Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/808471-7daa-4cd2-a860-069da9c84785/1/fXymCcg43rMAKs2mcsEPZsFLWgo.roa
File:                     fXymCcg43rMAKs2mcsEPZsFLWgo.roa (raw, json)
Hash identifier:          Xv/6UgFRd3Mr3j672h6+YnDJ6G+I38/5fynk5ddKwQE=
Subject key identifier:   7D:7C:A6:09:C8:38:DE:B3:00:2A:CD:A6:72:C1:0F:66:C1:4B:5A:0A
Certificate issuer:       /CN=20d617bdb5d768e395e49b41cd81217bd3163ab3
Certificate serial:       018CC5DBF64D8BFA44AF00F5683182566752
Authority key identifier: 20:D6:17:BD:B5:D7:68:E3:95:E4:9B:41:CD:81:21:7B:D3:16:3A:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/INYXvbXXaOOV5JtBzYEhe9MWOrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/808471-7daa-4cd2-a860-069da9c84785/1/fXymCcg43rMAKs2mcsEPZsFLWgo.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57685
IP address blocks:        171.25.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/808471-7daa-4cd2-a860-069da9c84785/1/INYXvbXXaOOV5JtBzYEhe9MWOrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/808471-7daa-4cd2-a860-069da9c84785/1/INYXvbXXaOOV5JtBzYEhe9MWOrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/INYXvbXXaOOV5JtBzYEhe9MWOrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f6:4d:8b:fa:44:af:00:f5:68:31:82:56:67:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20d617bdb5d768e395e49b41cd81217bd3163ab3
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d7ca609c838deb3002acda672c10f66c14b5a0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a0:9b:ef:2b:a2:7c:49:e8:27:00:b1:2f:3a:
                    8f:ea:f5:df:72:95:cc:e8:28:a7:12:10:1b:d9:98:
                    ff:31:a3:41:62:89:8b:08:f8:60:1d:96:06:37:63:
                    09:9a:09:e7:e4:20:b0:01:77:dd:61:1b:7d:e3:58:
                    1b:fd:ea:66:ff:f6:94:9f:5e:cb:0d:d9:c1:b5:f8:
                    84:b6:25:27:f2:ae:5b:0d:90:09:bb:3f:b3:9d:63:
                    a0:bc:cf:8d:5e:52:bd:27:a4:3e:df:a5:01:6f:e5:
                    3d:fa:8f:33:36:47:f3:35:0d:24:2b:ec:67:1a:e3:
                    db:a4:38:ac:64:c4:f4:d7:2c:b7:7e:79:5d:21:20:
                    ff:a4:48:8c:8b:e3:44:55:f7:80:a8:49:23:2f:05:
                    1a:7d:95:8c:29:d9:46:90:53:88:d3:44:d7:85:43:
                    d2:be:8c:ef:c0:dc:d3:95:7e:cf:a7:81:17:dd:51:
                    b1:d9:92:ed:20:7a:f9:67:4b:8e:4b:24:3c:ec:ed:
                    7d:6b:4d:dd:5e:dd:11:2c:b1:8f:fe:05:8d:66:48:
                    ef:76:e7:3b:78:90:9e:8a:e1:54:f4:1b:86:92:7a:
                    b5:52:63:c8:37:fb:67:e9:57:01:0f:ed:1b:f5:8d:
                    a6:be:07:6b:3e:1d:d4:b2:15:97:b1:69:e5:8c:62:
                    e0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:7C:A6:09:C8:38:DE:B3:00:2A:CD:A6:72:C1:0F:66:C1:4B:5A:0A
            X509v3 Authority Key Identifier:
                keyid:20:D6:17:BD:B5:D7:68:E3:95:E4:9B:41:CD:81:21:7B:D3:16:3A:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/INYXvbXXaOOV5JtBzYEhe9MWOrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/808471-7daa-4cd2-a860-069da9c84785/1/fXymCcg43rMAKs2mcsEPZsFLWgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/808471-7daa-4cd2-a860-069da9c84785/1/INYXvbXXaOOV5JtBzYEhe9MWOrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:ef:34:39:23:cb:c6:fd:05:a2:49:03:1b:81:e2:b4:5a:11:
         1f:c9:53:e8:7d:f2:bd:a1:90:5a:a5:69:f6:b3:ab:8d:48:c9:
         eb:d5:40:e9:df:49:8c:d7:a7:18:ab:5d:68:12:21:83:13:f1:
         a0:b2:95:76:a3:5b:e1:96:f1:a9:7e:19:d1:2d:60:af:ec:64:
         81:b7:8a:c0:a3:eb:6f:e5:48:ba:94:27:fd:59:30:d5:e3:fd:
         b2:75:92:4d:3b:71:bd:9f:d0:4b:56:8c:62:a3:e0:57:d0:22:
         1a:ff:2d:ac:85:33:9d:3c:eb:25:8a:22:0c:96:4c:da:56:2b:
         ed:85:f6:73:f5:ee:56:12:8a:85:7a:75:89:3d:f8:06:30:10:
         91:d5:53:14:b3:61:58:01:5c:3c:5c:f2:2e:02:ea:ed:55:29:
         0c:fb:29:9a:e0:65:22:87:95:d1:40:d1:74:41:1c:86:85:b4:
         ab:04:04:16:1f:cf:25:72:24:77:88:fb:f3:56:ea:00:df:22:
         92:ef:2d:0f:69:58:8a:bc:df:0c:11:35:37:e4:1a:d3:5a:88:
         6a:59:52:de:c0:5e:ee:bd:f5:df:c4:5b:66:16:03:ed:cf:17:
         ab:8b:d8:eb:e5:c3:1a:96:44:e1:77:6f:1d:6c:4e:5c:30:85:
         04:d4:0b:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/ZNi/pErwD1aDGCVmdSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZDYxN2JkYjVkNzY4ZTM5NWU0OWI0MWNkODEyMTdiZDMx
NjNhYjMwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDdjYTYwOWM4MzhkZWIzMDAyYWNkYTY3MmMxMGY2NmMxNGI1YTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqCb7yuifEnoJwCxLzqP6vXfcpXM
6CinEhAb2Zj/MaNBYomLCPhgHZYGN2MJmgnn5CCwAXfdYRt941gb/epm//aUn17L
DdnBtfiEtiUn8q5bDZAJuz+znWOgvM+NXlK9J6Q+36UBb+U9+o8zNkfzNQ0kK+xn
GuPbpDisZMT01yy3fnldISD/pEiMi+NEVfeAqEkjLwUafZWMKdlGkFOI00TXhUPS
vozvwNzTlX7Pp4EX3VGx2ZLtIHr5Z0uOSyQ87O19a03dXt0RLLGP/gWNZkjvduc7
eJCeiuFU9BuGknq1UmPIN/tn6VcBD+0b9Y2mvgdrPh3UshWXsWnljGLgawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH18pgnION6zACrNpnLBD2bBS1oKMB8GA1UdIwQY
MBaAFCDWF72112jjleSbQc2BIXvTFjqzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU5ZWHZiWFhhT09WNUp0QnpZRWhlOU1XT3JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy84MDg0NzEtN2RhYS00Y2QyLWE4NjAt
MDY5ZGE5Yzg0Nzg1LzEvZlh5bUNjZzQzck1BS3MybWNzRVBac0ZMV2dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy84MDg0NzEtN2RhYS00Y2QyLWE4NjAtMDY5ZGE5Yzg0Nzg1
LzEvSU5ZWHZiWFhhT09WNUp0QnpZRWhlOU1XT3JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxmzMA0G
CSqGSIb3DQEBCwUAA4IBAQAh7zQ5I8vG/QWiSQMbgeK0WhEfyVPoffK9oZBapWn2
s6uNSMnr1UDp30mM16cYq11oEiGDE/GgspV2o1vhlvGpfhnRLWCv7GSBt4rAo+tv
5Ui6lCf9WTDV4/2ydZJNO3G9n9BLVoxio+BX0CIa/y2shTOdPOsliiIMlkzaVivt
hfZz9e5WEoqFenWJPfgGMBCR1VMUs2FYAVw8XPIuAurtVSkM+yma4GUih5XRQNF0
QRyGhbSrBAQWH88lciR3iPvzVuoA3yKS7y0PaViKvN8METU35BrTWohqWVLewF7u
vfXfxFtmFgPtzxeri9jr5cMalkThd28dbE5cMIUE1AuC
-----END CERTIFICATE-----