Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/e08e41-d609-41d8-86a2-8e6a295f806f/1/AJ_JTaBqgH15QbkojxbBocYARk8.roa
File:                     AJ_JTaBqgH15QbkojxbBocYARk8.roa (raw, json)
Hash identifier:          3frCoJis+FDJV3rxY8D+GDZRf8/pzVjSpd8vO4H1Aw0=
Subject key identifier:   00:9F:C9:4D:A0:6A:80:7D:79:41:B9:28:8F:16:C1:A1:C6:00:46:4F
Certificate issuer:       /CN=f29a699580185d6510015e1d2ca19eff43641edc
Certificate serial:       018CC802680D73C08DAF994917EA58A25037
Authority key identifier: F2:9A:69:95:80:18:5D:65:10:01:5E:1D:2C:A1:9E:FF:43:64:1E:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ppplYAYXWUQAV4dLKGe_0NkHtw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/e08e41-d609-41d8-86a2-8e6a295f806f/1/AJ_JTaBqgH15QbkojxbBocYARk8.roa
Signing time:             Tue 02 Jan 2024 02:30:50 +0000
ROA not before:           Tue 02 Jan 2024 02:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209729
IP address blocks:        217.24.32.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/e08e41-d609-41d8-86a2-8e6a295f806f/1/8ppplYAYXWUQAV4dLKGe_0NkHtw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/e08e41-d609-41d8-86a2-8e6a295f806f/1/8ppplYAYXWUQAV4dLKGe_0NkHtw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ppplYAYXWUQAV4dLKGe_0NkHtw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:68:0d:73:c0:8d:af:99:49:17:ea:58:a2:50:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f29a699580185d6510015e1d2ca19eff43641edc
        Validity
            Not Before: Jan  2 02:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=009fc94da06a807d7941b9288f16c1a1c600464f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:55:33:92:bf:b0:a3:1c:21:5e:34:d2:75:4a:
                    76:c5:9b:c4:fa:35:a6:28:c3:9f:ce:a3:93:0d:75:
                    e5:58:cb:f4:ed:ce:e3:b3:d8:b1:b3:47:2f:31:69:
                    6a:98:b5:4f:6c:f4:f9:bb:a6:28:bc:72:a9:32:43:
                    f3:7d:33:3c:5c:c5:ad:35:39:4b:29:8a:19:8b:05:
                    85:77:e6:80:53:a3:9c:d4:0c:67:75:b1:cd:8a:4d:
                    5c:48:6c:7f:23:b3:52:7e:8c:99:c9:28:09:3d:ae:
                    ae:cc:95:74:11:a1:af:96:ab:6f:85:d6:8c:c5:95:
                    16:a1:37:3e:a3:aa:9d:bc:1d:be:24:4a:93:18:4c:
                    d4:e9:b4:ef:f2:16:cb:50:71:07:d3:bd:f1:5b:8d:
                    a3:47:54:3e:c5:81:b6:84:32:d2:bb:29:8c:b3:68:
                    58:c9:e1:07:4a:ea:a8:e3:15:70:93:c9:02:b6:89:
                    c6:c1:e2:a8:b9:66:a5:0d:19:35:99:d8:6d:a1:d3:
                    7c:1f:bd:ab:26:d2:3c:06:51:3f:4f:e4:6b:6f:8e:
                    1c:29:3b:e6:b9:47:97:9d:9a:19:c2:28:ce:7a:f2:
                    3a:9b:fc:ea:4a:4f:b2:e4:a4:d2:c5:3a:c8:db:74:
                    85:86:a1:8e:80:10:ec:07:89:2e:49:75:68:c3:88:
                    90:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:9F:C9:4D:A0:6A:80:7D:79:41:B9:28:8F:16:C1:A1:C6:00:46:4F
            X509v3 Authority Key Identifier:
                keyid:F2:9A:69:95:80:18:5D:65:10:01:5E:1D:2C:A1:9E:FF:43:64:1E:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ppplYAYXWUQAV4dLKGe_0NkHtw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/e08e41-d609-41d8-86a2-8e6a295f806f/1/AJ_JTaBqgH15QbkojxbBocYARk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/e08e41-d609-41d8-86a2-8e6a295f806f/1/8ppplYAYXWUQAV4dLKGe_0NkHtw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.24.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         17:76:51:7e:54:50:e1:ae:5e:8a:a5:4d:58:60:72:4a:44:d9:
         df:69:70:b7:df:59:94:fe:cf:47:09:f0:4d:1e:3f:5f:4d:08:
         0d:62:e3:b5:d7:36:64:ca:a8:94:9c:ca:be:29:32:00:ba:b9:
         05:dc:b7:23:18:85:7d:c3:0d:8d:be:21:69:3c:9e:aa:49:c7:
         e8:a3:e0:23:2a:ec:8d:42:d3:b0:93:e5:4d:97:5c:9c:8f:c7:
         26:e1:14:d7:cc:33:5e:9d:08:60:d0:09:0d:11:4d:b7:52:af:
         e3:13:e2:8f:f7:de:e6:34:91:26:6c:b4:40:02:f2:80:fc:e8:
         94:aa:d2:73:16:7d:6b:ec:b9:d2:15:76:09:3b:39:ff:80:f2:
         77:38:5f:57:14:34:a4:b1:56:db:65:f6:bf:0c:7d:6e:73:51:
         06:cf:45:57:63:a9:db:86:fd:6c:f3:fe:f0:35:28:7a:d1:a8:
         03:8a:bb:04:42:8f:5f:fe:02:50:e1:3f:7a:36:05:11:39:a4:
         96:d2:2d:6f:67:69:5d:da:d2:98:25:f7:3d:35:fa:be:23:28:
         1c:da:0d:1f:ca:a7:4b:87:73:20:f6:dc:7a:1e:0e:e3:b8:2a:
         f8:ab:25:8a:99:73:81:4c:62:6d:c4:b7:c2:51:fc:11:16:eb:
         07:aa:43:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAmgNc8CNr5lJF+pYolA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyOWE2OTk1ODAxODVkNjUxMDAxNWUxZDJjYTE5ZWZmNDM2
NDFlZGMwHhcNMjQwMTAyMDIzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDlmYzk0ZGEwNmE4MDdkNzk0MWI5Mjg4ZjE2YzFhMWM2MDA0NjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslUzkr+woxwhXjTSdUp2xZvE+jWm
KMOfzqOTDXXlWMv07c7js9ixs0cvMWlqmLVPbPT5u6YovHKpMkPzfTM8XMWtNTlL
KYoZiwWFd+aAU6Oc1AxndbHNik1cSGx/I7NSfoyZySgJPa6uzJV0EaGvlqtvhdaM
xZUWoTc+o6qdvB2+JEqTGEzU6bTv8hbLUHEH073xW42jR1Q+xYG2hDLSuymMs2hY
yeEHSuqo4xVwk8kCtonGweKouWalDRk1mdhtodN8H72rJtI8BlE/T+Rrb44cKTvm
uUeXnZoZwijOevI6m/zqSk+y5KTSxTrI23SFhqGOgBDsB4kuSXVow4iQEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACfyU2gaoB9eUG5KI8WwaHGAEZPMB8GA1UdIwQY
MBaAFPKaaZWAGF1lEAFeHSyhnv9DZB7cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHBwcGxZQVlYV1VRQVY0ZExLR2VfME5rSHR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9lMDhlNDEtZDYwOS00MWQ4LTg2YTIt
OGU2YTI5NWY4MDZmLzEvQUpfSlRhQnFnSDE1UWJrb2p4YkJvY1lBUms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9lMDhlNDEtZDYwOS00MWQ4LTg2YTItOGU2YTI5NWY4MDZm
LzEvOHBwcGxZQVlYV1VRQVY0ZExLR2VfME5rSHR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2RggMA0G
CSqGSIb3DQEBCwUAA4IBAQAXdlF+VFDhrl6KpU1YYHJKRNnfaXC331mU/s9HCfBN
Hj9fTQgNYuO11zZkyqiUnMq+KTIAurkF3LcjGIV9ww2NviFpPJ6qScfoo+AjKuyN
QtOwk+VNl1ycj8cm4RTXzDNenQhg0AkNEU23Uq/jE+KP997mNJEmbLRAAvKA/OiU
qtJzFn1r7LnSFXYJOzn/gPJ3OF9XFDSksVbbZfa/DH1uc1EGz0VXY6nbhv1s8/7w
NSh60agDirsEQo9f/gJQ4T96NgUROaSW0i1vZ2ld2tKYJfc9Nfq+Iygc2g0fyqdL
h3Mg9tx6Hg7juCr4qyWKmXOBTGJtxLfCUfwRFusHqkO4
-----END CERTIFICATE-----