Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/TVFn8SEC2xk2K9kTba56N04TXws.roa
File:                     TVFn8SEC2xk2K9kTba56N04TXws.roa (raw, json)
Hash identifier:          bEjcW9v0b6AFyRx1s5DtJswmBb7q38sD7gnKfblja1c=
Subject key identifier:   4D:51:67:F1:21:02:DB:19:36:2B:D9:13:6D:AE:7A:37:4E:13:5F:0B
Certificate issuer:       /CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
Certificate serial:       019424453DB81FE9354355A580AA4AD1CED9
Authority key identifier: 17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/TVFn8SEC2xk2K9kTba56N04TXws.roa
Signing time:             Wed 01 Jan 2025 23:48:24 +0000
ROA not before:           Wed 01 Jan 2025 23:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42000
IP address blocks:        217.11.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:3d:b8:1f:e9:35:43:55:a5:80:aa:4a:d1:ce:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
        Validity
            Not Before: Jan  1 23:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d5167f12102db19362bd9136dae7a374e135f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:09:26:00:f0:2b:51:a1:55:be:e4:ea:40:9a:
                    0b:74:ae:37:4e:ef:ba:69:01:85:9d:3c:0d:b4:d7:
                    c4:b5:45:75:df:5c:d8:15:3b:41:89:e5:56:e1:81:
                    2e:dd:65:be:fe:45:28:d7:7c:c9:48:b5:d5:79:5c:
                    e0:c5:5e:d8:5a:69:55:34:43:71:62:65:7b:a8:f2:
                    ba:4e:9d:a3:f0:2c:f0:3b:5f:fe:8b:be:e1:88:0e:
                    9b:3e:fb:65:79:52:80:09:64:e2:e7:cf:02:3f:d5:
                    51:8c:8b:fa:4a:18:85:c3:31:bc:a9:a2:3c:dd:4a:
                    64:a6:7c:47:0e:db:78:54:84:ee:81:9b:5e:3f:68:
                    07:e6:a0:e4:9e:63:44:4a:5f:27:9f:64:1f:a0:e7:
                    77:5f:93:c9:65:3f:d5:1f:1a:cd:c3:55:0a:6a:7e:
                    31:12:87:c4:c1:50:8e:68:b1:04:44:b1:21:e7:a5:
                    9b:3e:96:05:47:d3:ab:af:ab:a3:09:ca:74:44:bd:
                    bb:69:26:e8:53:37:84:fa:a0:a2:f0:f2:2f:b3:19:
                    b1:86:0a:ed:89:91:fe:ec:ad:68:d7:ee:64:3c:07:
                    bd:0e:e9:84:8a:d7:1e:a2:24:19:76:d1:90:34:74:
                    c2:91:02:b5:aa:2e:ca:ce:da:1a:56:ac:64:9e:88:
                    23:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:51:67:F1:21:02:DB:19:36:2B:D9:13:6D:AE:7A:37:4E:13:5F:0B
            X509v3 Authority Key Identifier:
                keyid:17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/TVFn8SEC2xk2K9kTba56N04TXws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.11.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:3f:88:ed:55:b0:f1:bb:74:40:47:28:3c:dc:01:65:44:10:
         1f:57:7e:b0:a9:4d:99:43:1b:8e:ca:39:1a:47:35:7b:2a:bf:
         00:7f:ff:78:b9:54:3b:d6:49:e8:69:cc:18:60:f9:41:02:e9:
         4b:a9:3d:37:d8:17:cd:f9:e6:63:9f:4f:d0:ab:02:32:b8:27:
         66:a2:d2:b1:ba:cb:ea:14:3f:aa:67:ff:3d:75:77:41:b0:ab:
         9f:9a:a9:24:4d:ce:7e:44:5f:47:bf:ab:e8:4f:c8:b6:b4:f9:
         04:3c:ec:38:7d:28:0e:fd:d5:46:66:20:0b:09:de:8d:cc:db:
         44:06:21:47:1c:0d:10:ca:cb:a4:f0:4d:20:db:f5:12:b2:aa:
         a0:dd:92:00:ca:cc:d0:a1:2c:3a:2e:b1:59:1d:dd:9b:43:b8:
         8b:d0:a1:58:d0:d0:55:b8:82:02:ec:05:2b:f6:59:80:53:a0:
         76:7d:e9:31:4f:f9:df:e1:05:48:a4:7e:52:0f:0c:3a:71:5d:
         1a:8b:09:df:a8:63:ff:0c:3c:0b:b6:9e:08:6e:f1:25:79:aa:
         1e:9b:ba:b8:60:8e:bb:a1:cf:c7:3e:d7:66:b0:47:df:2b:e9:
         9c:db:97:fa:b2:a5:bf:e5:11:76:9c:ed:e7:fc:15:e1:0f:06:
         43:e5:1e:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRT24H+k1Q1WlgKpK0c7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDg0N2Y4NjY3ZDUyZmEyY2Y5Y2Y5YWZjYzQzYTA3OTE1
NTc1Y2EwHhcNMjUwMTAxMjM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDUxNjdmMTIxMDJkYjE5MzYyYmQ5MTM2ZGFlN2EzNzRlMTM1ZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gkmAPArUaFVvuTqQJoLdK43Tu+6
aQGFnTwNtNfEtUV131zYFTtBieVW4YEu3WW+/kUo13zJSLXVeVzgxV7YWmlVNENx
YmV7qPK6Tp2j8CzwO1/+i77hiA6bPvtleVKACWTi588CP9VRjIv6ShiFwzG8qaI8
3UpkpnxHDtt4VITugZteP2gH5qDknmNESl8nn2QfoOd3X5PJZT/VHxrNw1UKan4x
EofEwVCOaLEERLEh56WbPpYFR9Orr6ujCcp0RL27aSboUzeE+qCi8PIvsxmxhgrt
iZH+7K1o1+5kPAe9DumEitceoiQZdtGQNHTCkQK1qi7KztoaVqxknogjWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1RZ/EhAtsZNivZE22uejdOE18LMB8GA1UdIwQY
MBaAFBdIR/hmfVL6LPnPmvzEOgeRVXXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2Ut
MTQ1NGZmZTYxODJjLzEvVFZGbjhTRUMyeGsySzlrVGJhNTZOMDRUWHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2UtMTQ1NGZmZTYxODJj
LzEvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Qv1MA0G
CSqGSIb3DQEBCwUAA4IBAQAmP4jtVbDxu3RARyg83AFlRBAfV36wqU2ZQxuOyjka
RzV7Kr8Af/94uVQ71knoacwYYPlBAulLqT032BfN+eZjn0/QqwIyuCdmotKxusvq
FD+qZ/89dXdBsKufmqkkTc5+RF9Hv6voT8i2tPkEPOw4fSgO/dVGZiALCd6NzNtE
BiFHHA0Qysuk8E0g2/USsqqg3ZIAyszQoSw6LrFZHd2bQ7iL0KFY0NBVuIIC7AUr
9lmAU6B2fekxT/nf4QVIpH5SDww6cV0aiwnfqGP/DDwLtp4IbvEleaoem7q4YI67
oc/HPtdmsEffK+mc25f6sqW/5RF2nO3n/BXhDwZD5R5s
-----END CERTIFICATE-----