Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/Yg6DTQFOxUODDTv6-H6dvQEVbTM.roa
File:                     Yg6DTQFOxUODDTv6-H6dvQEVbTM.roa (raw, json)
Hash identifier:          PJ7rQ8sF0YgySYec9mOacXXxzI2i0BkcNGpRRCBKL7I=
Subject key identifier:   62:0E:83:4D:01:4E:C5:43:83:0D:3B:FA:F8:7E:9D:BD:01:15:6D:33
Certificate issuer:       /CN=bccd52a6a7f957171b15f7be5e20916428369401
Certificate serial:       01942824DF0BD3264EF4A9F61D3A5A49EE2A
Authority key identifier: BC:CD:52:A6:A7:F9:57:17:1B:15:F7:BE:5E:20:91:64:28:36:94:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/Yg6DTQFOxUODDTv6-H6dvQEVbTM.roa
Signing time:             Thu 02 Jan 2025 17:51:32 +0000
ROA not before:           Thu 02 Jan 2025 17:51:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        217.140.64.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 10:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:df:0b:d3:26:4e:f4:a9:f6:1d:3a:5a:49:ee:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bccd52a6a7f957171b15f7be5e20916428369401
        Validity
            Not Before: Jan  2 17:51:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=620e834d014ec543830d3bfaf87e9dbd01156d33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fe:83:92:ac:f4:40:b5:2e:0d:af:91:7d:17:
                    24:f5:78:40:59:c9:ee:0c:16:6b:11:6b:0c:03:ae:
                    c0:fd:fe:5e:6f:3b:27:cd:4c:64:d7:f0:4d:51:64:
                    d1:c7:29:d9:fc:74:9d:ef:09:9d:59:07:2a:b1:c4:
                    52:01:2a:49:e7:1c:4f:c7:d8:78:9b:5f:f0:7d:07:
                    9a:21:3b:1d:0b:37:81:9b:19:92:63:20:23:2b:0e:
                    ff:2f:77:a8:91:b4:23:38:56:0b:12:4a:fb:6c:fb:
                    a0:cb:c6:97:b3:78:44:40:65:60:03:c9:4b:73:24:
                    eb:b0:1f:bc:34:b6:8f:b5:a8:bd:58:c6:fe:7b:90:
                    49:8b:18:77:76:67:3a:ce:8e:d7:43:ef:fb:d9:55:
                    7b:2d:99:1a:72:6c:4b:6d:cf:92:a6:1f:6f:3b:36:
                    59:26:86:86:95:53:fe:9c:fb:f4:f0:71:2f:e0:61:
                    24:eb:c6:1f:18:67:aa:70:3d:a5:0a:c5:70:de:a9:
                    3a:ca:6b:3a:5c:44:3e:cd:bd:12:63:43:0b:83:0d:
                    21:a3:9a:b5:74:ad:c0:ac:f0:97:7e:b5:81:37:91:
                    ef:69:74:bc:ca:36:8e:5f:2c:d8:b4:19:56:93:35:
                    da:6a:5b:72:21:ae:a7:25:b9:05:95:b4:5a:6d:cd:
                    e1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0E:83:4D:01:4E:C5:43:83:0D:3B:FA:F8:7E:9D:BD:01:15:6D:33
            X509v3 Authority Key Identifier:
                keyid:BC:CD:52:A6:A7:F9:57:17:1B:15:F7:BE:5E:20:91:64:28:36:94:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/Yg6DTQFOxUODDTv6-H6dvQEVbTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.140.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:4d:b0:2e:50:c0:e1:07:33:21:b0:1a:59:4a:1a:c8:35:6f:
         fd:d8:f5:cf:91:9f:18:90:8b:88:fe:ed:e1:7c:00:80:2e:6d:
         4d:5a:b6:b2:87:fa:9c:b1:99:22:1f:da:50:c4:a8:09:d3:b5:
         24:1f:6b:b3:e0:7c:70:b2:4a:4c:10:96:2a:08:4d:b5:cb:7e:
         e5:f4:80:09:b7:a3:99:5d:1f:1f:43:59:6c:f5:46:1b:f5:2b:
         0b:e4:30:fe:1d:d2:35:68:be:d0:ac:37:d1:df:23:20:33:47:
         77:94:ec:1b:d8:33:6d:e0:33:06:08:35:d1:04:de:c3:f7:3a:
         a0:4a:d1:c8:3a:39:5c:7f:6d:54:d7:86:96:3b:04:50:78:64:
         b8:ff:24:ab:f1:17:de:aa:54:e5:3f:87:56:3b:08:e6:6b:e4:
         7a:39:d3:72:5f:9a:89:fd:35:62:78:73:db:51:bf:ba:df:91:
         2a:2f:b3:01:5e:e0:47:1f:e2:a6:29:17:35:68:83:11:96:e6:
         a4:37:b1:4e:4b:36:da:09:4e:e9:0d:4f:bc:ec:d7:05:bd:f4:
         35:ba:bc:8a:5b:fd:5f:05:2f:4c:00:54:7e:8f:7d:04:93:06:
         94:01:00:cd:0a:e9:a4:a4:e6:5c:15:bd:e4:15:de:27:d0:90:
         58:21:ef:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJN8L0yZO9Kn2HTpaSe4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2Q1MmE2YTdmOTU3MTcxYjE1ZjdiZTVlMjA5MTY0Mjgz
Njk0MDEwHhcNMjUwMTAyMTc1MTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjBlODM0ZDAxNGVjNTQzODMwZDNiZmFmODdlOWRiZDAxMTU2ZDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtv6Dkqz0QLUuDa+RfRck9XhAWcnu
DBZrEWsMA67A/f5ebzsnzUxk1/BNUWTRxynZ/HSd7wmdWQcqscRSASpJ5xxPx9h4
m1/wfQeaITsdCzeBmxmSYyAjKw7/L3eokbQjOFYLEkr7bPugy8aXs3hEQGVgA8lL
cyTrsB+8NLaPtai9WMb+e5BJixh3dmc6zo7XQ+/72VV7LZkacmxLbc+Sph9vOzZZ
JoaGlVP+nPv08HEv4GEk68YfGGeqcD2lCsVw3qk6yms6XEQ+zb0SY0MLgw0ho5q1
dK3ArPCXfrWBN5HvaXS8yjaOXyzYtBlWkzXaaltyIa6nJbkFlbRabc3hrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIOg00BTsVDgw07+vh+nb0BFW0zMB8GA1UdIwQY
MBaAFLzNUqan+VcXGxX3vl4gkWQoNpQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk0xU3BxZjVWeGNiRmZlLVhpQ1JaQ2cybEFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9lZWFiOWEtZDIwNy00YjJlLWE1MjUt
ZTgyM2UxN2JiNWNjLzEvWWc2RFRRRk94VU9ERFR2Ni1INmR2UUVWYlRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9lZWFiOWEtZDIwNy00YjJlLWE1MjUtZTgyM2UxN2JiNWNj
LzEvdk0xU3BxZjVWeGNiRmZlLVhpQ1JaQ2cybEFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2YxAMA0G
CSqGSIb3DQEBCwUAA4IBAQAqTbAuUMDhBzMhsBpZShrINW/92PXPkZ8YkIuI/u3h
fACALm1NWrayh/qcsZkiH9pQxKgJ07UkH2uz4HxwskpMEJYqCE21y37l9IAJt6OZ
XR8fQ1ls9UYb9SsL5DD+HdI1aL7QrDfR3yMgM0d3lOwb2DNt4DMGCDXRBN7D9zqg
StHIOjlcf21U14aWOwRQeGS4/ySr8RfeqlTlP4dWOwjma+R6OdNyX5qJ/TVieHPb
Ub+635EqL7MBXuBHH+KmKRc1aIMRluakN7FOSzbaCU7pDU+87NcFvfQ1uryKW/1f
BS9MAFR+j30EkwaUAQDNCumkpOZcFb3kFd4n0JBYIe/g
-----END CERTIFICATE-----