qxm6jDLXyy4D5Wb
uz3eaZ29epluhwccTEqVqBg8SjIg1HJKsT0P1wlmbSNSRNAHDJgb2jnLlu/cfL/Z
iXkywN/tSD2KdVFAxSGZwLO45yoxPSBJElNOgOqok56kFIfdbbZPF8O3crHP/G4N
dYpdabZLM1ylbhVsTCXE2tRMtZmS538TrsVsC+POzhUU/IL2qSLXn+tgx6j0wBng
b0fHM0TeqP343j/UHmzfdr90uolpzPj2aIfqMNUs5IEvccB/G5tjIDBFrq5Qp//C
9551cCxAp/0INCsFtPf/haFzJ9/2lYra95lubklPN8iLP/86wxwfH74GpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAnZ2qSPP4wKr0sfqvEKn3mQX6SMB8GA1UdIwQY
MBaAFCF7SR3MtWMiFtgLSPjWKGse/9jXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0SkhjeTFZeUlXMkF0SS1OWW9heDdfMk5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9lOWYyOWMtOTIzMS00NTBkLWFkYjAt
NmRlMDVhMzE2MjM5LzEvb0NkbmFwSThfakFxdlN4LXE4UXFmZVpCZnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9lOWYyOWMtOTIzMS00NTBkLWFkYjAtNmRlMDVhMzE2MjM5
LzEvSVh0SkhjeTFZeUlXMkF0SS1OWW9heDdfMk5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufSwMA0G
CSqGSIb3DQEBCwUAA4IBAQA0nCfkQc2RmpxYhQm0cu8gnzaY9YMOmTvMORpeIlyL
B1Zr4fPShDvdUJUKG2Jc56Gp3dK7K8tqsSXIwOfS3/opDzRu+/9kAtFXCZc3w+qG
nJK9hPEp8X4RQZPBxo1Q5xNsrDuXjAgCTH0H2I5eq5JW2fCV4k5hVVzsw4vqkogo
Ub0ZSwCO4ROpLWxvEQpIEJrbryoVjFxmTk4MmsyIeZr3gSnZk7CZGOV2dLXfHdGk
iwyh/4HfNDug04B2UJ/JlO3izIswpCKeX+BioOx47YY8sTupFrJsft2TrwRHZVIQ
+ueI2LjdBv4bA7N65uBUYMiS5O8HkOym93OUR/aiHVbJ
-----END CERTIFICATE-----