Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/U-SN1q4pJgAbhBr505GmjvvK0Yk.roa
File:                     U-SN1q4pJgAbhBr505GmjvvK0Yk.roa (raw, json)
Hash identifier:          ti6Yg/NhXUPjnnIuIQjWPXsFSSsL7twdl2UbJGvnSN8=
Subject key identifier:   53:E4:8D:D6:AE:29:26:00:1B:84:1A:F9:D3:91:A6:8E:FB:CA:D1:89
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       01932977FE78F8F6AA8D1CD6A1B67B386CB1
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/U-SN1q4pJgAbhBr505GmjvvK0Yk.roa
Signing time:             Thu 14 Nov 2024 06:59:09 +0000
ROA not before:           Thu 14 Nov 2024 06:59:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55701
IP address blocks:        86.110.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:77:fe:78:f8:f6:aa:8d:1c:d6:a1:b6:7b:38:6c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Nov 14 06:59:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53e48dd6ae2926001b841af9d391a68efbcad189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b7:2f:b0:f5:f9:83:a8:f4:02:b7:6d:ef:53:
                    d3:94:27:e3:60:5b:cb:17:20:5d:6f:00:21:00:13:
                    7d:fe:c1:44:70:a3:f3:7b:ee:b0:60:a1:bd:c4:91:
                    07:67:55:10:d0:a3:e7:54:e9:79:0d:84:fa:fd:b2:
                    01:e5:ee:58:ef:1f:dc:70:85:6e:b5:08:80:b3:4e:
                    26:5d:a1:ca:e3:be:36:ae:38:db:1c:44:b0:33:67:
                    d5:36:2d:5a:eb:4c:7a:47:15:98:10:ae:80:39:f0:
                    48:9a:e1:93:64:71:93:0a:dd:65:50:b9:58:d9:51:
                    5a:5c:ef:77:e3:19:3f:c7:76:31:b6:aa:31:25:60:
                    2c:f1:fa:9e:6e:59:dc:65:e1:b6:60:d1:85:4c:46:
                    d1:ea:b7:cb:fc:d6:c0:dc:37:2b:24:8d:91:51:55:
                    97:75:88:00:fb:ce:83:88:85:3a:ee:ef:a0:1e:29:
                    61:1c:04:b3:0e:e5:c1:dd:ed:cf:17:29:54:05:17:
                    72:af:33:38:1f:49:41:d9:1b:6f:fb:12:61:02:3c:
                    b9:07:db:b9:64:7e:3d:f4:57:2a:f5:16:a7:6d:f2:
                    30:88:7c:8b:86:eb:ac:b6:cb:33:76:77:4f:97:a7:
                    ba:ff:21:4b:96:28:1f:23:18:35:64:23:5f:46:88:
                    9b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E4:8D:D6:AE:29:26:00:1B:84:1A:F9:D3:91:A6:8E:FB:CA:D1:89
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/U-SN1q4pJgAbhBr505GmjvvK0Yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:eb:15:de:cd:26:e5:2a:3c:1e:8c:a7:a5:ba:c0:3c:b1:13:
         3f:47:2b:b2:a3:9c:a3:27:7e:d8:2b:9a:08:f9:c1:e5:9a:58:
         89:60:e9:8a:d8:df:90:da:74:7e:d9:fa:b2:6b:c4:15:3b:7c:
         72:17:f1:b1:2f:73:39:55:fd:46:fc:77:93:a1:c4:49:9c:50:
         d3:2a:0f:51:72:6f:4f:ad:fa:ab:3d:39:70:f4:4b:ab:af:bf:
         f9:77:83:e9:f6:9e:72:29:5f:8d:32:fa:78:53:22:a5:c3:23:
         32:f1:f1:81:63:69:15:e7:0b:c8:8e:cc:69:fe:54:04:d8:8e:
         a4:99:7e:26:e9:10:d5:27:26:f4:b1:62:d6:dc:1e:db:e8:0a:
         33:44:3c:9f:3d:01:5a:53:5b:d4:0a:47:8e:cb:fa:9d:d2:f7:
         60:36:6b:32:2d:75:ec:ad:eb:53:53:44:a0:4c:b1:16:a0:f0:
         41:3d:91:2e:61:1c:b8:a5:40:db:69:e1:59:03:b0:c3:21:0e:
         4f:fd:a2:13:69:e6:3f:dd:35:19:46:bc:fc:55:57:a0:1f:15:
         cb:6d:6f:45:ed:b3:a8:9b:95:be:23:3e:89:a8:dc:07:a5:01:
         0a:93:95:06:58:59:67:89:23:5a:3d:18:33:52:ca:25:89:ae:
         1a:8f:d9:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMpd/54+PaqjRzWobZ7OGyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjQxMTE0MDY1OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2U0OGRkNmFlMjkyNjAwMWI4NDFhZjlkMzkxYTY4ZWZiY2FkMTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrcvsPX5g6j0Ardt71PTlCfjYFvL
FyBdbwAhABN9/sFEcKPze+6wYKG9xJEHZ1UQ0KPnVOl5DYT6/bIB5e5Y7x/ccIVu
tQiAs04mXaHK4742rjjbHESwM2fVNi1a60x6RxWYEK6AOfBImuGTZHGTCt1lULlY
2VFaXO934xk/x3YxtqoxJWAs8fqeblncZeG2YNGFTEbR6rfL/NbA3DcrJI2RUVWX
dYgA+86DiIU67u+gHilhHASzDuXB3e3PFylUBRdyrzM4H0lB2Rtv+xJhAjy5B9u5
ZH499Fcq9RanbfIwiHyLhuustsszdndPl6e6/yFLligfIxg1ZCNfRoibowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPkjdauKSYAG4Qa+dORpo77ytGJMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvVS1TTjFxNHBKZ0FiaEJyNTA1R21qdnZLMFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4lMA0G
CSqGSIb3DQEBCwUAA4IBAQCL6xXezSblKjwejKelusA8sRM/Ryuyo5yjJ37YK5oI
+cHlmliJYOmK2N+Q2nR+2fqya8QVO3xyF/GxL3M5Vf1G/HeTocRJnFDTKg9Rcm9P
rfqrPTlw9Eurr7/5d4Pp9p5yKV+NMvp4UyKlwyMy8fGBY2kV5wvIjsxp/lQE2I6k
mX4m6RDVJyb0sWLW3B7b6AozRDyfPQFaU1vUCkeOy/qd0vdgNmsyLXXsretTU0Sg
TLEWoPBBPZEuYRy4pUDbaeFZA7DDIQ5P/aITaeY/3TUZRrz8VVegHxXLbW9F7bOo
m5W+Iz6JqNwHpQEKk5UGWFlniSNaPRgzUsolia4aj9ma
-----END CERTIFICATE-----