Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/FbdIrSoU0o1j3svdo45lLU5crQ8.roa
File:                     FbdIrSoU0o1j3svdo45lLU5crQ8.roa (raw, json)
Hash identifier:          ePZfK34nDhXAMqf0uiwurL97nW7VWI4tP25I7IkP7Oo=
Subject key identifier:   15:B7:48:AD:2A:14:D2:8D:63:DE:CB:DD:A3:8E:65:2D:4E:5C:AD:0F
Certificate issuer:       /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial:       019420D6014A7B5517B6F9A2DFC2943DCF53
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/FbdIrSoU0o1j3svdo45lLU5crQ8.roa
Signing time:             Wed 01 Jan 2025 07:48:03 +0000
ROA not before:           Wed 01 Jan 2025 07:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21507
IP address blocks:        217.142.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:01:4a:7b:55:17:b6:f9:a2:df:c2:94:3d:cf:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
        Validity
            Not Before: Jan  1 07:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15b748ad2a14d28d63decbdda38e652d4e5cad0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:d6:c0:ad:29:4a:4b:64:f4:f3:aa:f2:a1:6a:
                    f0:4c:44:84:1d:a0:d2:ff:82:f7:e8:6e:e9:7f:bd:
                    b5:a3:aa:6d:c0:2d:6f:62:db:29:d8:40:16:9e:ad:
                    b9:e0:39:44:f6:36:5b:b2:2e:69:7a:7d:58:c7:fb:
                    bc:f6:7c:ec:c0:9e:80:5e:c6:c5:1d:9d:08:31:d8:
                    b9:9a:f2:77:dc:47:9f:e9:3d:c4:cc:8e:6d:72:82:
                    15:9a:f9:c5:b4:fd:b8:6a:02:d1:88:aa:21:ec:c8:
                    ca:cd:b3:54:cf:87:6a:2c:d9:5f:f3:a3:b6:ec:01:
                    e4:7f:cc:73:69:ee:66:44:38:a6:9d:ae:89:dd:d7:
                    3d:65:26:40:ef:20:af:45:45:a4:67:9c:09:e7:6b:
                    3f:94:28:1f:6b:1b:eb:1d:46:ac:a9:40:93:e2:87:
                    68:b4:48:48:0b:a4:e5:84:9c:ec:a3:60:ab:01:75:
                    bc:57:f3:2d:1d:2c:ff:c6:de:a5:a5:ef:c4:b2:b7:
                    07:4c:ee:be:8d:83:5d:b5:b6:1a:8c:39:b5:7f:00:
                    e8:36:36:a7:67:56:eb:ea:95:ce:d2:09:db:e3:d7:
                    c9:62:61:7d:34:02:0c:0e:ed:a3:71:13:d5:c9:55:
                    c0:f8:a3:c4:be:85:1c:7b:27:33:a2:52:99:db:c1:
                    06:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B7:48:AD:2A:14:D2:8D:63:DE:CB:DD:A3:8E:65:2D:4E:5C:AD:0F
            X509v3 Authority Key Identifier:
                keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/FbdIrSoU0o1j3svdo45lLU5crQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.142.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         74:32:be:78:ff:f5:27:7c:9a:98:2b:78:b9:4a:e8:30:4d:b5:
         68:c9:36:cc:dd:a0:aa:bf:d7:0e:39:a1:1c:e7:8c:e3:7e:57:
         dc:e0:a3:9a:6f:97:f2:91:00:22:07:09:95:5c:b7:52:b8:04:
         e2:36:64:12:6e:87:fb:1b:4d:50:f9:3d:a9:75:79:0e:5c:d4:
         05:fe:91:65:00:3d:a5:f8:6e:70:b9:02:91:7f:3a:a9:0c:7e:
         8c:1f:1a:0a:92:3c:83:d4:89:2a:2f:46:27:a2:15:f0:50:ea:
         36:b8:7f:ad:e1:d8:0c:5a:4f:9c:fe:6b:ca:28:06:76:07:be:
         db:74:c2:14:7d:5b:cd:b4:2b:21:e6:44:23:75:77:b5:ae:26:
         26:9b:5d:84:ed:98:76:82:b2:94:6c:7e:28:6e:21:dd:ff:ca:
         4f:c5:b3:70:a0:f5:e1:72:7b:3f:79:d3:41:84:bd:3b:a8:e9:
         ba:2e:b7:e5:32:5a:27:42:06:51:ce:aa:35:df:6d:4e:66:f9:
         67:4e:72:73:b8:b5:83:42:6c:0f:92:1c:f2:0c:aa:d0:cf:4d:
         98:5a:f3:73:11:d2:91:71:fe:49:d0:97:63:00:20:50:83:aa:
         e4:5e:a7:24:01:08:8a:82:bf:fc:73:4b:41:31:e9:dd:bf:39:
         46:0f:6e:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1gFKe1UXtvmi38KUPc9TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjUwMTAxMDc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWI3NDhhZDJhMTRkMjhkNjNkZWNiZGRhMzhlNjUyZDRlNWNhZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA69bArSlKS2T086ryoWrwTESEHaDS
/4L36G7pf721o6ptwC1vYtsp2EAWnq254DlE9jZbsi5pen1Yx/u89nzswJ6AXsbF
HZ0IMdi5mvJ33Eef6T3EzI5tcoIVmvnFtP24agLRiKoh7MjKzbNUz4dqLNlf86O2
7AHkf8xzae5mRDimna6J3dc9ZSZA7yCvRUWkZ5wJ52s/lCgfaxvrHUasqUCT4odo
tEhIC6TlhJzso2CrAXW8V/MtHSz/xt6lpe/EsrcHTO6+jYNdtbYajDm1fwDoNjan
Z1br6pXO0gnb49fJYmF9NAIMDu2jcRPVyVXA+KPEvoUceyczolKZ28EGGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBW3SK0qFNKNY97L3aOOZS1OXK0PMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvRmJkSXJTb1UwbzFqM3N2ZG80NWxMVTVjclE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2Y4AMA0G
CSqGSIb3DQEBCwUAA4IBAQB0Mr54//UnfJqYK3i5SugwTbVoyTbM3aCqv9cOOaEc
54zjflfc4KOab5fykQAiBwmVXLdSuATiNmQSbof7G01Q+T2pdXkOXNQF/pFlAD2l
+G5wuQKRfzqpDH6MHxoKkjyD1IkqL0YnohXwUOo2uH+t4dgMWk+c/mvKKAZ2B77b
dMIUfVvNtCsh5kQjdXe1riYmm12E7Zh2grKUbH4obiHd/8pPxbNwoPXhcns/edNB
hL07qOm6LrflMlonQgZRzqo1321OZvlnTnJzuLWDQmwPkhzyDKrQz02YWvNzEdKR
cf5J0JdjACBQg6rkXqckAQiKgr/8c0tBMendvzlGD266
-----END CERTIFICATE-----