Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/w3CgoF7l6g6nY6myE4jfmWURNe8.roa
File:                     w3CgoF7l6g6nY6myE4jfmWURNe8.roa (raw, json)
Hash identifier:          QQ2Y4XksmHFCCOhDUdNxNBn6+ux8H258WAIhCJS010Q=
Subject key identifier:   C3:70:A0:A0:5E:E5:EA:0E:A7:63:A9:B2:13:88:DF:99:65:11:35:EF
Certificate issuer:       /CN=22a19ed85a2c0cfc4f50bead16fc9f6f1465ad11
Certificate serial:       018EA855E429FF17F7AF11B2B4E8901678C2
Authority key identifier: 22:A1:9E:D8:5A:2C:0C:FC:4F:50:BE:AD:16:FC:9F:6F:14:65:AD:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/w3CgoF7l6g6nY6myE4jfmWURNe8.roa
Signing time:             Thu 04 Apr 2024 08:59:44 +0000
ROA not before:           Thu 04 Apr 2024 08:59:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203591
IP address blocks:        217.29.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:55:e4:29:ff:17:f7:af:11:b2:b4:e8:90:16:78:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a19ed85a2c0cfc4f50bead16fc9f6f1465ad11
        Validity
            Not Before: Apr  4 08:59:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c370a0a05ee5ea0ea763a9b21388df99651135ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:72:52:57:e6:e0:af:25:ca:a2:cb:19:17:69:
                    f8:1f:5f:69:5b:de:b5:59:d4:5f:fd:8a:8f:34:46:
                    ef:37:17:5b:f7:5d:ce:e7:1d:c8:ce:73:c9:7c:d8:
                    7b:fe:eb:8d:fc:2c:6b:86:46:24:55:ff:6a:a8:bd:
                    28:f2:84:91:d8:c4:e3:66:12:a0:15:4e:2f:69:fb:
                    b2:35:fe:1e:88:6a:33:59:c1:5e:ed:17:5f:b4:26:
                    42:11:2e:45:33:2a:d7:b9:b9:36:0c:56:8b:d1:98:
                    59:63:30:72:71:aa:c5:40:3c:62:2e:e1:39:47:8a:
                    30:de:16:9d:b0:a4:08:fb:eb:b4:5e:e0:6f:67:50:
                    de:4a:89:ce:bf:b6:f9:97:d9:f6:ac:58:c2:8c:b2:
                    40:05:f6:39:6d:18:4c:64:b8:91:9e:6e:33:17:2c:
                    54:25:0f:f3:25:53:34:f8:3a:4a:06:68:03:14:2a:
                    36:c2:a8:7b:d1:b1:1a:4c:b4:98:82:78:3e:d0:99:
                    75:4f:48:e9:b5:9a:aa:7d:28:31:1c:9f:60:7f:ff:
                    24:57:f9:5d:46:d5:bc:83:53:50:23:ce:60:a7:a1:
                    79:33:f0:f3:eb:a0:fb:fc:94:9e:6c:58:55:20:d3:
                    b3:da:c3:10:e8:ac:26:31:70:fb:e9:ae:64:b4:50:
                    f8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:70:A0:A0:5E:E5:EA:0E:A7:63:A9:B2:13:88:DF:99:65:11:35:EF
            X509v3 Authority Key Identifier:
                keyid:22:A1:9E:D8:5A:2C:0C:FC:4F:50:BE:AD:16:FC:9F:6F:14:65:AD:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/w3CgoF7l6g6nY6myE4jfmWURNe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.29.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:f3:36:10:61:bc:8d:37:12:26:74:05:af:c8:da:3c:0a:92:
         c0:2c:ac:f1:76:f7:8e:36:b3:d7:45:0b:08:5a:fc:ac:56:d7:
         46:24:1e:b2:16:c6:1c:14:bc:f2:8f:1e:75:c6:4a:47:af:ee:
         7d:82:88:37:b0:0d:ff:55:31:87:73:62:2b:bd:3a:3d:f3:fc:
         5f:38:df:86:bf:17:39:57:ee:db:d7:15:25:d7:94:89:38:17:
         d6:1b:72:db:fa:5e:e9:54:49:fa:82:3c:cd:72:39:8d:f2:4a:
         e5:d4:3e:12:db:17:bc:6a:5f:2b:4b:f9:45:21:31:23:46:eb:
         7b:86:3c:0f:20:80:64:7c:35:91:c0:e0:e0:0b:73:b7:6e:ea:
         59:fb:01:02:30:21:a0:fa:d2:8d:31:9f:1b:98:45:6e:74:49:
         20:e6:8b:32:23:7b:64:07:2b:56:13:53:23:48:6f:c8:9a:b8:
         ca:a5:f8:df:1b:23:48:e0:9f:4e:58:99:05:e6:be:ec:e0:ab:
         29:05:b7:b1:9c:28:be:ca:ab:d8:b3:0c:29:9d:20:b5:e4:59:
         c3:34:6e:a8:ae:60:ea:f4:ca:d4:3a:1b:d8:a3:05:cf:62:52:
         4e:2a:c9:a5:84:cd:c2:e2:94:b4:1f:81:1a:fd:06:ac:dc:9b:
         2b:f2:b6:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6oVeQp/xf3rxGytOiQFnjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTE5ZWQ4NWEyYzBjZmM0ZjUwYmVhZDE2ZmM5ZjZmMTQ2
NWFkMTEwHhcNMjQwNDA0MDg1OTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzcwYTBhMDVlZTVlYTBlYTc2M2E5YjIxMzg4ZGY5OTY1MTEzNWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXJSV+bgryXKossZF2n4H19pW961
WdRf/YqPNEbvNxdb913O5x3IznPJfNh7/uuN/CxrhkYkVf9qqL0o8oSR2MTjZhKg
FU4vafuyNf4eiGozWcFe7RdftCZCES5FMyrXubk2DFaL0ZhZYzBycarFQDxiLuE5
R4ow3hadsKQI++u0XuBvZ1DeSonOv7b5l9n2rFjCjLJABfY5bRhMZLiRnm4zFyxU
JQ/zJVM0+DpKBmgDFCo2wqh70bEaTLSYgng+0Jl1T0jptZqqfSgxHJ9gf/8kV/ld
RtW8g1NQI85gp6F5M/Dz66D7/JSebFhVINOz2sMQ6KwmMXD76a5ktFD4YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNwoKBe5eoOp2OpshOI35llETXvMB8GA1UdIwQY
MBaAFCKhnthaLAz8T1C+rRb8n28UZa0RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFHZTJGb3NEUHhQVUw2dEZ2eWZieFJsclJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9lN2VkZmYtODZkYS00NDlmLWI4OWMt
ZDdiMmFkMDFhMWQ3LzEvdzNDZ29GN2w2ZzZuWTZteUU0amZtV1VSTmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9lN2VkZmYtODZkYS00NDlmLWI4OWMtZDdiMmFkMDFhMWQ3
LzEvSXFHZTJGb3NEUHhQVUw2dEZ2eWZieFJsclJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2R3DMA0G
CSqGSIb3DQEBCwUAA4IBAQAr8zYQYbyNNxImdAWvyNo8CpLALKzxdveONrPXRQsI
WvysVtdGJB6yFsYcFLzyjx51xkpHr+59gog3sA3/VTGHc2IrvTo98/xfON+Gvxc5
V+7b1xUl15SJOBfWG3Lb+l7pVEn6gjzNcjmN8krl1D4S2xe8al8rS/lFITEjRut7
hjwPIIBkfDWRwODgC3O3bupZ+wECMCGg+tKNMZ8bmEVudEkg5osyI3tkBytWE1Mj
SG/ImrjKpfjfGyNI4J9OWJkF5r7s4KspBbexnCi+yqvYswwpnSC15FnDNG6ormDq
9MrUOhvYowXPYlJOKsmlhM3C4pS0H4Ea/Qas3Jsr8rbj
-----END CERTIFICATE-----