Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/o5ho31TLVDzyGLSD4rZ1LXnhs6k.roa
File:                     o5ho31TLVDzyGLSD4rZ1LXnhs6k.roa (raw, json)
Hash identifier:          Q/tQl79GiSJKZ+/2vyXn1sCh4RrI1t7h+n+kAbJYTl4=
Subject key identifier:   A3:98:68:DF:54:CB:54:3C:F2:18:B4:83:E2:B6:75:2D:79:E1:B3:A9
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B73B3E8D7810AEDF3C927AE53F2EB3
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/o5ho31TLVDzyGLSD4rZ1LXnhs6k.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48125
IP address blocks:        217.109.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3b:3e:8d:78:10:ae:df:3c:92:7a:e5:3f:2e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a39868df54cb543cf218b483e2b6752d79e1b3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f8:8f:11:18:b5:49:9f:ce:1c:46:ee:51:71:
                    a8:0b:6c:1b:c8:99:5e:83:8e:ac:84:10:e9:e9:b1:
                    fc:65:6b:f6:6f:6b:70:ab:ba:b0:d9:56:11:18:08:
                    2e:71:38:d2:25:77:be:3f:29:12:81:34:7e:d4:77:
                    a5:a8:c1:20:50:18:18:2a:10:39:7d:1f:58:a9:79:
                    05:af:29:81:de:64:5c:98:24:dd:b1:f9:d2:97:98:
                    4e:a9:a6:09:71:f6:e2:c3:98:88:1b:9b:50:85:db:
                    64:37:9e:a1:69:55:65:75:8f:1d:d7:af:93:30:e3:
                    9e:61:43:1b:5f:ef:4d:77:54:8f:88:90:53:f8:8d:
                    0d:68:22:b4:5e:3d:0d:27:83:35:24:b8:f3:87:8e:
                    69:59:83:f4:fb:d4:3c:51:49:45:be:e7:47:c8:b7:
                    c6:ab:2f:35:95:f0:e8:f2:7a:59:37:d0:9a:f1:26:
                    f6:86:96:41:e8:70:f2:4b:39:fa:56:ae:bf:1d:3a:
                    3b:40:4f:2d:33:ea:6b:c1:3b:74:10:09:85:e0:42:
                    35:44:0a:8d:97:6c:e3:b0:ab:94:5c:fb:22:02:93:
                    42:93:dd:df:20:4d:f1:a6:d4:4d:5a:74:89:e5:6b:
                    c7:4d:fb:2c:71:ff:44:45:04:4e:63:e1:2d:20:d7:
                    1b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:98:68:DF:54:CB:54:3C:F2:18:B4:83:E2:B6:75:2D:79:E1:B3:A9
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/o5ho31TLVDzyGLSD4rZ1LXnhs6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.109.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:52:8c:13:52:16:b3:61:da:da:d5:e4:2d:ad:8d:47:c5:cc:
         9f:86:57:0d:0e:60:f7:e7:5d:47:20:25:90:e1:bd:a2:c6:3c:
         5b:3b:58:ed:c3:a8:2e:8a:d0:e9:ad:a5:07:8a:68:5b:db:87:
         82:1e:a2:6d:bc:5f:de:fe:b3:33:eb:a8:e2:f9:17:0b:b8:fc:
         f9:24:10:98:90:6a:fd:45:bb:d2:3e:ac:1d:12:ff:dd:ee:a3:
         e8:f9:2f:11:85:6e:1e:56:51:6e:b1:0c:be:6f:19:59:f7:f4:
         6f:6c:23:be:98:1e:e4:d0:9e:b6:33:38:10:82:51:c4:d5:fd:
         e5:f8:67:6a:65:a7:1c:35:2f:a2:47:8d:95:70:56:bf:57:bf:
         67:b7:2f:2f:65:23:41:2b:bb:7b:59:79:c0:a5:51:18:86:6a:
         86:23:87:8b:fd:e7:20:78:90:4e:89:90:14:dd:04:3e:6f:fc:
         1f:cb:1e:12:df:75:ae:9f:2b:43:82:d5:2f:16:2d:f7:59:f3:
         dd:2a:bf:d7:ea:3e:bd:a9:da:7c:6b:68:4a:a6:6c:da:a2:fc:
         71:2f:ae:af:b9:13:2c:77:63:34:00:4c:7f:76:b1:98:21:f0:
         65:c1:b3:c5:c4:51:92:d1:08:c5:db:3c:cc:7d:9c:91:c3:2a:
         c1:2a:a8:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzs+jXgQrt88knrlPy6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzk4NjhkZjU0Y2I1NDNjZjIxOGI0ODNlMmI2NzUyZDc5ZTFiM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfiPERi1SZ/OHEbuUXGoC2wbyJle
g46shBDp6bH8ZWv2b2twq7qw2VYRGAgucTjSJXe+PykSgTR+1HelqMEgUBgYKhA5
fR9YqXkFrymB3mRcmCTdsfnSl5hOqaYJcfbiw5iIG5tQhdtkN56haVVldY8d16+T
MOOeYUMbX+9Nd1SPiJBT+I0NaCK0Xj0NJ4M1JLjzh45pWYP0+9Q8UUlFvudHyLfG
qy81lfDo8npZN9Ca8Sb2hpZB6HDySzn6Vq6/HTo7QE8tM+prwTt0EAmF4EI1RAqN
l2zjsKuUXPsiApNCk93fIE3xptRNWnSJ5WvHTfsscf9ERQROY+EtINcbLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOYaN9Uy1Q88hi0g+K2dS154bOpMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvbzVobzMxVExWRHp5R0xTRDRyWjFMWG5oczZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2W10MA0G
CSqGSIb3DQEBCwUAA4IBAQChUowTUhazYdra1eQtrY1HxcyfhlcNDmD3511HICWQ
4b2ixjxbO1jtw6guitDpraUHimhb24eCHqJtvF/e/rMz66ji+RcLuPz5JBCYkGr9
RbvSPqwdEv/d7qPo+S8RhW4eVlFusQy+bxlZ9/RvbCO+mB7k0J62MzgQglHE1f3l
+GdqZaccNS+iR42VcFa/V79nty8vZSNBK7t7WXnApVEYhmqGI4eL/ecgeJBOiZAU
3QQ+b/wfyx4S33WunytDgtUvFi33WfPdKr/X6j69qdp8a2hKpmzaovxxL66vuRMs
d2M0AEx/drGYIfBlwbPFxFGS0QjF2zzMfZyRwyrBKqjI
-----END CERTIFICATE-----