Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/DONY2sMELP_z9mdmoRozCCK_UPI.roa
File:                     DONY2sMELP_z9mdmoRozCCK_UPI.roa (raw, json)
Hash identifier:          sW63+THC9CTxib1+R8eQiv3d2ZNSsbYJaEi7Wj72xeI=
Subject key identifier:   0C:E3:58:DA:C3:04:2C:FF:F3:F6:67:66:A1:1A:33:08:22:BF:50:F2
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB49773029937373D2A1B37E0043C
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/DONY2sMELP_z9mdmoRozCCK_UPI.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21344
IP address blocks:        217.149.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b4:97:73:02:99:37:37:3d:2a:1b:37:e0:04:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ce358dac3042cfff3f66766a11a330822bf50f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:59:e3:da:46:11:85:12:92:14:a3:2a:a1:09:
                    14:ef:7a:d5:90:5a:3f:1d:3c:94:d6:52:e8:60:4c:
                    2a:ce:54:e7:34:56:81:8f:d3:1c:7a:7c:fc:b7:66:
                    23:6c:be:ff:84:22:7c:68:2f:83:48:fc:3b:e5:41:
                    58:8d:84:bc:48:c2:e3:43:59:9f:65:17:95:1a:95:
                    ee:e0:a9:bf:ed:4f:99:f8:42:78:d7:91:ef:f3:c8:
                    87:15:87:26:ac:af:1a:4c:41:8b:cb:d2:48:d2:2b:
                    a3:d0:7d:12:85:53:9b:55:ed:03:37:a1:8f:50:f9:
                    3a:37:13:41:c5:e6:86:e0:7b:1e:9e:21:cf:d0:84:
                    b1:ce:40:7c:86:f3:19:05:12:38:2c:23:3a:d6:af:
                    48:87:d6:58:b9:99:9d:6c:69:fd:ce:32:07:7d:29:
                    c9:0e:89:01:34:86:09:d5:16:35:8e:d5:e7:b9:fe:
                    0c:ac:fc:8f:6b:30:84:b8:82:78:d0:12:a7:48:4d:
                    76:91:98:f7:04:60:ec:10:9a:0e:92:22:d3:0d:3f:
                    02:e1:c9:fc:20:65:5c:a6:d2:22:10:db:7d:2f:1e:
                    72:a7:97:bb:66:aa:4c:4f:14:3e:e3:cc:88:e9:98:
                    16:d8:8b:ab:5e:31:49:52:e9:03:e7:e3:a7:c2:75:
                    1d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:E3:58:DA:C3:04:2C:FF:F3:F6:67:66:A1:1A:33:08:22:BF:50:F2
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/DONY2sMELP_z9mdmoRozCCK_UPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.149.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:75:e0:66:e7:32:a8:89:00:83:bf:80:e7:3a:0e:79:26:66:
         bb:49:1f:c4:02:cb:f0:84:6f:d9:f9:e5:d2:01:0a:b6:e0:76:
         0b:31:b7:12:1d:29:a8:25:ea:ca:cf:db:33:91:6f:1d:d9:50:
         ec:a5:7a:c1:3f:1a:d6:fa:ac:f6:c3:e7:c5:a5:a7:0e:2c:f5:
         12:24:ab:6b:2a:86:1e:27:cb:b6:bc:6e:69:82:51:d9:51:d9:
         e3:37:25:cb:4b:e8:e8:3d:5e:54:4a:63:30:fa:f5:78:6a:c6:
         6f:a8:1b:3e:dd:e5:cb:eb:40:3c:4f:52:d6:2c:c6:b3:4c:63:
         eb:c8:79:76:ec:e3:2a:65:16:34:ed:6b:4f:b5:a2:03:ea:10:
         85:5e:a1:31:99:54:6a:d5:91:3b:0d:9f:8d:9f:2e:fc:e3:54:
         8e:b5:d6:6e:61:3e:a2:18:db:ac:32:63:85:e2:9e:a1:58:c8:
         40:27:f7:db:a8:92:17:5c:75:10:63:18:c6:c3:c8:14:ac:82:
         a7:4d:61:e8:e6:b5:ae:64:db:d6:b6:37:ce:e7:6f:3d:12:e6:
         b2:f7:aa:63:cf:32:ec:2d:8d:c9:f0:aa:98:0a:1a:f8:49:39:
         87:bb:ce:04:32:d5:ea:97:67:19:5d:5d:87:a5:3f:0d:d1:e6:
         ca:f1:f9:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7SXcwKZNzc9Khs34AQ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2UzNThkYWMzMDQyY2ZmZjNmNjY3NjZhMTFhMzMwODIyYmY1MGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglnj2kYRhRKSFKMqoQkU73rVkFo/
HTyU1lLoYEwqzlTnNFaBj9Mcenz8t2YjbL7/hCJ8aC+DSPw75UFYjYS8SMLjQ1mf
ZReVGpXu4Km/7U+Z+EJ415Hv88iHFYcmrK8aTEGLy9JI0iuj0H0ShVObVe0DN6GP
UPk6NxNBxeaG4HseniHP0ISxzkB8hvMZBRI4LCM61q9Ih9ZYuZmdbGn9zjIHfSnJ
DokBNIYJ1RY1jtXnuf4MrPyPazCEuIJ40BKnSE12kZj3BGDsEJoOkiLTDT8C4cn8
IGVcptIiENt9Lx5yp5e7ZqpMTxQ+48yI6ZgW2IurXjFJUukD5+OnwnUdPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzjWNrDBCz/8/ZnZqEaMwgiv1DyMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvRE9OWTJzTUVMUF96OW1kbW9Sb3pDQ0tfVVBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZX3MA0G
CSqGSIb3DQEBCwUAA4IBAQCzdeBm5zKoiQCDv4DnOg55Jma7SR/EAsvwhG/Z+eXS
AQq24HYLMbcSHSmoJerKz9szkW8d2VDspXrBPxrW+qz2w+fFpacOLPUSJKtrKoYe
J8u2vG5pglHZUdnjNyXLS+joPV5USmMw+vV4asZvqBs+3eXL60A8T1LWLMazTGPr
yHl27OMqZRY07WtPtaID6hCFXqExmVRq1ZE7DZ+Nny7841SOtdZuYT6iGNusMmOF
4p6hWMhAJ/fbqJIXXHUQYxjGw8gUrIKnTWHo5rWuZNvWtjfO5289Euay96pjzzLs
LY3J8KqYChr4STmHu84EMtXql2cZXV2HpT8N0ebK8fmA
-----END CERTIFICATE-----