Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/dKqYQNXN2RqkwIVM8ct2epHedrw.roa
File:                     dKqYQNXN2RqkwIVM8ct2epHedrw.roa (raw, json)
Hash identifier:          w77xxmsAuRXJI04+9dXW88RqeenrSreCmS5nwZk6IVU=
Subject key identifier:   74:AA:98:40:D5:CD:D9:1A:A4:C0:85:4C:F1:CB:76:7A:91:DE:76:BC
Certificate issuer:       /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial:       018F15A4F38A198CD37FAC619AA1F947746A
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/dKqYQNXN2RqkwIVM8ct2epHedrw.roa
Signing time:             Thu 25 Apr 2024 14:24:42 +0000
ROA not before:           Thu 25 Apr 2024 14:24:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21507
IP address blocks:        217.142.0.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:a4:f3:8a:19:8c:d3:7f:ac:61:9a:a1:f9:47:74:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
        Validity
            Not Before: Apr 25 14:24:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74aa9840d5cdd91aa4c0854cf1cb767a91de76bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f9:2a:9a:32:2d:e9:2e:62:cb:8c:83:f3:da:
                    66:9d:21:97:78:36:77:73:5d:9b:fb:15:2d:03:32:
                    41:d8:be:9b:05:e8:c6:2d:b7:78:1e:bf:ab:68:4d:
                    56:e2:2c:f8:ab:6a:5f:00:0a:df:56:a0:db:c0:f8:
                    c1:bb:b1:66:39:95:83:1e:1d:e0:0a:af:39:a2:b7:
                    4f:f2:a8:01:2b:a3:02:65:c7:16:44:b6:1a:7e:43:
                    85:0f:0b:a4:15:cd:f1:10:b8:03:a3:c9:f0:bf:cf:
                    a7:dc:cf:48:40:59:18:c7:67:94:cb:5b:00:cb:a6:
                    25:3f:c7:05:5b:3f:8d:9f:d8:74:3e:26:40:c5:1d:
                    ea:e0:55:8d:02:2a:d6:26:36:64:3f:5d:3a:db:c0:
                    ae:8d:7a:0b:8d:4f:c1:fa:40:d4:1d:6e:7c:4e:8c:
                    58:5a:7b:87:48:74:98:b6:15:33:78:7d:4b:5e:30:
                    ba:c5:1d:cd:e6:97:94:60:13:d1:f1:92:b2:b5:81:
                    05:3f:69:af:51:f0:1f:c1:10:ea:50:03:1a:66:0c:
                    d5:18:07:3d:83:36:87:37:ee:b1:cf:e9:1b:61:16:
                    fa:b2:04:1a:df:f8:3b:76:9f:47:ba:32:79:42:f9:
                    51:dc:97:f6:52:f5:7d:21:d2:0e:df:20:d4:33:f9:
                    01:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:AA:98:40:D5:CD:D9:1A:A4:C0:85:4C:F1:CB:76:7A:91:DE:76:BC
            X509v3 Authority Key Identifier:
                keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/dKqYQNXN2RqkwIVM8ct2epHedrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.142.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         09:91:96:f0:17:d5:c3:8b:34:4e:e5:bc:90:b8:c0:1d:fe:70:
         62:e6:63:e0:9c:a5:e4:56:87:f0:b4:47:5e:95:2a:c8:ad:7e:
         f8:63:12:16:ce:22:6a:a4:ba:f2:cf:d3:7d:7a:20:f5:ca:a1:
         25:71:f7:18:b6:db:14:3f:a8:59:c9:1c:77:ef:a9:a1:71:e5:
         75:6e:ec:bb:f2:5c:6e:6a:25:7d:2c:05:01:b7:8c:52:28:be:
         5a:84:f3:36:e8:da:f9:9f:4a:e2:8c:24:a4:2e:ba:c8:8e:4c:
         06:33:a5:26:ae:2a:08:62:20:c8:b2:9e:12:90:d9:bd:54:04:
         2b:64:6b:60:d4:bb:e1:f4:28:5a:92:f2:50:66:3a:5c:c4:e3:
         e7:6d:46:19:f8:22:64:67:44:a7:59:ad:a1:40:fb:76:7f:64:
         a4:95:cd:29:0f:16:71:6f:68:93:f0:15:12:64:c9:c2:96:a7:
         26:2d:bb:21:1d:2e:82:cc:56:8d:db:33:1f:5a:fb:97:a8:80:
         f3:85:3f:71:4c:fb:93:3e:08:a5:80:f3:fe:62:b1:ee:d9:78:
         2a:67:79:d1:46:3e:1e:c9:8a:db:73:98:b6:7c:19:7f:56:d7:
         bf:19:09:34:f5:f2:d9:f8:69:7b:e5:6f:37:5d:8b:0a:40:9d:
         cd:c0:35:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8VpPOKGYzTf6xhmqH5R3RqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjQwNDI1MTQyNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGFhOTg0MGQ1Y2RkOTFhYTRjMDg1NGNmMWNiNzY3YTkxZGU3NmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPkqmjIt6S5iy4yD89pmnSGXeDZ3
c12b+xUtAzJB2L6bBejGLbd4Hr+raE1W4iz4q2pfAArfVqDbwPjBu7FmOZWDHh3g
Cq85ordP8qgBK6MCZccWRLYafkOFDwukFc3xELgDo8nwv8+n3M9IQFkYx2eUy1sA
y6YlP8cFWz+Nn9h0PiZAxR3q4FWNAirWJjZkP10628CujXoLjU/B+kDUHW58ToxY
WnuHSHSYthUzeH1LXjC6xR3N5peUYBPR8ZKytYEFP2mvUfAfwRDqUAMaZgzVGAc9
gzaHN+6xz+kbYRb6sgQa3/g7dp9HujJ5QvlR3Jf2UvV9IdIO3yDUM/kBnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSqmEDVzdkapMCFTPHLdnqR3na8MB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvZEtxWVFOWE4yUnFrd0lWTThjdDJlcEhlZHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2Y4AMA0G
CSqGSIb3DQEBCwUAA4IBAQAJkZbwF9XDizRO5byQuMAd/nBi5mPgnKXkVofwtEde
lSrIrX74YxIWziJqpLryz9N9eiD1yqElcfcYttsUP6hZyRx376mhceV1buy78lxu
aiV9LAUBt4xSKL5ahPM26Nr5n0rijCSkLrrIjkwGM6UmrioIYiDIsp4SkNm9VAQr
ZGtg1Lvh9ChakvJQZjpcxOPnbUYZ+CJkZ0SnWa2hQPt2f2Sklc0pDxZxb2iT8BUS
ZMnClqcmLbshHS6CzFaN2zMfWvuXqIDzhT9xTPuTPgilgPP+YrHu2XgqZ3nRRj4e
yYrbc5i2fBl/Vte/GQk09fLZ+Gl75W83XYsKQJ3NwDWS
-----END CERTIFICATE-----