Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/PfPFTfURvD0zr8KPJJWrNmJcMwQ.roa
File:                     PfPFTfURvD0zr8KPJJWrNmJcMwQ.roa (raw, json)
Hash identifier:          HP/0UdIbGiN2QQtkZJS1PFINLsfYf0FkesoPJ6mmyw4=
Subject key identifier:   3D:F3:C5:4D:F5:11:BC:3D:33:AF:C2:8F:24:95:AB:36:62:5C:33:04
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       0191DA20805D7CA5828BF8E347C1022BA1F8
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/PfPFTfURvD0zr8KPJJWrNmJcMwQ.roa
Signing time:             Tue 10 Sep 2024 04:10:48 +0000
ROA not before:           Tue 10 Sep 2024 04:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60542
IP address blocks:        193.107.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:da:20:80:5d:7c:a5:82:8b:f8:e3:47:c1:02:2b:a1:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Sep 10 04:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3df3c54df511bc3d33afc28f2495ab36625c3304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ad:80:88:56:15:2c:a5:99:30:69:11:cb:e9:
                    04:f2:4a:a9:2f:87:32:56:58:c4:6f:87:e9:4f:4c:
                    b0:f5:40:91:96:be:a3:67:df:cd:3d:52:2d:b5:6a:
                    7e:1d:24:c5:8f:4a:fb:06:1c:3e:a6:6f:7f:28:f9:
                    87:6a:ae:8e:bc:90:df:b0:2b:c6:c6:40:9d:26:02:
                    c3:61:95:7d:9e:fd:ee:b3:83:d4:b6:cb:fe:11:77:
                    df:8c:4a:a5:03:fc:0d:26:15:26:ec:28:54:c8:72:
                    52:5b:08:fa:11:34:46:87:bb:f4:22:a3:d9:b8:1d:
                    35:9b:0e:cf:a4:fd:dc:d1:bf:a1:04:6c:1f:64:d4:
                    63:eb:d9:ba:3d:28:41:0e:6e:a3:2f:c1:d7:ac:f5:
                    fe:bc:c5:44:9c:3c:4d:5a:cb:bd:f7:08:4c:87:cd:
                    d4:a0:75:ca:92:9c:e5:af:ae:8e:01:03:32:8f:a0:
                    0c:51:1c:cc:8b:e6:0a:d6:f7:2a:1d:11:86:1d:d1:
                    53:fe:21:dc:aa:3b:8c:db:db:48:b0:d3:03:de:0e:
                    d0:82:ad:30:76:ad:18:0d:7b:41:6e:d1:3d:34:35:
                    a9:b8:26:39:69:84:3f:85:4c:bb:a4:29:28:d3:a3:
                    e0:68:74:53:2c:57:75:00:54:0c:33:6f:21:29:f2:
                    7c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F3:C5:4D:F5:11:BC:3D:33:AF:C2:8F:24:95:AB:36:62:5C:33:04
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/PfPFTfURvD0zr8KPJJWrNmJcMwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:ab:6a:95:f2:4d:9e:09:63:25:38:76:e4:be:ff:5d:38:07:
         67:2a:e6:19:96:45:f0:ea:76:50:da:71:fc:c8:16:58:89:33:
         3e:c6:37:4e:6b:55:6d:65:6f:6e:be:fe:f2:4d:10:92:cb:64:
         b7:bf:9d:96:36:43:fa:e8:51:61:73:c2:97:1e:a1:2c:d4:5f:
         b0:a3:09:c4:e8:3e:ef:c1:fd:48:44:61:ed:27:52:f4:20:7f:
         3d:49:96:db:89:3b:d4:de:9e:d0:f8:e3:eb:dc:79:ff:bb:33:
         38:a3:f7:b7:c6:10:14:59:4f:27:c2:6b:ea:1f:40:d7:a1:2a:
         49:cc:c7:d2:79:99:1f:ab:d3:5a:33:e4:2d:0e:44:a6:24:51:
         bf:71:cd:ca:af:aa:a3:72:73:95:95:11:41:36:b8:3e:f0:fd:
         3c:cd:ad:b4:57:d0:5a:6b:8b:5d:6a:e8:b9:e0:02:e9:93:de:
         bc:29:6c:e8:f5:f1:e5:4d:d6:5e:55:26:2e:92:d4:42:b7:7d:
         84:79:93:8e:1f:19:4f:9f:59:11:34:21:47:79:02:44:a3:d3:
         0c:46:a6:38:77:ae:1e:98:69:ac:09:8c:fb:70:06:28:55:cc:
         ef:52:ea:19:c2:87:f1:26:b5:30:9b:8a:dd:1e:28:96:8a:5b:
         b1:bb:62:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHaIIBdfKWCi/jjR8ECK6H4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwOTEwMDQxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGYzYzU0ZGY1MTFiYzNkMzNhZmMyOGYyNDk1YWIzNjYyNWMzMzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK2AiFYVLKWZMGkRy+kE8kqpL4cy
VljEb4fpT0yw9UCRlr6jZ9/NPVIttWp+HSTFj0r7Bhw+pm9/KPmHaq6OvJDfsCvG
xkCdJgLDYZV9nv3us4PUtsv+EXffjEqlA/wNJhUm7ChUyHJSWwj6ETRGh7v0IqPZ
uB01mw7PpP3c0b+hBGwfZNRj69m6PShBDm6jL8HXrPX+vMVEnDxNWsu99whMh83U
oHXKkpzlr66OAQMyj6AMURzMi+YK1vcqHRGGHdFT/iHcqjuM29tIsNMD3g7Qgq0w
dq0YDXtBbtE9NDWpuCY5aYQ/hUy7pCko06PgaHRTLFd1AFQMM28hKfJ8LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3zxU31Ebw9M6/CjySVqzZiXDMEMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvUGZQRlRmVVJ2RDB6cjhLUEpKV3JObUpjTXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWvZMA0G
CSqGSIb3DQEBCwUAA4IBAQCmq2qV8k2eCWMlOHbkvv9dOAdnKuYZlkXw6nZQ2nH8
yBZYiTM+xjdOa1VtZW9uvv7yTRCSy2S3v52WNkP66FFhc8KXHqEs1F+wownE6D7v
wf1IRGHtJ1L0IH89SZbbiTvU3p7Q+OPr3Hn/uzM4o/e3xhAUWU8nwmvqH0DXoSpJ
zMfSeZkfq9NaM+QtDkSmJFG/cc3Kr6qjcnOVlRFBNrg+8P08za20V9Baa4tdaui5
4ALpk968KWzo9fHlTdZeVSYuktRCt32EeZOOHxlPn1kRNCFHeQJEo9MMRqY4d64e
mGmsCYz7cAYoVczvUuoZwofxJrUwm4rdHiiWiluxu2IQ
-----END CERTIFICATE-----