Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/uLsbkTuS0yJYDYwztu5rfIs4VO8.roa
File:                     uLsbkTuS0yJYDYwztu5rfIs4VO8.roa (raw, json)
Hash identifier:          NQywDIYmPMQjLGtvywjcEHD3fv88q3Cf/w2oOPcVlaM=
Subject key identifier:   B8:BB:1B:91:3B:92:D3:22:58:0D:8C:33:B6:EE:6B:7C:8B:38:54:EF
Certificate issuer:       /CN=eb02b523bd3af6fc6c37ddd66cdf47993db8632b
Certificate serial:       019221D213CE1337BF17BD7F17DE6FB7EE0E
Authority key identifier: EB:02:B5:23:BD:3A:F6:FC:6C:37:DD:D6:6C:DF:47:99:3D:B8:63:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6wK1I7069vxsN93WbN9HmT24Yys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/uLsbkTuS0yJYDYwztu5rfIs4VO8.roa
Signing time:             Tue 24 Sep 2024 02:17:48 +0000
ROA not before:           Tue 24 Sep 2024 02:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212552
IP address blocks:        217.197.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/6wK1I7069vxsN93WbN9HmT24Yys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/6wK1I7069vxsN93WbN9HmT24Yys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6wK1I7069vxsN93WbN9HmT24Yys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:21:d2:13:ce:13:37:bf:17:bd:7f:17:de:6f:b7:ee:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb02b523bd3af6fc6c37ddd66cdf47993db8632b
        Validity
            Not Before: Sep 24 02:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8bb1b913b92d322580d8c33b6ee6b7c8b3854ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:65:09:da:ad:06:8c:99:77:70:90:9c:a6:8c:
                    2f:71:cb:8d:2e:a9:2d:47:a9:71:33:24:21:8c:f2:
                    38:5d:aa:63:d1:1d:aa:8e:13:b5:e4:50:74:b1:d6:
                    55:5e:e5:5e:f3:d8:0f:1f:63:1e:c1:37:ad:32:65:
                    82:34:9f:e3:62:8e:1c:d3:78:25:65:c0:03:44:a3:
                    88:11:87:51:fe:8a:2a:c7:e8:dc:8e:3e:f0:b8:fe:
                    00:71:41:0e:5d:a1:a7:ea:ea:ee:94:e5:97:4c:7c:
                    23:6e:51:7b:2f:fa:78:75:d0:c6:43:8d:a8:4f:ca:
                    02:7e:8c:4a:3f:d9:05:30:ad:82:67:90:a7:3f:b3:
                    9a:a3:c7:c5:24:ca:42:3a:ad:aa:2c:b7:38:1c:b3:
                    8c:e0:db:50:09:37:c9:68:34:b1:7b:d7:79:20:f5:
                    67:cc:b0:24:fc:a1:ac:1d:a5:28:5e:11:2e:33:3e:
                    65:eb:c5:31:43:10:c1:7e:a0:73:76:f3:99:d1:19:
                    bb:96:2d:c0:d9:bd:ed:66:07:bf:21:eb:91:8d:32:
                    7d:e2:7b:ec:02:ea:ae:35:2b:f1:04:2e:3c:20:8c:
                    7d:d0:54:07:72:eb:01:fe:60:b7:98:a7:db:0e:0f:
                    c8:e8:d8:b2:e9:58:bf:d4:ad:38:ca:00:2f:7a:0c:
                    8e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:BB:1B:91:3B:92:D3:22:58:0D:8C:33:B6:EE:6B:7C:8B:38:54:EF
            X509v3 Authority Key Identifier:
                keyid:EB:02:B5:23:BD:3A:F6:FC:6C:37:DD:D6:6C:DF:47:99:3D:B8:63:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6wK1I7069vxsN93WbN9HmT24Yys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/uLsbkTuS0yJYDYwztu5rfIs4VO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/331874-7b31-4879-bf0b-0585e9edc330/1/6wK1I7069vxsN93WbN9HmT24Yys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:0f:9d:e7:fe:f7:a6:1a:f7:10:6e:d2:3d:06:e9:c5:2b:0a:
         44:05:f0:79:c8:e1:21:53:eb:45:63:bb:25:a6:37:a4:2a:3f:
         52:80:84:62:7b:7b:62:50:f6:5a:15:ce:c6:aa:30:74:04:3c:
         ff:e3:e2:30:94:a9:ed:5e:69:77:af:a2:67:c5:7b:f5:7b:4c:
         60:ae:9c:0f:99:91:01:32:68:3f:5f:46:28:5c:0b:70:b2:8a:
         18:f5:b7:7b:2e:2b:5c:8e:b0:15:49:b6:49:1c:e0:29:79:2a:
         5c:84:fb:6c:49:d4:ed:09:ec:01:c4:66:85:15:01:58:48:96:
         f6:fc:a7:f0:74:bc:1b:71:e0:48:9f:84:bd:02:8a:e2:21:c1:
         29:d7:6b:e5:4c:32:35:7b:13:35:97:5f:a1:11:e2:c1:c2:a9:
         96:e8:e2:e5:c3:55:41:dc:8c:93:95:7e:7e:75:c4:a2:d8:7f:
         70:61:a0:31:b6:41:a6:9c:a7:cc:fa:93:0f:a4:e2:fe:3b:bd:
         b0:3b:6d:ab:d5:97:58:b9:8f:16:fa:e8:a9:fe:6c:c8:5f:6c:
         22:22:6b:4d:fa:c2:4f:19:8c:39:8a:ea:42:02:9c:4e:71:31:
         04:01:8f:01:32:9f:e0:26:8a:b7:67:06:08:28:8c:09:2c:dd:
         3f:17:cd:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIh0hPOEze/F71/F95vt+4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMDJiNTIzYmQzYWY2ZmM2YzM3ZGRkNjZjZGY0Nzk5M2Ri
ODYzMmIwHhcNMjQwOTI0MDIxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGJiMWI5MTNiOTJkMzIyNTgwZDhjMzNiNmVlNmI3YzhiMzg1NGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2UJ2q0GjJl3cJCcpowvccuNLqkt
R6lxMyQhjPI4Xapj0R2qjhO15FB0sdZVXuVe89gPH2MewTetMmWCNJ/jYo4c03gl
ZcADRKOIEYdR/ooqx+jcjj7wuP4AcUEOXaGn6urulOWXTHwjblF7L/p4ddDGQ42o
T8oCfoxKP9kFMK2CZ5CnP7Oao8fFJMpCOq2qLLc4HLOM4NtQCTfJaDSxe9d5IPVn
zLAk/KGsHaUoXhEuMz5l68UxQxDBfqBzdvOZ0Rm7li3A2b3tZge/IeuRjTJ94nvs
AuquNSvxBC48IIx90FQHcusB/mC3mKfbDg/I6Niy6Vi/1K04ygAvegyOfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLi7G5E7ktMiWA2MM7bua3yLOFTvMB8GA1UdIwQY
MBaAFOsCtSO9Ovb8bDfd1mzfR5k9uGMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNndLMUk3MDY5dnhzTjkzV2JOOUhtVDI0WXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zMzE4NzQtN2IzMS00ODc5LWJmMGIt
MDU4NWU5ZWRjMzMwLzEvdUxzYmtUdVMweUpZRFl3enR1NXJmSXM0Vk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zMzE4NzQtN2IzMS00ODc5LWJmMGItMDU4NWU5ZWRjMzMw
LzEvNndLMUk3MDY5dnhzTjkzV2JOOUhtVDI0WXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cVhMA0G
CSqGSIb3DQEBCwUAA4IBAQByD53n/vemGvcQbtI9BunFKwpEBfB5yOEhU+tFY7sl
pjekKj9SgIRie3tiUPZaFc7GqjB0BDz/4+IwlKntXml3r6JnxXv1e0xgrpwPmZEB
Mmg/X0YoXAtwsooY9bd7LitcjrAVSbZJHOApeSpchPtsSdTtCewBxGaFFQFYSJb2
/KfwdLwbceBIn4S9AoriIcEp12vlTDI1exM1l1+hEeLBwqmW6OLlw1VB3IyTlX5+
dcSi2H9wYaAxtkGmnKfM+pMPpOL+O72wO22r1ZdYuY8W+uip/mzIX2wiImtN+sJP
GYw5iupCApxOcTEEAY8BMp/gJoq3ZwYIKIwJLN0/F80n
-----END CERTIFICATE-----