Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/L_qsbBfVyL3l9SagoQBKCLrVtEw.roa
File:                     L_qsbBfVyL3l9SagoQBKCLrVtEw.roa (raw, json)
Hash identifier:          03I9prqnz0zpB06MZCjGZQRrcQGM48WJMHEMaihRoKk=
Subject key identifier:   2F:FA:AC:6C:17:D5:C8:BD:E5:F5:26:A0:A1:00:4A:08:BA:D5:B4:4C
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0194221F856C593DA19396E3418F8E1A28A7
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/L_qsbBfVyL3l9SagoQBKCLrVtEw.roa
Signing time:             Wed 01 Jan 2025 13:47:58 +0000
ROA not before:           Wed 01 Jan 2025 13:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        217.67.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 01:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:85:6c:59:3d:a1:93:96:e3:41:8f:8e:1a:28:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ffaac6c17d5c8bde5f526a0a1004a08bad5b44c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2d:a4:f1:ef:c4:96:db:5a:bb:6f:e2:20:d1:
                    c3:09:b1:f8:b4:18:eb:c6:85:d1:70:f1:e2:01:f3:
                    3a:41:15:1c:bb:43:05:90:fd:cb:5d:6a:fd:6e:73:
                    1b:a6:e5:42:58:c6:ac:57:be:0f:96:a0:89:18:f2:
                    b1:33:e1:1b:66:46:cd:f0:13:a0:37:76:1e:be:bc:
                    13:fa:3b:36:42:81:58:b5:de:19:c9:a1:95:25:b3:
                    b1:b0:0c:80:fb:31:fd:7c:ef:3e:5c:38:de:5a:5c:
                    03:c3:49:f5:e9:ba:e4:37:9f:00:40:09:c5:c7:43:
                    a2:96:98:d7:df:24:83:7b:3f:bd:ec:e3:f3:b2:77:
                    aa:70:ee:a0:3c:9b:fa:f2:ec:7f:ee:86:89:33:06:
                    6b:02:9b:a3:12:fe:62:f5:da:70:2b:ee:6d:8e:2e:
                    a3:c2:07:52:01:f7:31:07:d6:d3:78:29:33:3a:ce:
                    81:e1:75:37:4e:92:b4:87:32:ab:50:44:85:d6:00:
                    f3:d6:ea:fd:35:5c:d6:0a:21:a7:ef:e2:ee:f6:d9:
                    99:36:a8:83:a0:83:4b:c3:59:aa:89:7c:16:0f:02:
                    fc:89:77:7d:59:48:83:14:dd:c2:9c:e5:8b:4f:46:
                    1c:f0:27:44:54:ef:aa:72:6d:62:74:c5:b5:7a:69:
                    a6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:FA:AC:6C:17:D5:C8:BD:E5:F5:26:A0:A1:00:4A:08:BA:D5:B4:4C
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/L_qsbBfVyL3l9SagoQBKCLrVtEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.67.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:e8:f7:9b:2d:12:6e:98:06:56:a5:01:c4:b6:7b:1b:56:1a:
         2f:eb:02:98:63:bd:2c:dc:02:cf:c7:02:30:41:fe:e6:f7:a0:
         83:51:70:59:d5:b5:6d:3f:ff:89:6a:d6:d5:29:8e:a7:cb:8d:
         5e:55:dc:48:14:aa:44:d8:57:1c:aa:6f:3d:4c:45:3e:bd:e5:
         0c:7f:98:d0:01:69:db:ce:1a:47:d4:b2:9e:23:45:d2:5b:54:
         69:a6:25:fb:e0:86:a1:e7:c8:1a:18:f4:cb:4c:a1:97:12:ba:
         c6:0e:6d:a7:ae:61:8e:e9:d1:0e:95:40:74:f9:5c:23:92:7c:
         fc:6a:1a:57:ad:37:2a:35:d4:df:a5:af:42:95:14:3d:73:8e:
         e9:74:27:77:80:b7:39:c6:33:8a:12:23:62:94:2a:ed:f5:f6:
         86:24:89:20:ae:aa:1f:ff:b6:58:dc:44:81:dd:c2:16:64:53:
         9a:10:10:e7:3f:19:4b:8c:85:70:3c:07:d6:dc:25:d5:92:e3:
         f5:cc:93:1d:ea:14:6e:2a:00:30:a1:3c:5d:9a:91:96:ce:46:
         de:43:ec:c8:60:34:52:02:e8:ca:bc:50:de:64:e3:86:d1:a0:
         50:4b:81:76:1d:1e:53:52:3f:fc:35:29:ca:aa:7f:c4:51:5e:
         9c:74:93:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4VsWT2hk5bjQY+OGiinMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmZhYWM2YzE3ZDVjOGJkZTVmNTI2YTBhMTAwNGEwOGJhZDViNDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS2k8e/Elttau2/iINHDCbH4tBjr
xoXRcPHiAfM6QRUcu0MFkP3LXWr9bnMbpuVCWMasV74PlqCJGPKxM+EbZkbN8BOg
N3YevrwT+js2QoFYtd4ZyaGVJbOxsAyA+zH9fO8+XDjeWlwDw0n16brkN58AQAnF
x0OilpjX3ySDez+97OPzsneqcO6gPJv68ux/7oaJMwZrApujEv5i9dpwK+5tji6j
wgdSAfcxB9bTeCkzOs6B4XU3TpK0hzKrUESF1gDz1ur9NVzWCiGn7+Lu9tmZNqiD
oINLw1mqiXwWDwL8iXd9WUiDFN3CnOWLT0Yc8CdEVO+qcm1idMW1emmmCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/6rGwX1ci95fUmoKEASgi61bRMMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvTF9xc2JCZlZ5TDNsOVNhZ29RQktDTHJWdEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2UNOMA0G
CSqGSIb3DQEBCwUAA4IBAQCI6PebLRJumAZWpQHEtnsbVhov6wKYY70s3ALPxwIw
Qf7m96CDUXBZ1bVtP/+JatbVKY6ny41eVdxIFKpE2Fccqm89TEU+veUMf5jQAWnb
zhpH1LKeI0XSW1RppiX74Iah58gaGPTLTKGXErrGDm2nrmGO6dEOlUB0+Vwjknz8
ahpXrTcqNdTfpa9ClRQ9c47pdCd3gLc5xjOKEiNilCrt9faGJIkgrqof/7ZY3ESB
3cIWZFOaEBDnPxlLjIVwPAfW3CXVkuP1zJMd6hRuKgAwoTxdmpGWzkbeQ+zIYDRS
AujKvFDeZOOG0aBQS4F2HR5TUj/8NSnKqn/EUV6cdJMu
-----END CERTIFICATE-----