Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ROK6WHOOxvuU1mRxzJmJw3SzRQY.roa
File:                     ROK6WHOOxvuU1mRxzJmJw3SzRQY.roa (raw, json)
Hash identifier:          Xij+PlzbPZLQkM2cOJKRF5YNZctAK6IjrEGXQCWXcRs=
Subject key identifier:   44:E2:BA:58:73:8E:C6:FB:94:D6:64:71:CC:99:89:C3:74:B3:45:06
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019036874AE3553FEDF6BB43C5B5CF22BA80
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ROK6WHOOxvuU1mRxzJmJw3SzRQY.roa
Signing time:             Thu 20 Jun 2024 16:42:34 +0000
ROA not before:           Thu 20 Jun 2024 16:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216135
IP address blocks:        217.76.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:36:87:4a:e3:55:3f:ed:f6:bb:43:c5:b5:cf:22:ba:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jun 20 16:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44e2ba58738ec6fb94d66471cc9989c374b34506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:76:ca:68:30:63:ce:ae:40:c8:15:69:3e:cb:
                    fd:1b:1d:80:c3:ee:25:d2:84:b7:d3:a4:7a:00:cc:
                    c0:2d:b1:6c:20:76:30:23:70:15:83:2c:07:39:df:
                    44:72:e0:f2:31:aa:2a:97:b4:04:fe:50:77:2b:14:
                    98:ec:44:7f:e7:fd:0b:15:b5:b6:4f:c0:af:60:6a:
                    60:56:1d:31:f0:c9:4d:47:5e:00:5c:b7:e9:28:aa:
                    5c:a1:75:9e:73:16:a8:22:d6:83:c4:8e:70:8b:33:
                    2f:f1:37:78:96:6e:67:6b:5b:93:8c:09:72:2b:fd:
                    e0:b8:ba:1b:8d:9b:c0:55:0b:61:c7:b9:1a:ed:70:
                    2e:77:91:65:1b:ee:9e:fa:cf:0d:ce:fd:a0:17:47:
                    10:57:ec:b6:f1:b0:ca:21:a9:52:37:75:1f:d1:83:
                    03:9a:98:ae:e9:66:e6:97:1a:3a:d5:ce:e5:ed:45:
                    81:2c:4c:a9:83:28:6a:c5:ef:64:8e:91:27:bb:b7:
                    dd:d8:87:8c:3f:eb:50:f4:12:11:2e:59:c3:99:c5:
                    d5:b5:97:2a:bc:9b:bf:77:22:66:ee:50:23:dd:38:
                    04:46:b9:cc:6a:ed:c4:66:ed:db:b9:8b:82:63:38:
                    b1:0b:70:3d:3d:06:43:29:63:5f:33:be:5b:9b:32:
                    d0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:E2:BA:58:73:8E:C6:FB:94:D6:64:71:CC:99:89:C3:74:B3:45:06
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ROK6WHOOxvuU1mRxzJmJw3SzRQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:f1:1c:73:cc:56:71:12:70:7a:cd:18:ff:c9:7f:85:26:03:
         61:70:46:88:e4:4b:97:d4:b1:b8:57:60:0b:e1:c2:79:59:2e:
         05:42:ba:3a:4d:39:33:d4:70:1e:58:ec:c2:88:01:1d:b6:e4:
         0e:fb:b7:a7:e8:25:26:09:79:57:ce:21:f4:c6:d7:15:2f:25:
         2a:e6:ce:f0:c3:46:4d:0f:9f:23:e8:21:5d:08:7d:8a:78:2e:
         2f:a1:cf:1b:f7:9b:67:f5:55:06:bc:ee:4c:a4:82:9d:a5:bf:
         72:c2:24:e8:58:a1:55:28:4e:2e:1a:8d:09:8c:f7:3c:f8:fc:
         bf:43:81:c9:18:62:44:ef:e3:14:4c:a9:4f:76:28:b9:b8:8d:
         eb:c4:c2:67:11:14:ca:67:96:62:5f:4c:5a:a0:17:a9:0b:37:
         9b:39:c3:54:0f:b1:e6:ae:83:b5:f7:c8:81:63:28:78:93:c6:
         cf:0f:fe:d4:d9:97:7c:57:6e:5d:29:9c:17:68:ae:6a:81:2e:
         73:6a:08:2e:e7:52:fa:03:a4:26:6d:78:58:39:64:0c:c4:f0:
         20:30:bc:15:2b:4f:7b:75:a6:57:d5:ee:3b:5e:ca:9d:53:64:
         89:94:00:70:aa:19:c7:51:ec:89:77:b5:13:ee:f1:12:f6:5c:
         fe:21:42:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA2h0rjVT/t9rtDxbXPIrqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNjIwMTY0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGUyYmE1ODczOGVjNmZiOTRkNjY0NzFjYzk5ODljMzc0YjM0NTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XbKaDBjzq5AyBVpPsv9Gx2Aw+4l
0oS306R6AMzALbFsIHYwI3AVgywHOd9EcuDyMaoql7QE/lB3KxSY7ER/5/0LFbW2
T8CvYGpgVh0x8MlNR14AXLfpKKpcoXWecxaoItaDxI5wizMv8Td4lm5na1uTjAly
K/3guLobjZvAVQthx7ka7XAud5FlG+6e+s8Nzv2gF0cQV+y28bDKIalSN3Uf0YMD
mpiu6Wbmlxo61c7l7UWBLEypgyhqxe9kjpEnu7fd2IeMP+tQ9BIRLlnDmcXVtZcq
vJu/dyJm7lAj3TgERrnMau3EZu3buYuCYzixC3A9PQZDKWNfM75bmzLQwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETiulhzjsb7lNZkccyZicN0s0UGMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvUk9LNldIT094dnVVMW1SeHpKbUp3M1N6UlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Uz/MA0G
CSqGSIb3DQEBCwUAA4IBAQDI8RxzzFZxEnB6zRj/yX+FJgNhcEaI5EuX1LG4V2AL
4cJ5WS4FQro6TTkz1HAeWOzCiAEdtuQO+7en6CUmCXlXziH0xtcVLyUq5s7ww0ZN
D58j6CFdCH2KeC4voc8b95tn9VUGvO5MpIKdpb9ywiToWKFVKE4uGo0JjPc8+Py/
Q4HJGGJE7+MUTKlPdii5uI3rxMJnERTKZ5ZiX0xaoBepCzebOcNUD7HmroO198iB
Yyh4k8bPD/7U2Zd8V25dKZwXaK5qgS5zaggu51L6A6QmbXhYOWQMxPAgMLwVK097
daZX1e47XsqdU2SJlABwqhnHUeyJd7UT7vES9lz+IUK+
-----END CERTIFICATE-----