Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/CJYwOmrhgRddI_37F5XjDeqb9gQ.roa
File:                     CJYwOmrhgRddI_37F5XjDeqb9gQ.roa (raw, json)
Hash identifier:          dg3FylFolVaTBiCWw+XlaCNwSSw5iW12d5wI4jL+Daw=
Subject key identifier:   08:96:30:3A:6A:E1:81:17:5D:23:FD:FB:17:95:E3:0D:EA:9B:F6:04
Certificate issuer:       /CN=eb02b523bd3af6fc6c37ddd66cdf47993db8632b
Certificate serial:       018CC64B2B9CD65B541627444559C036CBBF
Authority key identifier: EB:02:B5:23:BD:3A:F6:FC:6C:37:DD:D6:6C:DF:47:99:3D:B8:63:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6wK1I7069vxsN93WbN9HmT24Yys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/CJYwOmrhgRddI_37F5XjDeqb9gQ.roa
Signing time:             Mon 01 Jan 2024 18:31:04 +0000
ROA not before:           Mon 01 Jan 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202269
IP address blocks:        217.197.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/6wK1I7069vxsN93WbN9HmT24Yys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/6wK1I7069vxsN93WbN9HmT24Yys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6wK1I7069vxsN93WbN9HmT24Yys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2b:9c:d6:5b:54:16:27:44:45:59:c0:36:cb:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb02b523bd3af6fc6c37ddd66cdf47993db8632b
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0896303a6ae181175d23fdfb1795e30dea9bf604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2f:5c:6b:e7:cb:8c:0c:4d:97:6d:c6:f8:fc:
                    e7:1f:1c:12:95:25:dc:2e:f6:f9:a5:cd:e4:1a:e7:
                    fc:29:97:f1:37:31:2a:30:f6:96:b4:bb:33:58:8f:
                    75:21:3d:42:fd:42:21:b0:9c:22:81:f2:dd:1d:e2:
                    8d:c6:0c:ee:06:c4:6c:ec:e2:74:d2:e5:33:95:a5:
                    c5:33:69:5d:d0:c2:29:fb:8f:5c:e1:a7:76:55:54:
                    00:b2:82:10:63:cb:b7:ae:4d:a1:73:90:6d:41:b6:
                    27:4a:00:ef:68:ef:9c:c4:79:30:25:be:21:ce:a7:
                    21:d2:66:af:85:f0:d7:34:54:32:0a:05:07:36:71:
                    5a:75:d0:e8:59:0a:d6:64:4e:a3:cf:01:b4:1e:46:
                    ec:5a:60:a7:d5:31:70:b3:54:82:39:ba:3a:87:c4:
                    be:b5:fb:2b:f2:a5:7b:bc:20:81:73:14:e5:6d:05:
                    bf:40:e1:51:52:97:5f:b1:72:f8:e6:d4:a0:18:88:
                    71:08:7d:4d:3e:17:d2:4c:25:17:49:a3:0e:af:a2:
                    00:e1:ee:03:2f:a5:c5:36:f8:f9:a2:f7:03:81:86:
                    1b:65:94:13:24:ad:28:a4:11:86:32:e8:ee:25:8c:
                    f7:bc:31:fd:6f:9e:d0:89:7b:a0:c9:e1:40:61:82:
                    0f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:96:30:3A:6A:E1:81:17:5D:23:FD:FB:17:95:E3:0D:EA:9B:F6:04
            X509v3 Authority Key Identifier:
                keyid:EB:02:B5:23:BD:3A:F6:FC:6C:37:DD:D6:6C:DF:47:99:3D:B8:63:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6wK1I7069vxsN93WbN9HmT24Yys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/CJYwOmrhgRddI_37F5XjDeqb9gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/6wK1I7069vxsN93WbN9HmT24Yys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:ba:b9:99:d5:79:9e:f1:4e:52:4a:e6:e6:58:eb:d0:57:3b:
         36:03:a2:d6:7f:a5:03:0d:c9:40:d3:c8:cf:14:49:5e:fd:f1:
         76:c9:84:c5:9d:37:3d:84:ab:bb:e2:20:7f:46:6f:3a:45:3f:
         33:39:f9:ec:46:92:22:c7:9b:50:42:51:50:c5:3a:0d:76:1d:
         ed:f5:38:7a:ba:6e:4a:fa:21:86:be:7c:79:33:21:8d:08:78:
         d5:a8:8f:0d:e0:21:c3:ee:26:52:67:d7:d1:34:bc:d5:7b:ac:
         32:fd:69:c8:f2:a7:71:0b:92:ae:43:e5:80:4c:1d:60:55:e5:
         85:52:1e:b2:c9:32:c7:e1:3d:d2:0c:03:07:2b:f1:c7:13:1c:
         85:99:e6:83:67:ef:b5:10:6f:19:ed:01:3d:bb:4d:0f:df:e6:
         48:19:80:1e:db:27:49:aa:55:16:74:6f:1b:c7:91:62:bd:0c:
         65:e9:f9:58:be:65:12:34:0b:9b:68:d9:86:8b:f8:b8:0a:c5:
         cb:db:f0:1d:90:18:d8:ce:18:75:ea:9d:6a:c4:a6:b5:25:c4:
         6b:91:3a:4f:ee:62:32:57:6e:4d:fa:9e:26:a8:28:fb:a6:f2:
         01:02:d5:07:ed:1b:25:5b:87:a3:d6:39:b2:a0:91:e1:77:a0:
         26:ee:22:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyuc1ltUFidERVnANsu/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMDJiNTIzYmQzYWY2ZmM2YzM3ZGRkNjZjZGY0Nzk5M2Ri
ODYzMmIwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODk2MzAzYTZhZTE4MTE3NWQyM2ZkZmIxNzk1ZTMwZGVhOWJmNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC9ca+fLjAxNl23G+PznHxwSlSXc
Lvb5pc3kGuf8KZfxNzEqMPaWtLszWI91IT1C/UIhsJwigfLdHeKNxgzuBsRs7OJ0
0uUzlaXFM2ld0MIp+49c4ad2VVQAsoIQY8u3rk2hc5BtQbYnSgDvaO+cxHkwJb4h
zqch0mavhfDXNFQyCgUHNnFaddDoWQrWZE6jzwG0HkbsWmCn1TFws1SCObo6h8S+
tfsr8qV7vCCBcxTlbQW/QOFRUpdfsXL45tSgGIhxCH1NPhfSTCUXSaMOr6IA4e4D
L6XFNvj5ovcDgYYbZZQTJK0opBGGMujuJYz3vDH9b57QiXugyeFAYYIPBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiWMDpq4YEXXSP9+xeV4w3qm/YEMB8GA1UdIwQY
MBaAFOsCtSO9Ovb8bDfd1mzfR5k9uGMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNndLMUk3MDY5dnhzTjkzV2JOOUhtVDI0WXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zMzE4NzQtN2IzMS00ODc5LWJmMGIt
MDU4NWU5ZWRjMzMwLzEvQ0pZd09tcmhnUmRkSV8zN0Y1WGpEZXFiOWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zMzE4NzQtN2IzMS00ODc5LWJmMGItMDU4NWU5ZWRjMzMw
LzEvNndLMUk3MDY5dnhzTjkzV2JOOUhtVDI0WXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cVhMA0G
CSqGSIb3DQEBCwUAA4IBAQB9urmZ1Xme8U5SSubmWOvQVzs2A6LWf6UDDclA08jP
FEle/fF2yYTFnTc9hKu74iB/Rm86RT8zOfnsRpIix5tQQlFQxToNdh3t9Th6um5K
+iGGvnx5MyGNCHjVqI8N4CHD7iZSZ9fRNLzVe6wy/WnI8qdxC5KuQ+WATB1gVeWF
Uh6yyTLH4T3SDAMHK/HHExyFmeaDZ++1EG8Z7QE9u00P3+ZIGYAe2ydJqlUWdG8b
x5FivQxl6flYvmUSNAubaNmGi/i4CsXL2/AdkBjYzhh16p1qxKa1JcRrkTpP7mIy
V25N+p4mqCj7pvIBAtUH7RslW4ej1jmyoJHhd6Am7iJZ
-----END CERTIFICATE-----