Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/hX7Rnm81tnEPpzTcTT3r7Qb4Iok.roa
File:                     hX7Rnm81tnEPpzTcTT3r7Qb4Iok.roa (raw, json)
Hash identifier:          q5o7ZgOa9Lgtv2LXximTRdRV7zlhGe6Ohv7x4TMf8lI=
Subject key identifier:   85:7E:D1:9E:6F:35:B6:71:0F:A7:34:DC:4D:3D:EB:ED:06:F8:22:89
Certificate issuer:       /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial:       018E4C7E3BABDA0219EF661B57DDBC3C12BC
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/hX7Rnm81tnEPpzTcTT3r7Qb4Iok.roa
Signing time:             Sun 17 Mar 2024 12:58:44 +0000
ROA not before:           Sun 17 Mar 2024 12:58:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16253
IP address blocks:        217.142.0.0/20 maxlen: 20
                          2a03:f0c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4c:7e:3b:ab:da:02:19:ef:66:1b:57:dd:bc:3c:12:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
        Validity
            Not Before: Mar 17 12:58:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=857ed19e6f35b6710fa734dc4d3debed06f82289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:be:db:01:4c:11:e8:da:10:53:4d:86:f6:90:
                    2d:49:24:8e:59:f1:82:bd:a9:4d:23:52:f6:ea:70:
                    14:44:1b:74:25:b6:fb:00:e4:45:0f:91:40:8f:a3:
                    25:8c:f1:21:ec:ed:1e:58:88:d4:4f:c2:23:7b:6b:
                    33:45:79:36:4b:c8:31:2f:50:dd:29:c9:19:fd:13:
                    9f:d5:9f:54:8a:49:f3:0e:19:6f:57:1e:ef:fe:90:
                    c6:cd:c7:f7:f7:6b:e4:49:07:85:a3:38:a5:5e:18:
                    59:94:81:38:ed:e4:48:4d:d0:62:44:15:cf:ba:10:
                    84:2c:94:11:ec:3f:bc:61:cc:b9:05:b6:31:60:ec:
                    7e:a3:38:ed:1f:88:4f:0c:53:5a:d4:db:54:33:4f:
                    5e:c6:25:71:73:81:7f:cc:1e:79:8a:cb:68:d2:af:
                    a4:37:cf:98:7a:0e:04:0a:17:b2:ad:bd:07:59:8a:
                    bb:84:0c:5c:52:15:24:21:13:cb:b6:e6:7d:90:29:
                    7c:b5:5e:47:77:07:e4:4c:84:52:6f:eb:bc:02:65:
                    1e:31:9d:89:ae:5d:f0:71:1f:4a:62:9d:3c:b4:ed:
                    3d:99:7e:38:81:d1:d4:08:0b:b2:40:00:5a:98:fc:
                    c2:9e:39:26:48:bd:cc:df:a9:cd:26:73:62:f0:35:
                    c0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:7E:D1:9E:6F:35:B6:71:0F:A7:34:DC:4D:3D:EB:ED:06:F8:22:89
            X509v3 Authority Key Identifier:
                keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/hX7Rnm81tnEPpzTcTT3r7Qb4Iok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.142.0.0/20
                IPv6:
                  2a03:f0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:3c:44:4a:8a:f9:1c:9b:c9:1d:69:4c:32:84:86:53:ea:53:
         6f:ca:49:65:e2:8a:3b:08:3e:90:47:9c:38:4e:10:bf:2a:12:
         d0:df:d2:2c:bd:a9:f1:05:4a:4b:31:89:86:b5:70:11:7a:25:
         5e:cd:6d:c7:7a:09:8c:b5:96:2e:fb:53:a1:a7:95:96:0d:50:
         1a:63:db:fe:2f:56:1d:f3:68:06:3f:86:d4:4f:7e:64:68:74:
         75:23:2f:df:86:f0:f2:08:49:fd:6c:69:d1:cb:a7:cd:22:ab:
         b4:8d:56:88:4f:0a:b9:cf:50:f0:87:fa:93:19:5b:56:4a:26:
         d2:9a:d3:c7:14:2e:93:d8:d5:c2:d4:c4:59:9a:c7:1e:d2:8b:
         f6:d8:aa:05:52:d6:12:86:09:b6:af:9b:49:b5:81:3c:06:22:
         d3:24:47:f8:1a:86:f4:5d:05:ec:f9:ba:74:ea:62:ea:df:e1:
         65:7e:5f:15:a3:af:61:3e:79:c2:f3:99:bd:21:1b:b8:37:f3:
         8f:b1:0f:fd:31:8d:e8:36:fe:04:c8:b8:e0:59:4b:6f:57:b4:
         aa:ec:df:1e:f3:10:12:6c:f7:32:6f:79:51:38:08:d6:af:05:
         a8:f6:76:a5:09:02:3e:f1:c2:f1:91:bf:96:70:2a:b1:9b:e8:
         42:f4:50:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5Mfjur2gIZ72YbV928PBK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjQwMzE3MTI1ODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTdlZDE5ZTZmMzViNjcxMGZhNzM0ZGM0ZDNkZWJlZDA2ZjgyMjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmL7bAUwR6NoQU02G9pAtSSSOWfGC
valNI1L26nAURBt0Jbb7AORFD5FAj6MljPEh7O0eWIjUT8Ije2szRXk2S8gxL1Dd
KckZ/ROf1Z9UiknzDhlvVx7v/pDGzcf392vkSQeFozilXhhZlIE47eRITdBiRBXP
uhCELJQR7D+8Ycy5BbYxYOx+ozjtH4hPDFNa1NtUM09exiVxc4F/zB55isto0q+k
N8+Yeg4ECheyrb0HWYq7hAxcUhUkIRPLtuZ9kCl8tV5HdwfkTIRSb+u8AmUeMZ2J
rl3wcR9KYp08tO09mX44gdHUCAuyQABamPzCnjkmSL3M36nNJnNi8DXA7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIV+0Z5vNbZxD6c03E096+0G+CKJMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvaFg3Um5tODF0bkVQcHpUY1RUM3I3UWI0SW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2Y4AMA0E
AgACMAcDBQAqA/DAMA0GCSqGSIb3DQEBCwUAA4IBAQCMPERKivkcm8kdaUwyhIZT
6lNvykll4oo7CD6QR5w4ThC/KhLQ39IsvanxBUpLMYmGtXAReiVezW3HegmMtZYu
+1Ohp5WWDVAaY9v+L1Yd82gGP4bUT35kaHR1Iy/fhvDyCEn9bGnRy6fNIqu0jVaI
Twq5z1Dwh/qTGVtWSibSmtPHFC6T2NXC1MRZmsce0ov22KoFUtYShgm2r5tJtYE8
BiLTJEf4Gob0XQXs+bp06mLq3+Flfl8Vo69hPnnC85m9IRu4N/OPsQ/9MY3oNv4E
yLjgWUtvV7Sq7N8e8xASbPcyb3lROAjWrwWo9nalCQI+8cLxkb+WcCqxm+hC9FCl
-----END CERTIFICATE-----