Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/1-ZJlgkxDMWaTRULmdnxbeo5MsjM.roa
File:                     1-ZJlgkxDMWaTRULmdnxbeo5MsjM.roa (raw, json)
Hash identifier:          3byNkrl5gtNzimAEd05NJy+p9rNvQB8RXgsnXrS1tQM=
Subject key identifier:   F9:92:65:82:4C:43:31:66:93:45:42:E6:76:7C:5B:7A:8E:4C:B2:33
Certificate issuer:       /CN=302f09f265e9b278f8073d6982ff175713a5a0fa
Certificate serial:       019077AE4A3E5E35D5C134EE615EBA234E1C
Authority key identifier: 30:2F:09:F2:65:E9:B2:78:F8:07:3D:69:82:FF:17:57:13:A5:A0:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MC8J8mXpsnj4Bz1pgv8XVxOloPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/1-ZJlgkxDMWaTRULmdnxbeo5MsjM.roa
Signing time:             Wed 03 Jul 2024 08:20:29 +0000
ROA not before:           Wed 03 Jul 2024 08:20:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        217.25.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MC8J8mXpsnj4Bz1pgv8XVxOloPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MC8J8mXpsnj4Bz1pgv8XVxOloPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MC8J8mXpsnj4Bz1pgv8XVxOloPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:77:ae:4a:3e:5e:35:d5:c1:34:ee:61:5e:ba:23:4e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=302f09f265e9b278f8073d6982ff175713a5a0fa
        Validity
            Not Before: Jul  3 08:20:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f99265824c433166934542e6767c5b7a8e4cb233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e7:4f:5c:28:3a:af:b3:df:06:dc:fb:12:95:
                    3e:72:03:1d:73:f1:f3:f9:cf:9e:df:17:e2:7c:f9:
                    b5:40:39:56:7f:2d:72:db:9a:66:bf:ab:0c:e4:b9:
                    a2:79:1c:42:00:2e:78:98:a2:f2:e5:23:46:68:43:
                    e7:41:cd:b1:87:a4:a1:5c:1c:8f:de:05:63:e0:ac:
                    4b:eb:9f:5b:88:33:59:2e:fd:9e:4b:8c:de:44:76:
                    f1:38:65:55:1a:c0:97:aa:57:00:fd:89:5a:64:40:
                    a4:7d:3e:4c:00:ce:e0:07:52:af:7b:cd:02:3a:0d:
                    09:83:b0:ef:db:1f:89:df:81:e9:60:f4:86:3b:28:
                    b8:e3:c6:d9:31:89:f1:1d:6a:bc:c0:d8:b1:c9:81:
                    9d:6f:e3:6c:16:dc:2b:a6:cd:8c:76:eb:c8:6c:bc:
                    94:71:ca:cb:eb:7f:7c:30:93:2f:df:00:88:24:0d:
                    b1:4b:aa:03:79:fb:3c:ab:82:0b:22:ec:55:7c:98:
                    b8:80:f6:9d:d1:dd:b2:59:1c:62:a5:fb:39:6f:4b:
                    08:22:9f:ad:e9:18:38:ed:29:3f:63:24:28:b8:fa:
                    42:df:62:61:be:c6:97:f9:66:ee:94:51:1e:33:7c:
                    b7:12:c7:d3:85:3e:fa:84:28:d4:bb:bd:cc:6a:de:
                    2f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:92:65:82:4C:43:31:66:93:45:42:E6:76:7C:5B:7A:8E:4C:B2:33
            X509v3 Authority Key Identifier:
                keyid:30:2F:09:F2:65:E9:B2:78:F8:07:3D:69:82:FF:17:57:13:A5:A0:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MC8J8mXpsnj4Bz1pgv8XVxOloPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/1-ZJlgkxDMWaTRULmdnxbeo5MsjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MC8J8mXpsnj4Bz1pgv8XVxOloPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:c7:de:5b:3e:18:6f:09:e2:f1:94:63:10:bb:82:6f:fe:e7:
         92:12:c7:7d:e8:43:6e:56:07:f9:f8:ba:a5:c7:cf:f7:3b:30:
         91:e0:25:e2:32:a4:69:78:e5:95:d7:05:ef:7b:ad:c5:2d:e9:
         18:84:11:c1:d6:5c:a4:96:0e:7c:1c:93:a3:c0:aa:97:37:e3:
         88:16:eb:95:2d:20:56:b5:c0:d4:7a:67:40:2b:48:cc:5e:ba:
         26:97:5e:dd:0c:14:5c:ac:0d:e2:a1:4a:cb:e3:07:9d:7d:68:
         55:32:d9:16:96:47:58:88:6a:46:fe:f8:ef:d9:b1:59:c2:00:
         f2:29:f9:ff:fe:cf:41:06:07:42:df:fa:f4:83:af:62:ea:89:
         4d:71:67:7f:24:b8:61:06:a5:a5:2f:90:34:5d:ae:a1:9d:d9:
         58:bf:68:08:98:67:45:33:6d:7d:57:7b:fb:a5:35:94:23:7c:
         a8:03:65:7c:0b:62:2b:c2:97:7f:13:07:34:7b:e0:f0:0c:a5:
         c0:e1:8f:71:45:2b:da:c0:b9:b1:2f:a5:f2:eb:96:69:d0:e3:
         0d:ca:12:f8:4a:80:eb:7d:ec:61:38:81:85:9e:f1:73:ef:58:
         31:b3:70:12:3d:1a:12:e2:ce:67:0f:18:3b:be:3d:ff:f6:1a:
         b9:eb:33:3d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZB3rko+XjXVwTTuYV66I04cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMmYwOWYyNjVlOWIyNzhmODA3M2Q2OTgyZmYxNzU3MTNh
NWEwZmEwHhcNMjQwNzAzMDgyMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTkyNjU4MjRjNDMzMTY2OTM0NTQyZTY3NjdjNWI3YThlNGNiMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOdPXCg6r7PfBtz7EpU+cgMdc/Hz
+c+e3xfifPm1QDlWfy1y25pmv6sM5LmieRxCAC54mKLy5SNGaEPnQc2xh6ShXByP
3gVj4KxL659biDNZLv2eS4zeRHbxOGVVGsCXqlcA/YlaZECkfT5MAM7gB1Kve80C
Og0Jg7Dv2x+J34HpYPSGOyi448bZMYnxHWq8wNixyYGdb+NsFtwrps2MduvIbLyU
ccrL6398MJMv3wCIJA2xS6oDefs8q4ILIuxVfJi4gPad0d2yWRxipfs5b0sIIp+t
6Rg47Sk/YyQouPpC32JhvsaX+WbulFEeM3y3EsfThT76hCjUu73Mat4vBwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmSZYJMQzFmk0VC5nZ8W3qOTLIzMB8GA1UdIwQY
MBaAFDAvCfJl6bJ4+Ac9aYL/F1cTpaD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUM4SjhtWHBzbmo0QnoxcGd2OFhWeE9sb1BvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9lNzVhZDItMWUzMC00NTVlLTk3ODct
M2I1NWYyMzI3YjM0LzEvMS1aSmxna3hETVdhVFJVTG1kbnhiZW81TXNqTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjUvZTc1YWQyLTFlMzAtNDU1ZS05Nzg3LTNiNTVmMjMyN2Iz
NC8xL01DOEo4bVhwc25qNEJ6MXBndjhYVnhPbG9Qby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZiTAN
BgkqhkiG9w0BAQsFAAOCAQEAosfeWz4Ybwni8ZRjELuCb/7nkhLHfehDblYH+fi6
pcfP9zswkeAl4jKkaXjlldcF73utxS3pGIQRwdZcpJYOfByTo8CqlzfjiBbrlS0g
VrXA1HpnQCtIzF66Jpde3QwUXKwN4qFKy+MHnX1oVTLZFpZHWIhqRv7479mxWcIA
8in5//7PQQYHQt/69IOvYuqJTXFnfyS4YQalpS+QNF2uoZ3ZWL9oCJhnRTNtfVd7
+6U1lCN8qANlfAtiK8KXfxMHNHvg8AylwOGPcUUr2sC5sS+l8uuWadDjDcoS+EqA
633sYTiBhZ7xc+9YMbNwEj0aEuLOZw8YO749//YaueszPQ==
-----END CERTIFICATE-----