Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bdfPPFD7_cTZbwyeW7P8Fi7dH90.roa
File:                     bdfPPFD7_cTZbwyeW7P8Fi7dH90.roa (raw, json)
Hash identifier:          NekM86DIaaaKMFw30623Zb7G2yvOY2PUHbc3utw1LZg=
Subject key identifier:   6D:D7:CF:3C:50:FB:FD:C4:D9:6F:0C:9E:5B:B3:FC:16:2E:DD:1F:DD
Certificate issuer:       /CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Certificate serial:       018CC2DB03AFA7D5B4CC3D9AE95277AD97B9
Authority key identifier: 6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bdfPPFD7_cTZbwyeW7P8Fi7dH90.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        188.72.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:03:af:a7:d5:b4:cc:3d:9a:e9:52:77:ad:97:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dd7cf3c50fbfdc4d96f0c9e5bb3fc162edd1fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cc:6d:6e:ec:b7:65:6f:8f:b9:83:91:43:81:
                    ac:39:4a:e7:6c:99:4b:82:0b:bf:83:8f:50:49:d6:
                    c2:9f:6c:a5:59:41:d2:82:6a:85:61:3c:93:5f:a1:
                    c8:1b:e0:a4:9c:ce:b2:fb:b6:0b:26:b2:e1:c6:cd:
                    76:65:46:1c:6f:2f:33:10:c4:05:7a:ba:af:39:89:
                    63:0e:74:8e:ef:4c:cb:9f:39:e9:69:3d:83:e7:af:
                    87:6e:34:20:a2:65:fe:99:cf:05:c8:44:07:00:7d:
                    70:06:b5:ba:13:3b:11:0e:95:08:d5:17:fc:de:5b:
                    b0:5a:38:8f:31:e9:94:97:b4:fd:04:76:4b:97:6d:
                    91:06:24:6c:b0:f4:85:c7:d5:65:cb:5b:37:aa:37:
                    83:69:dd:e7:29:11:7b:d9:d5:bd:55:ef:d4:c1:46:
                    1c:42:bd:80:90:8a:d0:dd:24:7b:b9:3d:ef:d8:65:
                    00:8c:9f:69:2a:e9:11:ec:b0:f8:7d:44:61:20:67:
                    53:ac:fb:7b:23:6f:0e:29:8a:cf:7b:35:94:18:e9:
                    6c:2e:28:da:8e:61:b3:b6:ce:1f:57:b9:94:69:6d:
                    be:58:36:3e:15:09:41:7f:9c:11:09:bd:42:42:96:
                    94:6f:0f:56:b7:f3:70:cd:2a:7d:4f:51:1a:88:07:
                    a5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D7:CF:3C:50:FB:FD:C4:D9:6F:0C:9E:5B:B3:FC:16:2E:DD:1F:DD
            X509v3 Authority Key Identifier:
                keyid:6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bdfPPFD7_cTZbwyeW7P8Fi7dH90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:bb:c2:45:47:de:bc:2e:26:bc:4a:f1:68:5d:eb:61:31:02:
         bc:1f:25:c3:1e:ae:c3:24:a5:0a:1f:0d:66:02:ad:9a:9a:ee:
         4a:94:a9:48:d9:2a:61:86:ec:1f:7e:1f:9b:ea:d7:d3:84:ac:
         ce:3d:b9:6a:4e:fb:7d:7f:69:b5:9c:8d:49:ad:86:f2:17:49:
         bc:dc:5f:36:28:94:db:86:40:01:f7:e5:6d:2b:6b:3f:a6:0d:
         0f:f9:d6:ad:6d:d1:ff:34:ab:51:8c:fa:34:d0:f8:37:c7:c5:
         50:0f:38:2a:40:58:86:50:f7:90:f8:42:ae:b4:09:2e:89:9d:
         55:74:75:15:ea:18:0f:c1:0f:c6:6a:cd:fe:26:dd:65:9f:ca:
         83:9b:3d:2b:f9:2f:4c:40:90:87:11:94:4a:a5:a5:81:3d:9c:
         0d:61:b5:d5:62:5d:b9:8b:4a:b3:77:39:7f:4a:4a:e4:ba:b8:
         ca:10:fb:7d:dc:7b:6a:09:e9:18:e1:64:1c:9d:4d:b2:a7:7d:
         6b:1f:f4:f7:be:82:85:77:c7:ae:d5:44:3e:d4:56:37:1a:4b:
         fa:54:9b:2f:60:66:91:3e:69:ea:2a:af:4d:73:54:56:a3:35:
         6f:d7:fc:fb:81:0b:9c:fe:46:82:d8:5d:69:75:0d:29:9f:2a:
         57:d4:e6:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wOvp9W0zD2a6VJ3rZe5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYjBkZWMxM2RmMjA1YTY2ZWM1MjI3OTI1YjhmNTZiZGIw
OWY0OTkwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQ3Y2YzYzUwZmJmZGM0ZDk2ZjBjOWU1YmIzZmMxNjJlZGQxZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosxtbuy3ZW+PuYORQ4GsOUrnbJlL
ggu/g49QSdbCn2ylWUHSgmqFYTyTX6HIG+CknM6y+7YLJrLhxs12ZUYcby8zEMQF
erqvOYljDnSO70zLnznpaT2D56+HbjQgomX+mc8FyEQHAH1wBrW6EzsRDpUI1Rf8
3luwWjiPMemUl7T9BHZLl22RBiRssPSFx9Vly1s3qjeDad3nKRF72dW9Ve/UwUYc
Qr2AkIrQ3SR7uT3v2GUAjJ9pKukR7LD4fURhIGdTrPt7I28OKYrPezWUGOlsLija
jmGzts4fV7mUaW2+WDY+FQlBf5wRCb1CQpaUbw9Wt/NwzSp9T1EaiAelKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3XzzxQ+/3E2W8Mnluz/BYu3R/dMB8GA1UdIwQY
MBaAFGyw3sE98gWmbsUieSW49WvbCfSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQt
NTJiOWU2YTE2MzUwLzEvYmRmUFBGRDdfY1RaYnd5ZVc3UDhGaTdkSDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQtNTJiOWU2YTE2MzUw
LzEvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEgRMA0G
CSqGSIb3DQEBCwUAA4IBAQAFu8JFR968Lia8SvFoXethMQK8HyXDHq7DJKUKHw1m
Aq2amu5KlKlI2Sphhuwffh+b6tfThKzOPblqTvt9f2m1nI1JrYbyF0m83F82KJTb
hkAB9+VtK2s/pg0P+datbdH/NKtRjPo00Pg3x8VQDzgqQFiGUPeQ+EKutAkuiZ1V
dHUV6hgPwQ/Gas3+Jt1ln8qDmz0r+S9MQJCHEZRKpaWBPZwNYbXVYl25i0qzdzl/
SkrkurjKEPt93HtqCekY4WQcnU2yp31rH/T3voKFd8eu1UQ+1FY3Gkv6VJsvYGaR
PmnqKq9Nc1RWozVv1/z7gQuc/kaC2F1pdQ0pnypX1OZO
-----END CERTIFICATE-----