Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/ESyXldKwtms-9as-fPqZA06oJF8.roa
File:                     ESyXldKwtms-9as-fPqZA06oJF8.roa (raw, json)
Hash identifier:          ux8w7uiQ2u3yqvfbtVufiAk64n37yIym0ehvJixmaFU=
Subject key identifier:   11:2C:97:95:D2:B0:B6:6B:3E:F5:AB:3E:7C:FA:99:03:4E:A8:24:5F
Certificate issuer:       /CN=302f09f265e9b278f8073d6982ff175713a5a0fa
Certificate serial:       019427B3E407540B69D1758CF5794F0C6322
Authority key identifier: 30:2F:09:F2:65:E9:B2:78:F8:07:3D:69:82:FF:17:57:13:A5:A0:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MC8J8mXpsnj4Bz1pgv8XVxOloPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/ESyXldKwtms-9as-fPqZA06oJF8.roa
Signing time:             Thu 02 Jan 2025 15:48:08 +0000
ROA not before:           Thu 02 Jan 2025 15:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        217.25.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MC8J8mXpsnj4Bz1pgv8XVxOloPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MC8J8mXpsnj4Bz1pgv8XVxOloPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MC8J8mXpsnj4Bz1pgv8XVxOloPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:e4:07:54:0b:69:d1:75:8c:f5:79:4f:0c:63:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=302f09f265e9b278f8073d6982ff175713a5a0fa
        Validity
            Not Before: Jan  2 15:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=112c9795d2b0b66b3ef5ab3e7cfa99034ea8245f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:05:d7:ba:e3:84:80:35:41:83:1b:75:a2:60:
                    79:03:76:29:b7:2a:5d:a2:3a:3a:6d:18:23:79:fe:
                    f3:4e:49:f8:45:84:41:77:9d:37:4e:0e:c2:2e:43:
                    55:db:c8:38:07:49:89:05:57:e9:2f:10:58:a2:ca:
                    a0:6b:59:6d:15:e5:a3:95:62:6c:03:e2:af:85:33:
                    52:a8:a2:85:04:ba:2c:a1:21:c5:f6:a6:fa:33:f2:
                    bd:26:20:83:9a:90:6b:4c:eb:39:e3:aa:00:39:ab:
                    5b:fd:c5:67:7e:ad:dc:ef:86:7e:be:f5:45:54:54:
                    e8:65:d8:7a:f9:88:00:0a:59:e6:a7:08:b3:b0:8c:
                    a4:bf:ee:ff:f9:2f:e7:c5:08:5d:d6:d8:22:a8:e6:
                    47:c5:cc:52:43:e4:ff:a2:7f:e7:25:1a:1b:86:c7:
                    c7:fe:56:a4:4d:14:c4:e4:e6:38:cb:d3:71:d1:77:
                    97:8d:de:17:e2:f2:85:4d:e4:65:ec:41:18:bb:4b:
                    c5:7c:9f:cf:87:69:f2:68:e4:30:78:10:b0:31:cb:
                    0e:22:f8:40:cb:18:1c:e6:9a:69:17:bb:fa:ab:45:
                    3a:93:2b:86:d2:9c:5d:90:b0:35:f5:51:b2:a3:fb:
                    9e:79:ff:f3:d1:4b:9c:d4:87:96:ef:a2:1a:99:b0:
                    86:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:2C:97:95:D2:B0:B6:6B:3E:F5:AB:3E:7C:FA:99:03:4E:A8:24:5F
            X509v3 Authority Key Identifier:
                keyid:30:2F:09:F2:65:E9:B2:78:F8:07:3D:69:82:FF:17:57:13:A5:A0:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MC8J8mXpsnj4Bz1pgv8XVxOloPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/ESyXldKwtms-9as-fPqZA06oJF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MC8J8mXpsnj4Bz1pgv8XVxOloPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:01:54:36:f4:e0:40:fe:65:f8:ea:fd:23:d5:b7:5a:19:93:
         49:a0:62:c3:0c:53:c9:f2:38:22:70:b0:79:7d:d1:25:55:44:
         28:b6:26:74:25:78:ba:ce:24:85:da:f5:0e:29:33:9e:82:53:
         5d:3a:07:56:57:4a:bb:49:96:88:7d:2d:3c:71:97:63:ed:47:
         e2:da:5b:5b:fc:36:21:b4:d1:89:48:01:5e:e5:2e:37:db:0e:
         5e:d5:43:47:01:27:3c:9a:43:a3:d4:9b:95:a7:94:d1:0a:c5:
         61:21:23:5d:6e:13:a8:95:49:7b:59:05:cc:a4:b5:36:12:92:
         ad:59:ee:d2:a4:44:bb:ae:0b:52:f7:94:8d:f0:7d:48:95:78:
         02:67:72:91:96:59:45:c1:b2:42:55:e5:8a:b8:6a:0e:27:80:
         1a:d0:cc:9b:37:d4:b7:ed:4f:98:5a:3f:03:7f:73:a1:35:e2:
         93:1d:b4:b7:bd:83:2b:23:8c:13:e0:50:a0:40:32:fc:46:d9:
         d3:52:86:13:30:fe:7d:b6:8f:cb:d6:33:05:81:4b:fe:97:c4:
         86:48:78:5e:41:31:f6:af:ac:30:96:5e:08:f3:06:fc:1b:8d:
         6c:3e:1f:5e:a6:9f:05:1c:37:e4:9a:90:31:56:da:4d:99:13:
         e2:85:de:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns+QHVAtp0XWM9XlPDGMiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMmYwOWYyNjVlOWIyNzhmODA3M2Q2OTgyZmYxNzU3MTNh
NWEwZmEwHhcNMjUwMTAyMTU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTJjOTc5NWQyYjBiNjZiM2VmNWFiM2U3Y2ZhOTkwMzRlYTgyNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+wXXuuOEgDVBgxt1omB5A3Yptypd
ojo6bRgjef7zTkn4RYRBd503Tg7CLkNV28g4B0mJBVfpLxBYosqga1ltFeWjlWJs
A+KvhTNSqKKFBLosoSHF9qb6M/K9JiCDmpBrTOs546oAOatb/cVnfq3c74Z+vvVF
VFToZdh6+YgAClnmpwizsIykv+7/+S/nxQhd1tgiqOZHxcxSQ+T/on/nJRobhsfH
/lakTRTE5OY4y9Nx0XeXjd4X4vKFTeRl7EEYu0vFfJ/Ph2nyaOQweBCwMcsOIvhA
yxgc5pppF7v6q0U6kyuG0pxdkLA19VGyo/ueef/z0Uuc1IeW76IambCGKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEsl5XSsLZrPvWrPnz6mQNOqCRfMB8GA1UdIwQY
MBaAFDAvCfJl6bJ4+Ac9aYL/F1cTpaD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUM4SjhtWHBzbmo0QnoxcGd2OFhWeE9sb1BvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9lNzVhZDItMWUzMC00NTVlLTk3ODct
M2I1NWYyMzI3YjM0LzEvRVN5WGxkS3d0bXMtOWFzLWZQcVpBMDZvSkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9lNzVhZDItMWUzMC00NTVlLTk3ODctM2I1NWYyMzI3YjM0
LzEvTUM4SjhtWHBzbmo0QnoxcGd2OFhWeE9sb1BvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RmJMA0G
CSqGSIb3DQEBCwUAA4IBAQAKAVQ29OBA/mX46v0j1bdaGZNJoGLDDFPJ8jgicLB5
fdElVUQotiZ0JXi6ziSF2vUOKTOeglNdOgdWV0q7SZaIfS08cZdj7Ufi2ltb/DYh
tNGJSAFe5S432w5e1UNHASc8mkOj1JuVp5TRCsVhISNdbhOolUl7WQXMpLU2EpKt
We7SpES7rgtS95SN8H1IlXgCZ3KRlllFwbJCVeWKuGoOJ4Aa0MybN9S37U+YWj8D
f3OhNeKTHbS3vYMrI4wT4FCgQDL8RtnTUoYTMP59to/L1jMFgUv+l8SGSHheQTH2
r6wwll4I8wb8G41sPh9epp8FHDfkmpAxVtpNmRPihd7T
-----END CERTIFICATE-----