Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/UNkoTQC7R497-zmPHnXoZ07M3QA.roa
File:                     UNkoTQC7R497-zmPHnXoZ07M3QA.roa (raw, json)
Hash identifier:          j4QITc3Bx0NoLnnZMMvneA/f6G3hEkOiUymls2y6laU=
Subject key identifier:   50:D9:28:4D:00:BB:47:8F:7B:FB:39:8F:1E:75:E8:67:4E:CC:DD:00
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       0191A22CAD903D28F07DF6B616C42A294C5F
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/UNkoTQC7R497-zmPHnXoZ07M3QA.roa
Signing time:             Fri 30 Aug 2024 07:25:22 +0000
ROA not before:           Fri 30 Aug 2024 07:25:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        217.9.247.0/24 maxlen: 24
                          217.9.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:2c:ad:90:3d:28:f0:7d:f6:b6:16:c4:2a:29:4c:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Aug 30 07:25:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50d9284d00bb478f7bfb398f1e75e8674eccdd00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8f:62:d9:f2:57:c8:53:37:2a:75:9d:46:6d:
                    9f:55:6f:8c:9f:b8:c7:4b:62:a2:8e:6d:ed:75:43:
                    16:ad:8b:8f:6b:01:a4:5a:a6:db:aa:97:54:77:dd:
                    90:57:10:f3:b1:76:1d:23:d9:d7:ae:f1:b0:90:67:
                    5a:27:72:07:38:f6:b8:3b:87:5b:84:14:d1:85:b0:
                    f4:71:af:39:16:bc:4c:b4:64:28:70:e3:a5:71:b7:
                    6f:0d:13:48:d6:cf:85:89:a8:02:66:27:db:91:29:
                    85:c4:43:5d:84:f1:92:66:c8:fc:ad:ad:59:04:e3:
                    ba:0c:a8:c5:f5:9c:5b:48:af:db:f0:a3:cd:f9:28:
                    e8:98:0e:f7:f7:21:2c:4f:68:14:72:1d:59:b5:ec:
                    c2:2c:cc:96:52:57:3d:29:e7:57:a8:dc:03:46:7a:
                    2a:4f:cf:b0:76:45:b5:c2:0f:f9:79:e1:04:11:74:
                    ce:75:f9:b6:fe:9b:e3:45:16:92:73:da:0d:54:bf:
                    c8:17:f2:91:52:bc:d6:ed:c2:fd:c2:89:93:de:4f:
                    1c:eb:54:eb:b8:40:77:ac:68:46:fe:27:56:fa:95:
                    29:e1:c2:c6:9b:b3:c0:9d:52:26:10:88:d5:f5:32:
                    e2:4a:1c:f2:7c:21:71:b5:85:9d:ae:be:b4:78:99:
                    0f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D9:28:4D:00:BB:47:8F:7B:FB:39:8F:1E:75:E8:67:4E:CC:DD:00
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/UNkoTQC7R497-zmPHnXoZ07M3QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.247.0/24
                  217.9.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:3c:c7:b3:a2:a6:7e:79:65:6f:3c:c2:c2:1d:b7:3f:b6:a5:
         04:49:80:dd:a7:8f:18:f8:a2:c2:0c:de:3c:85:ea:e3:9b:07:
         0e:25:3d:19:d0:2d:35:05:02:b7:35:82:a1:6c:c9:31:58:fb:
         4a:91:f5:da:17:cf:88:7a:2e:15:05:86:b3:7b:cd:5a:e8:82:
         6b:7e:25:07:87:0a:6f:59:cd:4f:a7:b2:9c:42:be:55:14:c5:
         63:33:1a:73:d8:a8:0b:31:8e:05:95:c4:f0:eb:82:2b:52:2e:
         dc:6b:24:f7:ab:c8:03:ed:fa:b8:23:8c:2e:87:1e:a0:db:a5:
         8b:06:36:b3:6f:35:43:a6:6d:aa:f1:0e:3b:19:a3:e6:f2:6a:
         93:dd:52:a0:76:15:39:db:c0:93:5b:6c:b4:17:6e:80:b6:61:
         1f:f9:5b:0c:e1:7d:64:f4:89:92:1a:63:ed:18:2a:4b:c8:70:
         0f:03:2b:c3:38:9c:39:8b:27:80:ba:23:45:e6:c4:3f:93:c5:
         29:75:53:34:bc:af:91:bb:d0:b0:58:49:00:e1:ff:43:13:6c:
         d0:2a:ed:82:63:6d:22:70:54:ed:fb:db:61:d6:c3:41:5f:c1:
         44:8c:ec:fc:94:f6:df:45:5d:db:16:7a:b4:c9:e2:b0:f6:37:
         04:94:8e:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGiLK2QPSjwffa2FsQqKUxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwODMwMDcyNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGQ5Mjg0ZDAwYmI0NzhmN2JmYjM5OGYxZTc1ZTg2NzRlY2NkZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlY9i2fJXyFM3KnWdRm2fVW+Mn7jH
S2Kijm3tdUMWrYuPawGkWqbbqpdUd92QVxDzsXYdI9nXrvGwkGdaJ3IHOPa4O4db
hBTRhbD0ca85FrxMtGQocOOlcbdvDRNI1s+FiagCZifbkSmFxENdhPGSZsj8ra1Z
BOO6DKjF9ZxbSK/b8KPN+SjomA739yEsT2gUch1ZtezCLMyWUlc9KedXqNwDRnoq
T8+wdkW1wg/5eeEEEXTOdfm2/pvjRRaSc9oNVL/IF/KRUrzW7cL9womT3k8c61Tr
uEB3rGhG/idW+pUp4cLGm7PAnVImEIjV9TLiShzyfCFxtYWdrr60eJkPjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFDZKE0Au0ePe/s5jx516GdOzN0AMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvVU5rb1RRQzdSNDk3LXptUEhuWG9aMDdNM1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2Qn3AwQA
2Qn6MA0GCSqGSIb3DQEBCwUAA4IBAQCoPMezoqZ+eWVvPMLCHbc/tqUESYDdp48Y
+KLCDN48herjmwcOJT0Z0C01BQK3NYKhbMkxWPtKkfXaF8+Iei4VBYaze81a6IJr
fiUHhwpvWc1Pp7KcQr5VFMVjMxpz2KgLMY4FlcTw64IrUi7cayT3q8gD7fq4I4wu
hx6g26WLBjazbzVDpm2q8Q47GaPm8mqT3VKgdhU528CTW2y0F26AtmEf+VsM4X1k
9ImSGmPtGCpLyHAPAyvDOJw5iyeAuiNF5sQ/k8UpdVM0vK+Ru9CwWEkA4f9DE2zQ
Ku2CY20icFTt+9th1sNBX8FEjOz8lPbfRV3bFnq0yeKw9jcElI7s
-----END CERTIFICATE-----