Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ahKaJY24MrbAF2Iwg9OEoO51UcI.roa
File:                     ahKaJY24MrbAF2Iwg9OEoO51UcI.roa (raw, json)
Hash identifier:          nkVo8zy5r/qaWUrTnqzVuD+sHcOLo/TQ79luifvGy1A=
Subject key identifier:   6A:12:9A:25:8D:B8:32:B6:C0:17:62:30:83:D3:84:A0:EE:75:51:C2
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01919A08062A460FE4BC2596E284094CBB7E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ahKaJY24MrbAF2Iwg9OEoO51UcI.roa
Signing time:             Wed 28 Aug 2024 17:28:22 +0000
ROA not before:           Wed 28 Aug 2024 17:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273853
IP address blocks:        217.76.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9a:08:06:2a:46:0f:e4:bc:25:96:e2:84:09:4c:bb:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Aug 28 17:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a129a258db832b6c017623083d384a0ee7551c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d1:c7:c4:4e:f9:88:d4:ca:cd:dc:13:76:35:
                    4b:b6:29:65:89:11:41:0e:f6:9b:cf:ad:35:41:c1:
                    f0:d6:30:45:4e:c6:95:d0:46:e6:dd:a1:38:58:76:
                    69:d4:1e:05:49:1b:d2:64:1a:f2:54:25:b8:8c:00:
                    4e:60:a8:68:93:50:51:78:50:12:0a:ca:d5:bb:53:
                    c4:18:3f:7e:99:77:84:e2:68:43:b7:06:e8:88:46:
                    4c:91:7a:7b:76:15:23:c0:d5:63:0e:24:f3:b8:e9:
                    1d:71:24:a2:69:38:05:a5:a9:4e:7a:3c:eb:e1:d5:
                    b9:7b:a6:17:33:16:ab:0a:72:52:27:05:40:21:32:
                    05:d9:aa:ee:e3:19:b9:a6:a8:4d:a5:c5:9d:70:50:
                    15:30:13:7c:d2:96:4e:01:bf:49:1e:c5:b1:26:72:
                    e9:98:d9:a1:8d:e7:07:9f:70:0e:da:97:02:bf:a5:
                    c3:09:fd:06:b1:b7:ec:59:4d:33:3d:8d:c5:27:db:
                    77:46:0c:de:ad:7e:d3:20:f5:67:53:c3:fa:b5:5b:
                    7d:87:45:1b:72:46:7e:2b:a6:1e:65:3a:f5:01:6f:
                    d2:d9:37:b0:6d:8d:4c:34:76:9f:44:cc:75:9b:eb:
                    ee:40:d8:e3:a4:4a:7c:70:b5:d0:68:75:39:a8:b1:
                    c0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:12:9A:25:8D:B8:32:B6:C0:17:62:30:83:D3:84:A0:EE:75:51:C2
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ahKaJY24MrbAF2Iwg9OEoO51UcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:4d:57:93:24:5d:32:b7:63:1a:78:2d:12:d3:92:45:00:9e:
         09:83:8b:61:5d:41:7c:2a:c2:70:66:f1:3a:ab:21:6f:f0:2d:
         dc:7f:69:4c:1b:81:1d:63:af:00:4e:64:6c:51:39:aa:92:cd:
         c0:34:05:5d:fb:3c:e7:b4:02:83:fd:32:eb:64:b3:2b:12:cc:
         c5:4f:22:b7:6a:c4:6f:d1:a7:02:d2:e3:97:8e:dd:02:f1:71:
         e3:a4:b7:2f:62:de:a9:81:e3:8d:62:ec:b2:71:4b:b0:c4:9c:
         9f:4d:06:e8:44:c2:61:fd:59:1d:7e:f1:d1:a1:d0:6b:20:e5:
         e5:1d:f8:ed:8f:23:f2:2d:2c:e9:68:f4:92:1b:56:1d:c9:77:
         d5:29:af:0d:8e:99:87:77:d7:32:45:08:ac:79:86:94:83:36:
         fa:c6:1e:f3:a5:c4:ae:69:8e:6e:88:e0:8c:e4:db:16:95:b7:
         f4:70:ad:c3:b9:e5:23:f1:88:b8:d0:77:ee:58:67:fc:4f:6b:
         d5:8d:e8:dd:02:eb:2b:82:2a:5b:86:46:29:23:a1:7c:5a:30:
         5a:44:e4:bf:b4:b4:77:c9:65:3d:ff:77:f3:69:b7:34:cf:b4:
         e4:40:d7:9d:c5:92:1f:e9:cc:ea:7c:f4:ae:c7:15:ee:a5:1a:
         83:ea:fa:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGaCAYqRg/kvCWW4oQJTLt+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwODI4MTcyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTEyOWEyNThkYjgzMmI2YzAxNzYyMzA4M2QzODRhMGVlNzU1MWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytHHxE75iNTKzdwTdjVLtilliRFB
Dvabz601QcHw1jBFTsaV0Ebm3aE4WHZp1B4FSRvSZBryVCW4jABOYKhok1BReFAS
CsrVu1PEGD9+mXeE4mhDtwboiEZMkXp7dhUjwNVjDiTzuOkdcSSiaTgFpalOejzr
4dW5e6YXMxarCnJSJwVAITIF2aru4xm5pqhNpcWdcFAVMBN80pZOAb9JHsWxJnLp
mNmhjecHn3AO2pcCv6XDCf0GsbfsWU0zPY3FJ9t3RgzerX7TIPVnU8P6tVt9h0Ub
ckZ+K6YeZTr1AW/S2TewbY1MNHafRMx1m+vuQNjjpEp8cLXQaHU5qLHADQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoSmiWNuDK2wBdiMIPThKDudVHCMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvYWhLYUpZMjRNcmJBRjJJd2c5T0VvTzUxVWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Uz0MA0G
CSqGSIb3DQEBCwUAA4IBAQAaTVeTJF0yt2MaeC0S05JFAJ4Jg4thXUF8KsJwZvE6
qyFv8C3cf2lMG4EdY68ATmRsUTmqks3ANAVd+zzntAKD/TLrZLMrEszFTyK3asRv
0acC0uOXjt0C8XHjpLcvYt6pgeONYuyycUuwxJyfTQboRMJh/VkdfvHRodBrIOXl
HfjtjyPyLSzpaPSSG1YdyXfVKa8NjpmHd9cyRQiseYaUgzb6xh7zpcSuaY5uiOCM
5NsWlbf0cK3DueUj8Yi40HfuWGf8T2vVjejdAusrgipbhkYpI6F8WjBaROS/tLR3
yWU9/3fzabc0z7TkQNedxZIf6czqfPSuxxXupRqD6vrI
-----END CERTIFICATE-----