Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/PH8esjlGPr5XZMLNZBxjvSMMmns.roa
File:                     PH8esjlGPr5XZMLNZBxjvSMMmns.roa (raw, json)
Hash identifier:          SLv7cyYvUTE3oyGowfNA00S/oJCYt4i19Q1cbVhOESM=
Subject key identifier:   3C:7F:1E:B2:39:46:3E:BE:57:64:C2:CD:64:1C:63:BD:23:0C:9A:7B
Certificate issuer:       /CN=bccd52a6a7f957171b15f7be5e20916428369401
Certificate serial:       01942824DD904301E4F1F919CCD32D033644
Authority key identifier: BC:CD:52:A6:A7:F9:57:17:1B:15:F7:BE:5E:20:91:64:28:36:94:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/PH8esjlGPr5XZMLNZBxjvSMMmns.roa
Signing time:             Thu 02 Jan 2025 17:51:32 +0000
ROA not before:           Thu 02 Jan 2025 17:51:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        217.140.64.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:dd:90:43:01:e4:f1:f9:19:cc:d3:2d:03:36:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bccd52a6a7f957171b15f7be5e20916428369401
        Validity
            Not Before: Jan  2 17:51:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c7f1eb239463ebe5764c2cd641c63bd230c9a7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9e:a6:bd:77:fd:55:11:e8:be:62:6a:4c:1d:
                    b6:ea:b9:68:b7:63:3f:ef:d3:96:9b:b7:bb:02:89:
                    2a:4f:d3:e7:b1:8b:05:9f:13:30:46:0b:c9:3b:27:
                    1d:ce:b0:31:48:74:db:ad:05:c3:47:76:5a:ff:9d:
                    07:bf:01:c5:8a:3f:95:ba:4d:11:d5:57:60:dc:0f:
                    73:8e:ea:2f:1f:cb:13:e4:c6:98:5a:56:d1:57:a4:
                    45:ba:50:b7:9c:2f:cf:35:de:e3:46:88:0a:d8:c2:
                    68:0c:90:b3:e5:0e:50:71:b0:52:93:49:8f:fc:fe:
                    1a:3d:88:54:78:9e:12:7c:f9:1d:61:61:65:95:e0:
                    b9:36:f4:4b:af:77:62:f4:e0:05:26:48:24:72:ca:
                    b0:20:cf:7c:15:08:fa:cd:48:5c:09:30:11:8b:7b:
                    a6:f7:10:da:18:20:2b:b0:5c:f2:3b:c8:30:73:ad:
                    81:45:91:1d:b1:ec:cd:4b:a1:55:14:d6:19:e5:fe:
                    10:37:12:43:9a:11:04:2e:db:c6:2d:2d:66:5c:26:
                    74:c2:d1:55:17:5e:ae:15:0a:41:37:80:28:52:c5:
                    df:8b:e1:aa:80:e3:63:4b:0b:73:22:7b:5f:70:da:
                    36:72:b6:6f:de:7b:0f:5e:71:61:47:d6:b2:a1:bc:
                    09:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:7F:1E:B2:39:46:3E:BE:57:64:C2:CD:64:1C:63:BD:23:0C:9A:7B
            X509v3 Authority Key Identifier:
                keyid:BC:CD:52:A6:A7:F9:57:17:1B:15:F7:BE:5E:20:91:64:28:36:94:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/PH8esjlGPr5XZMLNZBxjvSMMmns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.140.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         17:12:42:67:3b:5c:dd:60:81:c3:a4:3d:fa:af:08:49:cd:19:
         d8:7c:92:f2:fa:22:bf:86:2c:85:19:61:4d:7d:74:be:c7:e0:
         38:6d:64:94:08:24:f3:0f:98:59:e0:f4:62:fb:d2:26:e8:f7:
         96:ac:87:c2:8e:61:0d:f8:fb:9e:84:91:c6:44:39:dd:3c:56:
         ae:26:ea:80:e0:8e:1d:83:dc:64:8f:62:92:22:ca:e6:82:8f:
         c1:ea:dd:86:7a:cd:77:de:66:fc:0d:49:c8:d1:5c:23:a3:75:
         ba:84:76:74:08:9e:d4:2c:42:06:84:7a:c1:da:fc:54:99:f2:
         c6:f7:8b:cb:3d:10:59:4d:0f:ac:b4:1a:dc:05:fc:8d:8a:47:
         8e:9b:2e:70:a2:a7:34:fa:7c:28:cf:3e:1d:b3:e5:61:a0:59:
         97:4a:be:9e:e0:c3:c6:43:af:84:02:9d:45:5c:5b:c8:76:d5:
         ab:a4:e5:62:1e:7c:c6:90:7b:86:34:d8:de:5c:d2:07:fb:c0:
         52:87:2f:81:42:0c:d0:f3:c3:86:dc:ca:af:f9:69:1d:10:5a:
         3e:9e:3f:6a:0c:2d:6f:cf:52:a0:1b:02:ed:6f:cc:a8:98:48:
         d7:2f:1b:da:da:e3:a7:b8:0e:c0:b3:89:69:6f:9e:a5:9b:a6:
         e0:58:e5:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJN2QQwHk8fkZzNMtAzZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2Q1MmE2YTdmOTU3MTcxYjE1ZjdiZTVlMjA5MTY0Mjgz
Njk0MDEwHhcNMjUwMTAyMTc1MTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzdmMWViMjM5NDYzZWJlNTc2NGMyY2Q2NDFjNjNiZDIzMGM5YTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp6mvXf9VRHovmJqTB226rlot2M/
79OWm7e7AokqT9PnsYsFnxMwRgvJOycdzrAxSHTbrQXDR3Za/50HvwHFij+Vuk0R
1Vdg3A9zjuovH8sT5MaYWlbRV6RFulC3nC/PNd7jRogK2MJoDJCz5Q5QcbBSk0mP
/P4aPYhUeJ4SfPkdYWFlleC5NvRLr3di9OAFJkgkcsqwIM98FQj6zUhcCTARi3um
9xDaGCArsFzyO8gwc62BRZEdsezNS6FVFNYZ5f4QNxJDmhEELtvGLS1mXCZ0wtFV
F16uFQpBN4AoUsXfi+GqgONjSwtzIntfcNo2crZv3nsPXnFhR9ayobwJPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx/HrI5Rj6+V2TCzWQcY70jDJp7MB8GA1UdIwQY
MBaAFLzNUqan+VcXGxX3vl4gkWQoNpQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk0xU3BxZjVWeGNiRmZlLVhpQ1JaQ2cybEFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9lZWFiOWEtZDIwNy00YjJlLWE1MjUt
ZTgyM2UxN2JiNWNjLzEvUEg4ZXNqbEdQcjVYWk1MTlpCeGp2U01NbW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9lZWFiOWEtZDIwNy00YjJlLWE1MjUtZTgyM2UxN2JiNWNj
LzEvdk0xU3BxZjVWeGNiRmZlLVhpQ1JaQ2cybEFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2YxAMA0G
CSqGSIb3DQEBCwUAA4IBAQAXEkJnO1zdYIHDpD36rwhJzRnYfJLy+iK/hiyFGWFN
fXS+x+A4bWSUCCTzD5hZ4PRi+9Im6PeWrIfCjmEN+PuehJHGRDndPFauJuqA4I4d
g9xkj2KSIsrmgo/B6t2Ges133mb8DUnI0Vwjo3W6hHZ0CJ7ULEIGhHrB2vxUmfLG
94vLPRBZTQ+stBrcBfyNikeOmy5woqc0+nwozz4ds+VhoFmXSr6e4MPGQ6+EAp1F
XFvIdtWrpOViHnzGkHuGNNjeXNIH+8BShy+BQgzQ88OG3Mqv+WkdEFo+nj9qDC1v
z1KgGwLtb8yomEjXLxva2uOnuA7As4lpb56lm6bgWOVp
-----END CERTIFICATE-----