Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/17mCqGV8t4z7hhbymmlowxpohlM.roa
File:                     17mCqGV8t4z7hhbymmlowxpohlM.roa (raw, json)
Hash identifier:          yC9WJu/Jd4wcWlQ9QZAgVlQjobSTHwxFtZkbAGBBVww=
Subject key identifier:   D7:B9:82:A8:65:7C:B7:8C:FB:86:16:F2:9A:69:68:C3:1A:68:86:53
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       0194266B86B941F703FC6E50262332F18F6C
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/17mCqGV8t4z7hhbymmlowxpohlM.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206487
IP address blocks:        188.86.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:86:b9:41:f7:03:fc:6e:50:26:23:32:f1:8f:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7b982a8657cb78cfb8616f29a6968c31a688653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:61:71:41:f0:9b:d5:a4:2e:0c:55:8a:a9:b4:
                    33:b0:b5:c2:3a:84:33:63:dc:76:da:6d:3e:26:28:
                    c8:cf:9d:01:11:21:8f:e8:7e:7b:8e:84:5c:37:3c:
                    65:b0:7a:f0:1f:99:d9:b5:08:55:60:d4:3d:f9:95:
                    38:31:d4:59:69:2c:b8:fc:98:be:69:d4:89:64:07:
                    76:bd:83:f8:98:c9:60:e1:79:e2:fc:77:84:95:7c:
                    10:0c:0b:a3:73:69:d8:24:ce:2f:2d:23:a2:6d:97:
                    c6:45:e2:52:cc:b5:df:ad:d1:61:d6:e2:09:d6:31:
                    24:d7:89:32:00:46:b3:f4:3a:0e:f1:71:20:2b:1b:
                    a3:d6:ee:27:f7:b9:d5:aa:c8:57:70:2d:8f:78:10:
                    8d:69:ba:91:cd:a7:93:fc:58:e2:55:5b:e1:61:8b:
                    4d:9c:4b:5e:5c:0d:13:bc:21:25:1b:85:75:dc:b8:
                    98:b0:16:ff:21:f8:64:64:41:cc:ec:12:f4:d9:1f:
                    e8:6d:65:93:5d:ee:5f:a9:9c:3c:44:c5:ef:5e:de:
                    e9:4a:b8:d1:5b:15:31:27:1e:54:5d:61:06:5e:59:
                    4d:87:4d:e6:e1:1f:6b:ca:9c:11:1a:41:22:01:c6:
                    a2:9e:92:f4:85:8d:60:12:96:85:9e:13:40:44:b2:
                    10:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:B9:82:A8:65:7C:B7:8C:FB:86:16:F2:9A:69:68:C3:1A:68:86:53
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/17mCqGV8t4z7hhbymmlowxpohlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.86.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:e5:25:13:74:88:88:6b:3c:3c:32:45:5e:e4:18:e0:cd:94:
         3c:90:d9:5a:2b:66:18:34:2b:2b:1d:7d:fd:2d:b5:d5:0f:ed:
         84:f0:a6:18:ac:b9:61:b8:61:06:63:9e:ff:13:b0:b2:32:49:
         4c:16:c3:b2:01:40:1f:13:f5:37:70:40:67:87:23:81:f1:1e:
         08:93:32:08:86:ee:80:5e:14:e5:b8:aa:4a:fe:b8:b7:6b:50:
         2a:c3:44:e0:7c:a1:a5:b0:d9:aa:14:ab:09:74:71:cc:04:fb:
         42:a9:5c:04:c0:c4:e9:19:72:b7:fa:d2:1d:b3:f5:a8:51:f4:
         9c:a8:82:86:76:d7:f1:f7:4b:40:b5:2c:d7:6f:1a:99:53:08:
         ca:ea:51:b2:0b:2f:81:20:44:54:b7:fd:e4:cd:13:86:0d:1c:
         ef:0a:ae:a1:a0:be:f2:de:24:30:12:51:a2:9a:be:4a:77:e5:
         0f:07:ef:ac:e3:40:89:30:ca:02:c1:27:49:d2:3e:ed:a2:f8:
         77:0b:da:fa:d5:e9:f7:2f:bc:5e:85:2e:35:a1:5f:a6:38:1e:
         d9:f7:90:ef:c1:cd:7e:09:e0:a6:82:75:69:a7:15:67:06:01:
         db:27:a5:79:31:df:a7:3e:94:74:8d:3d:61:16:80:e4:e9:8c:
         9a:3d:35:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4a5QfcD/G5QJiMy8Y9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2I5ODJhODY1N2NiNzhjZmI4NjE2ZjI5YTY5NjhjMzFhNjg4NjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGFxQfCb1aQuDFWKqbQzsLXCOoQz
Y9x22m0+JijIz50BESGP6H57joRcNzxlsHrwH5nZtQhVYNQ9+ZU4MdRZaSy4/Ji+
adSJZAd2vYP4mMlg4Xni/HeElXwQDAujc2nYJM4vLSOibZfGReJSzLXfrdFh1uIJ
1jEk14kyAEaz9DoO8XEgKxuj1u4n97nVqshXcC2PeBCNabqRzaeT/FjiVVvhYYtN
nEteXA0TvCElG4V13LiYsBb/IfhkZEHM7BL02R/obWWTXe5fqZw8RMXvXt7pSrjR
WxUxJx5UXWEGXllNh03m4R9rypwRGkEiAcainpL0hY1gEpaFnhNARLIQBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNe5gqhlfLeM+4YW8pppaMMaaIZTMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvMTdtQ3FHVjh0NHo3aGhieW1tbG93eHBvaGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFZ0MA0G
CSqGSIb3DQEBCwUAA4IBAQB+5SUTdIiIazw8MkVe5BjgzZQ8kNlaK2YYNCsrHX39
LbXVD+2E8KYYrLlhuGEGY57/E7CyMklMFsOyAUAfE/U3cEBnhyOB8R4IkzIIhu6A
XhTluKpK/ri3a1Aqw0TgfKGlsNmqFKsJdHHMBPtCqVwEwMTpGXK3+tIds/WoUfSc
qIKGdtfx90tAtSzXbxqZUwjK6lGyCy+BIERUt/3kzROGDRzvCq6hoL7y3iQwElGi
mr5Kd+UPB++s40CJMMoCwSdJ0j7tovh3C9r61en3L7xehS41oV+mOB7Z95Dvwc1+
CeCmgnVppxVnBgHbJ6V5Md+nPpR0jT1hFoDk6YyaPTVp
-----END CERTIFICATE-----