Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/iqaSEOeigLIZrDQc1QyjXs4sNRU.roa
File:                     iqaSEOeigLIZrDQc1QyjXs4sNRU.roa (raw, json)
Hash identifier:          kzJTfqTQcL4K92ggS9avEZ1+FRASC5upln2Kl87oRxg=
Subject key identifier:   8A:A6:92:10:E7:A2:80:B2:19:AC:34:1C:D5:0C:A3:5E:CE:2C:35:15
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01906DBDE088760F27487767FFD74775A664
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/iqaSEOeigLIZrDQc1QyjXs4sNRU.roa
Signing time:             Mon 01 Jul 2024 10:01:18 +0000
ROA not before:           Mon 01 Jul 2024 10:01:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272400
IP address blocks:        217.76.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:bd:e0:88:76:0f:27:48:77:67:ff:d7:47:75:a6:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jul  1 10:01:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8aa69210e7a280b219ac341cd50ca35ece2c3515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:51:af:d8:9c:6a:4f:7a:2f:99:d1:ac:da:7b:
                    5c:69:0d:de:25:7b:99:50:7f:d9:e3:30:c6:54:ec:
                    90:e1:f9:d7:c9:21:77:ad:06:c5:75:4a:61:6a:57:
                    f9:ea:51:d9:e8:be:87:3f:26:f0:4a:83:43:15:6f:
                    69:d7:a3:94:73:d2:87:fc:7a:42:d9:60:aa:70:53:
                    5b:9a:ba:24:7f:2d:ae:dd:9d:93:73:b8:e3:83:37:
                    2a:1e:fb:0a:24:2b:d4:68:cf:64:7f:db:2a:7c:c0:
                    19:20:b0:9f:4f:c7:9e:ae:56:42:76:cc:21:3d:94:
                    e3:a6:7a:4d:e3:de:5f:00:f8:7f:8e:27:50:ee:29:
                    66:e7:60:a6:d9:d1:90:b6:bc:cd:bb:36:c2:47:d6:
                    6f:3d:43:bd:8f:85:07:f0:c8:45:b7:7d:87:6b:14:
                    cc:d6:0a:c7:50:45:e9:50:67:eb:86:06:7a:e4:42:
                    84:5f:4b:5c:d9:e0:62:4f:63:aa:7a:fd:a0:a1:36:
                    8e:0e:ac:84:5c:db:07:7e:8b:e2:a7:f9:63:6f:00:
                    1f:9f:c7:b7:5b:5b:b6:21:84:fd:17:7a:f6:f1:80:
                    dc:6b:5f:65:6f:48:3f:63:b1:45:72:b9:5b:41:9b:
                    54:06:ab:85:02:9a:b1:85:91:59:6c:a4:31:37:ee:
                    4f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:A6:92:10:E7:A2:80:B2:19:AC:34:1C:D5:0C:A3:5E:CE:2C:35:15
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/iqaSEOeigLIZrDQc1QyjXs4sNRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:89:21:55:86:76:c6:21:f4:9d:29:e5:06:a0:0c:79:ab:bd:
         f4:26:4d:5d:c9:b5:0a:bf:86:7c:cf:af:e2:d4:ed:55:fd:60:
         41:13:97:fe:b8:a3:e6:32:db:53:d4:40:7d:c1:1e:7a:96:32:
         10:d4:65:b5:19:ec:86:35:a2:b0:ee:56:16:30:88:44:1b:f0:
         6b:ce:af:76:be:19:30:60:0c:0e:20:ef:2c:84:5f:a1:92:6d:
         43:9e:4e:a2:a0:fc:1a:9a:6b:8a:41:82:f5:70:c7:62:c9:ad:
         bc:b5:33:6a:bd:11:47:21:7b:a2:75:ea:a1:b1:bc:52:69:53:
         b3:31:23:54:88:df:97:ee:28:96:e4:c0:f7:66:7d:10:8d:f4:
         7e:a1:94:d7:35:d5:ef:20:35:4c:1c:99:53:c4:ff:15:75:6f:
         81:d8:60:ef:c2:41:9d:5b:81:90:55:e2:da:ff:a6:8d:c8:05:
         9b:6c:94:a8:69:bf:74:22:24:71:19:01:65:ca:a4:0e:e3:27:
         60:42:44:e6:34:8c:33:0a:61:d0:d6:63:be:1e:86:d0:4a:d3:
         3a:58:9f:04:ee:3e:27:c9:70:50:17:0f:3a:71:b6:56:25:32:
         42:69:7a:7d:dd:84:95:02:c0:11:d9:c3:fb:30:f7:ad:cd:54:
         dd:c1:05:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBtveCIdg8nSHdn/9dHdaZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNzAxMTAwMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWE2OTIxMGU3YTI4MGIyMTlhYzM0MWNkNTBjYTM1ZWNlMmMzNTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFGv2JxqT3ovmdGs2ntcaQ3eJXuZ
UH/Z4zDGVOyQ4fnXySF3rQbFdUphalf56lHZ6L6HPybwSoNDFW9p16OUc9KH/HpC
2WCqcFNbmrokfy2u3Z2Tc7jjgzcqHvsKJCvUaM9kf9sqfMAZILCfT8eerlZCdswh
PZTjpnpN495fAPh/jidQ7ilm52Cm2dGQtrzNuzbCR9ZvPUO9j4UH8MhFt32HaxTM
1grHUEXpUGfrhgZ65EKEX0tc2eBiT2Oqev2goTaODqyEXNsHfovip/ljbwAfn8e3
W1u2IYT9F3r28YDca19lb0g/Y7FFcrlbQZtUBquFApqxhZFZbKQxN+5PqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqmkhDnooCyGaw0HNUMo17OLDUVMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvaXFhU0VPZWlnTElackRRYzFReWpYczRzTlJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UzxMA0G
CSqGSIb3DQEBCwUAA4IBAQCDiSFVhnbGIfSdKeUGoAx5q730Jk1dybUKv4Z8z6/i
1O1V/WBBE5f+uKPmMttT1EB9wR56ljIQ1GW1GeyGNaKw7lYWMIhEG/Brzq92vhkw
YAwOIO8shF+hkm1Dnk6ioPwammuKQYL1cMdiya28tTNqvRFHIXuideqhsbxSaVOz
MSNUiN+X7iiW5MD3Zn0QjfR+oZTXNdXvIDVMHJlTxP8VdW+B2GDvwkGdW4GQVeLa
/6aNyAWbbJSoab90IiRxGQFlyqQO4ydgQkTmNIwzCmHQ1mO+HobQStM6WJ8E7j4n
yXBQFw86cbZWJTJCaXp93YSVAsAR2cP7MPetzVTdwQXO
-----END CERTIFICATE-----