Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/TDENfbCQc1e2jsXb36WH3ZHMPeE.roa
File:                     TDENfbCQc1e2jsXb36WH3ZHMPeE.roa (raw, json)
Hash identifier:          NzqI5XAfVeOZqRpSUShDi2gMsGCBkM/lsKDpJfnz4Po=
Subject key identifier:   4C:31:0D:7D:B0:90:73:57:B6:8E:C5:DB:DF:A5:87:DD:91:CC:3D:E1
Certificate issuer:       /CN=ab1c800aa1b78a17a43e19fd9938355d0411e94a
Certificate serial:       018CC500435BB7085F7F7AC0BDEE22EEDB7A
Authority key identifier: AB:1C:80:0A:A1:B7:8A:17:A4:3E:19:FD:99:38:35:5D:04:11:E9:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qxyACqG3ihekPhn9mTg1XQQR6Uo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/TDENfbCQc1e2jsXb36WH3ZHMPeE.roa
Signing time:             Mon 01 Jan 2024 12:29:37 +0000
ROA not before:           Mon 01 Jan 2024 12:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25584
IP address blocks:        217.173.205.0/24 maxlen: 24
                          2a04:9444::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/qxyACqG3ihekPhn9mTg1XQQR6Uo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/qxyACqG3ihekPhn9mTg1XQQR6Uo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qxyACqG3ihekPhn9mTg1XQQR6Uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:43:5b:b7:08:5f:7f:7a:c0:bd:ee:22:ee:db:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1c800aa1b78a17a43e19fd9938355d0411e94a
        Validity
            Not Before: Jan  1 12:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c310d7db0907357b68ec5dbdfa587dd91cc3de1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:78:97:97:02:7e:25:70:38:76:ec:01:0e:b8:
                    30:ba:ff:7c:c0:6b:51:90:47:cb:00:c7:68:c2:c9:
                    e4:a5:69:21:3f:34:98:1c:f1:60:ae:20:79:d9:6c:
                    aa:c2:5a:d9:3f:ec:02:02:13:b4:26:95:29:17:f1:
                    52:df:21:22:00:d0:f4:a9:5f:fa:e8:70:f5:de:b4:
                    d5:41:1b:ae:cd:30:a7:99:4c:0f:06:f2:5b:ca:1e:
                    19:9b:b5:bc:e7:05:07:62:63:a6:27:46:40:fc:15:
                    ad:9d:bd:11:99:89:23:e6:f2:f7:8b:fe:10:41:fe:
                    91:7b:2d:ec:18:5a:2d:1e:33:c6:aa:df:96:5c:56:
                    f0:34:38:be:9d:9c:96:bf:31:de:6f:c8:8a:eb:e4:
                    cf:3b:23:74:c0:65:dd:4d:ed:a2:c1:f6:bf:a2:87:
                    89:47:b7:59:5b:72:5d:cb:87:cc:84:69:4c:d1:9c:
                    ee:4c:1b:9a:18:23:9b:02:22:38:7a:12:ab:d0:87:
                    97:f1:38:12:ab:02:39:aa:e4:58:5b:9c:6e:91:9d:
                    e4:da:4f:0c:da:a4:82:08:4a:f8:11:8b:5c:b3:07:
                    cc:5d:f8:7c:ee:08:b0:30:04:2b:71:b7:a4:0d:1f:
                    e4:48:36:76:14:65:85:23:f8:01:34:c1:b2:b1:ab:
                    e3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:31:0D:7D:B0:90:73:57:B6:8E:C5:DB:DF:A5:87:DD:91:CC:3D:E1
            X509v3 Authority Key Identifier:
                keyid:AB:1C:80:0A:A1:B7:8A:17:A4:3E:19:FD:99:38:35:5D:04:11:E9:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qxyACqG3ihekPhn9mTg1XQQR6Uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/TDENfbCQc1e2jsXb36WH3ZHMPeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/qxyACqG3ihekPhn9mTg1XQQR6Uo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.173.205.0/24
                IPv6:
                  2a04:9444::/30

    Signature Algorithm: sha256WithRSAEncryption
         67:43:be:e7:2b:8f:53:fc:11:b6:dc:6c:47:c3:37:6f:67:93:
         f9:cf:12:79:e9:74:13:bb:79:d8:85:ef:ed:19:80:00:e7:34:
         8e:46:94:50:f1:1f:ad:57:72:8f:b4:6f:2c:fb:ce:33:c3:00:
         06:92:d1:cb:0c:2e:0d:c3:cb:b2:3f:4e:50:5e:e1:d6:38:4a:
         dd:c3:9d:34:60:47:b9:fd:6d:11:ab:4b:8a:52:74:fd:93:56:
         66:c5:8f:aa:58:ba:4c:60:35:c1:7a:27:1c:a7:88:49:08:c8:
         83:0b:fa:d6:14:d8:67:ef:c0:4c:9f:4d:fa:4d:6e:42:0e:ae:
         7e:7c:57:ee:a4:6e:43:4f:dc:77:7a:f2:b8:e4:81:30:ba:46:
         4e:1f:fc:dc:ee:48:7b:ab:4a:df:b0:b0:7f:89:d6:d7:06:5e:
         60:18:34:71:e6:c9:b1:ff:cc:e0:54:a2:fd:98:54:18:4c:25:
         42:ca:57:df:29:02:e3:94:a6:d4:b2:d0:0c:70:2d:85:6b:00:
         51:ed:78:cc:c8:86:46:65:af:dd:21:51:7d:83:99:58:23:26:
         d1:2e:89:ed:16:ca:70:7f:a9:b9:b4:48:36:8d:67:0c:01:69:
         3f:65:c2:11:cb:70:b1:a3:bf:96:7c:3d:9d:fb:d7:91:5a:e5:
         b5:7a:9e:af
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAENbtwhff3rAve4i7tt6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWM4MDBhYTFiNzhhMTdhNDNlMTlmZDk5MzgzNTVkMDQx
MWU5NGEwHhcNMjQwMTAxMTIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzMxMGQ3ZGIwOTA3MzU3YjY4ZWM1ZGJkZmE1ODdkZDkxY2MzZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHiXlwJ+JXA4duwBDrgwuv98wGtR
kEfLAMdowsnkpWkhPzSYHPFgriB52WyqwlrZP+wCAhO0JpUpF/FS3yEiAND0qV/6
6HD13rTVQRuuzTCnmUwPBvJbyh4Zm7W85wUHYmOmJ0ZA/BWtnb0RmYkj5vL3i/4Q
Qf6Rey3sGFotHjPGqt+WXFbwNDi+nZyWvzHeb8iK6+TPOyN0wGXdTe2iwfa/ooeJ
R7dZW3Jdy4fMhGlM0ZzuTBuaGCObAiI4ehKr0IeX8TgSqwI5quRYW5xukZ3k2k8M
2qSCCEr4EYtcswfMXfh87giwMAQrcbekDR/kSDZ2FGWFI/gBNMGysavjKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEwxDX2wkHNXto7F29+lh92RzD3hMB8GA1UdIwQY
MBaAFKscgAqht4oXpD4Z/Zk4NV0EEelKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXh5QUNxRzNpaGVrUGhuOW1UZzFYUVFSNlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8xYjFjYTAtYmJmMi00NDE5LThhMGMt
NTBjYmNiNWIxOWMyLzEvVERFTmZiQ1FjMWUyanNYYjM2V0gzWkhNUGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8xYjFjYTAtYmJmMi00NDE5LThhMGMtNTBjYmNiNWIxOWMy
LzEvcXh5QUNxRzNpaGVrUGhuOW1UZzFYUVFSNlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2a3NMA0E
AgACMAcDBQIqBJREMA0GCSqGSIb3DQEBCwUAA4IBAQBnQ77nK49T/BG23GxHwzdv
Z5P5zxJ56XQTu3nYhe/tGYAA5zSORpRQ8R+tV3KPtG8s+84zwwAGktHLDC4Nw8uy
P05QXuHWOErdw500YEe5/W0Rq0uKUnT9k1ZmxY+qWLpMYDXBeiccp4hJCMiDC/rW
FNhn78BMn036TW5CDq5+fFfupG5DT9x3evK45IEwukZOH/zc7kh7q0rfsLB/idbX
Bl5gGDRx5smx/8zgVKL9mFQYTCVCylffKQLjlKbUstAMcC2FawBR7XjMyIZGZa/d
IVF9g5lYIybRLontFspwf6m5tEg2jWcMAWk/ZcIRy3Cxo7+WfD2d+9eRWuW1ep6v
-----END CERTIFICATE-----