Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/IEgLQasIvxFgpbs3nHHDTsw_UsY.roa
File:                     IEgLQasIvxFgpbs3nHHDTsw_UsY.roa (raw, json)
Hash identifier:          gFy6uf5fLDb8up3vJkiCcsZAC9FEQ+3Nx4++GBLSHUM=
Subject key identifier:   20:48:0B:41:AB:08:BF:11:60:A5:BB:37:9C:71:C3:4E:CC:3F:52:C6
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       01931AA50109E3ED31F0AB2F8E57AB66C935
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/IEgLQasIvxFgpbs3nHHDTsw_UsY.roa
Signing time:             Mon 11 Nov 2024 09:54:01 +0000
ROA not before:           Mon 11 Nov 2024 09:54:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        217.144.176.0/22 maxlen: 32
                          217.144.180.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:a5:01:09:e3:ed:31:f0:ab:2f:8e:57:ab:66:c9:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Nov 11 09:54:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20480b41ab08bf1160a5bb379c71c34ecc3f52c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:00:4e:4b:38:ad:c4:70:12:77:b4:bb:1e:b3:
                    ac:86:0f:43:a1:8c:a9:cc:48:68:81:20:de:6b:1f:
                    cb:0c:8f:13:d8:e5:48:0f:4b:07:b5:88:c5:7a:e6:
                    c6:81:4c:60:2c:e7:b1:29:d4:08:8a:08:ca:d6:c8:
                    a7:1b:01:65:01:33:1c:ad:2c:89:f6:cf:6d:40:7d:
                    25:fc:7b:1e:e0:e6:a0:0c:14:43:7b:f2:ce:d8:22:
                    f6:95:7a:1c:46:bc:4c:81:c2:50:8e:3d:e7:ea:e5:
                    f2:67:72:9e:09:4a:45:b7:69:3b:0d:40:59:e8:b5:
                    e4:8f:52:c7:0a:58:75:d2:b5:36:a0:cf:6b:14:b1:
                    cd:3e:da:d2:b4:0f:15:0f:52:17:29:9c:0d:6a:9f:
                    96:93:4a:20:44:ea:cc:a5:ee:82:d8:e0:8b:40:f7:
                    c1:f5:79:cf:f0:34:db:d9:f5:f0:32:c6:4e:cd:76:
                    bc:0d:7c:2c:5f:42:16:a9:8f:4d:a2:01:3e:55:73:
                    05:9b:e4:51:12:f8:e2:2b:0b:f8:89:5e:69:75:b8:
                    c4:08:2a:85:e3:01:4e:0c:70:5d:6b:df:e0:5c:32:
                    08:14:03:5d:84:29:2a:7e:76:e8:3b:e9:18:f1:6c:
                    17:4b:f8:b1:a8:88:11:c6:cf:1f:6b:ce:6b:49:15:
                    e9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:48:0B:41:AB:08:BF:11:60:A5:BB:37:9C:71:C3:4E:CC:3F:52:C6
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/IEgLQasIvxFgpbs3nHHDTsw_UsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:a6:0c:63:94:f0:88:28:34:81:4f:c9:0a:f5:fd:6b:6e:8f:
         c2:c8:14:29:bf:59:40:6a:9f:e5:f7:dd:b7:04:6e:dd:4a:ee:
         e8:87:df:40:9c:e4:ff:87:75:2b:48:eb:a1:99:d2:e0:e6:a7:
         f7:61:28:d6:0a:0b:98:43:fb:e8:86:f5:87:1b:29:39:23:5f:
         a0:fe:5a:ac:31:18:0e:38:9e:7b:04:87:38:c0:82:a2:80:45:
         4f:ea:02:77:e1:cd:04:f8:e9:4c:96:8b:96:ad:79:72:39:7e:
         45:0c:49:24:73:d3:cc:52:a5:8d:45:22:5c:ac:26:99:64:00:
         66:a5:82:a6:ef:c2:fc:98:e7:f1:e8:4f:c2:dc:b5:6f:4a:38:
         bb:21:b4:fb:40:64:20:79:97:67:db:c4:6c:60:fc:9f:85:54:
         ac:ef:b4:de:55:d4:4f:da:21:10:44:67:24:51:e4:97:f7:1e:
         04:d7:f8:b4:88:72:bb:22:63:68:6c:0f:3b:fe:a0:45:0e:a7:
         9c:d2:b7:94:1d:52:84:1c:75:7c:97:96:8c:5b:f7:d7:83:2a:
         87:2a:d6:61:44:5e:58:0a:41:34:7e:ef:58:ad:01:7f:c3:78:
         52:2a:34:16:8e:b6:7b:8f:91:23:e4:b6:7e:c8:97:a7:31:98:
         38:2c:75:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMapQEJ4+0x8KsvjlerZsk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjQxMTExMDk1NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQ4MGI0MWFiMDhiZjExNjBhNWJiMzc5YzcxYzM0ZWNjM2Y1MmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwBOSzitxHASd7S7HrOshg9DoYyp
zEhogSDeax/LDI8T2OVID0sHtYjFeubGgUxgLOexKdQIigjK1sinGwFlATMcrSyJ
9s9tQH0l/Hse4OagDBRDe/LO2CL2lXocRrxMgcJQjj3n6uXyZ3KeCUpFt2k7DUBZ
6LXkj1LHClh10rU2oM9rFLHNPtrStA8VD1IXKZwNap+Wk0ogROrMpe6C2OCLQPfB
9XnP8DTb2fXwMsZOzXa8DXwsX0IWqY9NogE+VXMFm+RREvjiKwv4iV5pdbjECCqF
4wFODHBda9/gXDIIFANdhCkqfnboO+kY8WwXS/ixqIgRxs8fa85rSRXpgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBIC0GrCL8RYKW7N5xxw07MP1LGMB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvSUVnTFFhc0l2eEZncGJzM25ISERUc3dfVXNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2ZCwMA0G
CSqGSIb3DQEBCwUAA4IBAQAfpgxjlPCIKDSBT8kK9f1rbo/CyBQpv1lAap/l9923
BG7dSu7oh99AnOT/h3UrSOuhmdLg5qf3YSjWCguYQ/vohvWHGyk5I1+g/lqsMRgO
OJ57BIc4wIKigEVP6gJ34c0E+OlMlouWrXlyOX5FDEkkc9PMUqWNRSJcrCaZZABm
pYKm78L8mOfx6E/C3LVvSji7IbT7QGQgeZdn28RsYPyfhVSs77TeVdRP2iEQRGck
UeSX9x4E1/i0iHK7ImNobA87/qBFDqec0reUHVKEHHV8l5aMW/fXgyqHKtZhRF5Y
CkE0fu9YrQF/w3hSKjQWjrZ7j5Ej5LZ+yJenMZg4LHX7
-----END CERTIFICATE-----