Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/c321a3-d362-454f-8e84-ce6bb71a8da6/1/7Dych4zveyHs0pzibZ9uvQtJ2wM.roa
File:                     7Dych4zveyHs0pzibZ9uvQtJ2wM.roa (raw, json)
Hash identifier:          CW7T4TaO0Ki1j/sE/BefdFndXGm6ZNbOz4E1BOqKMT8=
Subject key identifier:   EC:3C:9C:87:8C:EF:7B:21:EC:D2:9C:E2:6D:9F:6E:BD:0B:49:DB:03
Certificate issuer:       /CN=26d3db8bed354b478c6d1704a1e3ae6c926d5672
Certificate serial:       01942826EAF6B3F61D55ECC260E719DC618F
Authority key identifier: 26:D3:DB:8B:ED:35:4B:47:8C:6D:17:04:A1:E3:AE:6C:92:6D:56:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JtPbi-01S0eMbRcEoeOubJJtVnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/c321a3-d362-454f-8e84-ce6bb71a8da6/1/7Dych4zveyHs0pzibZ9uvQtJ2wM.roa
Signing time:             Thu 02 Jan 2025 17:53:46 +0000
ROA not before:           Thu 02 Jan 2025 17:53:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211799
IP address blocks:        185.40.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/c321a3-d362-454f-8e84-ce6bb71a8da6/1/JtPbi-01S0eMbRcEoeOubJJtVnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/c321a3-d362-454f-8e84-ce6bb71a8da6/1/JtPbi-01S0eMbRcEoeOubJJtVnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JtPbi-01S0eMbRcEoeOubJJtVnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:ea:f6:b3:f6:1d:55:ec:c2:60:e7:19:dc:61:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26d3db8bed354b478c6d1704a1e3ae6c926d5672
        Validity
            Not Before: Jan  2 17:53:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec3c9c878cef7b21ecd29ce26d9f6ebd0b49db03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:95:05:0f:76:c3:3a:a4:f8:9f:f4:38:7b:03:
                    f8:3e:de:68:8c:fa:49:9a:ac:6a:98:f4:cb:e8:23:
                    a1:35:a1:44:55:68:23:9c:ed:ae:ed:4d:37:7b:65:
                    f6:0b:6b:38:0d:c3:6d:25:d9:58:bd:ed:99:19:0a:
                    76:5a:40:6e:bc:c9:0e:5b:58:20:f1:d0:fc:2e:26:
                    49:52:bb:95:96:06:73:d0:03:aa:75:2c:fb:d5:12:
                    5b:71:44:b4:d0:8a:55:e5:3a:79:d3:e5:67:e2:39:
                    51:0d:6f:83:08:da:7a:bc:0d:d2:cb:fb:15:50:b5:
                    72:20:c2:48:d7:91:a7:d6:06:98:5c:55:50:72:15:
                    2c:ac:8f:7d:5d:33:68:a6:63:10:66:28:5b:aa:96:
                    6c:b5:b9:e5:ef:33:37:5e:82:50:6e:66:e0:2c:e1:
                    8a:24:d7:61:23:39:02:80:e0:ca:23:1f:07:2e:96:
                    aa:bd:e8:59:ab:2c:01:f9:e4:82:f6:1d:20:37:11:
                    f9:ea:cd:02:cc:54:ea:47:6a:9b:cf:d3:51:13:f3:
                    24:cf:4e:2c:78:bc:6b:33:6d:ab:f0:60:90:2c:2b:
                    41:db:8a:d5:12:36:33:a7:8d:2d:ac:89:21:cc:c4:
                    c8:4a:d4:94:e5:e3:71:01:6b:d9:4f:ff:f5:0c:c6:
                    9d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:3C:9C:87:8C:EF:7B:21:EC:D2:9C:E2:6D:9F:6E:BD:0B:49:DB:03
            X509v3 Authority Key Identifier:
                keyid:26:D3:DB:8B:ED:35:4B:47:8C:6D:17:04:A1:E3:AE:6C:92:6D:56:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JtPbi-01S0eMbRcEoeOubJJtVnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c321a3-d362-454f-8e84-ce6bb71a8da6/1/7Dych4zveyHs0pzibZ9uvQtJ2wM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c321a3-d362-454f-8e84-ce6bb71a8da6/1/JtPbi-01S0eMbRcEoeOubJJtVnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:56:e5:74:da:b1:6d:01:98:dc:2a:d0:6a:45:e4:3a:8f:38:
         93:91:cf:30:e6:05:3c:35:d5:ff:68:56:8d:0b:16:10:78:47:
         22:a8:0c:6a:b2:df:8b:ed:c0:56:d6:35:72:ee:aa:3c:9d:1c:
         22:76:e7:86:90:c7:ff:42:db:5e:c3:01:14:e9:a8:3d:d1:0b:
         96:b1:5f:28:a1:43:0a:ed:7b:74:6d:79:88:aa:dd:ba:d1:24:
         1a:72:0e:5f:59:5a:4b:1b:a7:fd:80:36:62:f3:f5:9c:4e:6d:
         98:48:b2:dc:20:73:89:96:8e:06:7f:92:f2:e0:2f:83:97:28:
         9a:57:c9:75:c0:7e:1e:7e:2a:61:2a:0f:02:b4:1f:99:7a:d3:
         4d:5d:0d:55:7e:26:9f:cb:9a:d7:9e:78:2a:40:17:96:c6:ba:
         72:cb:36:22:b5:21:7f:c0:e8:d1:81:25:e9:51:b1:7d:ca:eb:
         87:85:3b:48:cc:dd:ef:24:72:3a:26:03:46:ea:8f:0b:39:d0:
         59:f9:51:70:03:ed:83:6f:e6:f6:5c:b8:92:11:a0:d9:24:d0:
         a0:50:f6:67:bb:ee:2c:50:1b:55:94:e7:6c:04:d2:34:e5:39:
         d6:4b:f5:ed:73:6d:6d:8f:b5:cc:ee:59:72:c4:f1:77:93:6c:
         32:a2:74:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJur2s/YdVezCYOcZ3GGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZDNkYjhiZWQzNTRiNDc4YzZkMTcwNGExZTNhZTZjOTI2
ZDU2NzIwHhcNMjUwMTAyMTc1MzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzNjOWM4NzhjZWY3YjIxZWNkMjljZTI2ZDlmNmViZDBiNDlkYjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJUFD3bDOqT4n/Q4ewP4Pt5ojPpJ
mqxqmPTL6COhNaFEVWgjnO2u7U03e2X2C2s4DcNtJdlYve2ZGQp2WkBuvMkOW1gg
8dD8LiZJUruVlgZz0AOqdSz71RJbcUS00IpV5Tp50+Vn4jlRDW+DCNp6vA3Sy/sV
ULVyIMJI15Gn1gaYXFVQchUsrI99XTNopmMQZihbqpZstbnl7zM3XoJQbmbgLOGK
JNdhIzkCgODKIx8HLpaqvehZqywB+eSC9h0gNxH56s0CzFTqR2qbz9NRE/Mkz04s
eLxrM22r8GCQLCtB24rVEjYzp40trIkhzMTIStSU5eNxAWvZT//1DMadkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOw8nIeM73sh7NKc4m2fbr0LSdsDMB8GA1UdIwQY
MBaAFCbT24vtNUtHjG0XBKHjrmySbVZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnRQYmktMDFTMGVNYlJjRW9lT3ViSkp0Vm5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jMzIxYTMtZDM2Mi00NTRmLThlODQt
Y2U2YmI3MWE4ZGE2LzEvN0R5Y2g0enZleUhzMHB6aWJaOXV2UXRKMndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jMzIxYTMtZDM2Mi00NTRmLThlODQtY2U2YmI3MWE4ZGE2
LzEvSnRQYmktMDFTMGVNYlJjRW9lT3ViSkp0Vm5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSgRMA0G
CSqGSIb3DQEBCwUAA4IBAQCWVuV02rFtAZjcKtBqReQ6jziTkc8w5gU8NdX/aFaN
CxYQeEciqAxqst+L7cBW1jVy7qo8nRwidueGkMf/QttewwEU6ag90QuWsV8ooUMK
7Xt0bXmIqt260SQacg5fWVpLG6f9gDZi8/WcTm2YSLLcIHOJlo4Gf5Ly4C+Dlyia
V8l1wH4efiphKg8CtB+ZetNNXQ1Vfiafy5rXnngqQBeWxrpyyzYitSF/wOjRgSXp
UbF9yuuHhTtIzN3vJHI6JgNG6o8LOdBZ+VFwA+2Db+b2XLiSEaDZJNCgUPZnu+4s
UBtVlOdsBNI05TnWS/Xtc21tj7XM7llyxPF3k2wyonSl
-----END CERTIFICATE-----