Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/013526-7710-4bb0-b514-fbb7d30dce38/1/x7YKpAfSkOct6Fg0XF9orQA6c8g.roa
File:                     x7YKpAfSkOct6Fg0XF9orQA6c8g.roa (raw, json)
Hash identifier:          TXWS81jR34NiA/SsVNyLTEvMyxNkcObY8WiOh+sls1k=
Subject key identifier:   C7:B6:0A:A4:07:D2:90:E7:2D:E8:58:34:5C:5F:68:AD:00:3A:73:C8
Certificate issuer:       /CN=66953361ff6c0083fd93d52865033319863fbc46
Certificate serial:       019420682F210D382E8936F5A31706A142E3
Authority key identifier: 66:95:33:61:FF:6C:00:83:FD:93:D5:28:65:03:33:19:86:3F:BC:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZpUzYf9sAIP9k9UoZQMzGYY_vEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/013526-7710-4bb0-b514-fbb7d30dce38/1/x7YKpAfSkOct6Fg0XF9orQA6c8g.roa
Signing time:             Wed 01 Jan 2025 05:48:06 +0000
ROA not before:           Wed 01 Jan 2025 05:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197883
IP address blocks:        217.197.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/013526-7710-4bb0-b514-fbb7d30dce38/1/ZpUzYf9sAIP9k9UoZQMzGYY_vEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/013526-7710-4bb0-b514-fbb7d30dce38/1/ZpUzYf9sAIP9k9UoZQMzGYY_vEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZpUzYf9sAIP9k9UoZQMzGYY_vEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2f:21:0d:38:2e:89:36:f5:a3:17:06:a1:42:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66953361ff6c0083fd93d52865033319863fbc46
        Validity
            Not Before: Jan  1 05:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7b60aa407d290e72de858345c5f68ad003a73c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:79:17:63:b4:d6:c5:69:12:00:bc:5d:08:71:
                    11:f9:ea:52:d2:80:d2:18:f5:c5:5c:cf:1b:8b:f1:
                    6b:91:b3:ba:c2:de:d5:01:6a:ee:11:1a:93:01:31:
                    c1:af:ac:d2:35:94:18:e2:c2:78:17:11:ed:e3:a5:
                    fb:0f:31:dc:c2:98:b7:df:10:60:1d:3c:81:45:5e:
                    ef:f2:dc:72:04:ce:94:2f:3a:2a:28:c9:20:3f:f7:
                    86:9a:95:71:08:76:02:e5:0f:be:7a:d7:48:53:83:
                    6a:43:1d:7c:1e:0b:c7:dd:61:98:44:5c:86:f1:7a:
                    79:96:87:96:93:38:d0:63:c1:87:2b:b6:91:e8:17:
                    81:9c:2c:51:eb:38:35:a7:5c:2a:ad:0d:ef:18:b8:
                    f8:fb:6b:75:d4:25:04:a5:96:e8:f1:dd:67:6b:83:
                    61:f7:6c:f6:0c:da:dc:f5:5a:24:10:0f:e0:4c:fa:
                    bb:99:0e:61:34:1c:00:71:6a:fc:c7:14:49:ac:42:
                    f6:3e:dd:c0:c7:55:5d:23:51:65:f8:ca:d3:a0:82:
                    df:9d:54:32:fe:a0:ea:03:72:20:7d:d5:85:84:dc:
                    86:c7:08:59:f8:3b:68:4e:d7:bc:aa:1a:12:95:c3:
                    d0:9c:a4:9a:22:5c:3a:0d:d6:dd:49:12:5b:ce:d9:
                    76:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:B6:0A:A4:07:D2:90:E7:2D:E8:58:34:5C:5F:68:AD:00:3A:73:C8
            X509v3 Authority Key Identifier:
                keyid:66:95:33:61:FF:6C:00:83:FD:93:D5:28:65:03:33:19:86:3F:BC:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZpUzYf9sAIP9k9UoZQMzGYY_vEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/013526-7710-4bb0-b514-fbb7d30dce38/1/x7YKpAfSkOct6Fg0XF9orQA6c8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/013526-7710-4bb0-b514-fbb7d30dce38/1/ZpUzYf9sAIP9k9UoZQMzGYY_vEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:70:c4:84:10:17:f2:9d:58:9d:40:2d:ae:b7:50:9c:29:93:
         51:44:3a:f5:50:4d:7a:d0:56:1d:0d:d5:97:31:a8:d8:6c:35:
         29:9e:b9:a1:9d:2e:3d:05:bb:10:9b:80:77:9a:1a:7d:ff:a4:
         4f:37:23:a8:de:cd:e7:f9:17:27:ce:b9:e0:dd:a7:0b:64:43:
         90:1a:ed:2e:27:71:1c:2c:01:b2:e8:82:99:75:e5:18:be:82:
         31:9c:45:7e:4d:f4:12:df:73:50:e4:02:ea:3e:73:4d:a1:aa:
         fa:31:8c:f0:90:1b:ff:b3:8b:bf:1f:1a:6a:5b:52:6b:a8:9d:
         e6:66:c2:3d:75:0c:f7:5f:3d:03:5e:1d:f5:54:ea:35:fe:a4:
         9f:4b:58:af:2a:8c:0f:31:11:63:b5:7c:45:aa:5f:1c:22:6d:
         f9:31:f4:f0:81:4c:d8:8d:0f:1a:19:68:63:30:db:36:a8:70:
         35:c2:ba:a3:fc:2c:ae:6b:c8:4b:92:b3:24:00:7f:57:e9:e2:
         c3:77:b0:41:41:4e:f9:45:5d:ba:45:4b:08:36:91:f0:13:b4:
         b9:10:3a:25:11:2b:9c:9f:25:7b:69:78:bd:51:50:8f:e6:64:
         a9:2a:44:b0:a9:53:52:1d:70:5d:e9:f4:a1:bc:44:73:e9:25:
         47:a1:52:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaC8hDTguiTb1oxcGoULjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTUzMzYxZmY2YzAwODNmZDkzZDUyODY1MDMzMzE5ODYz
ZmJjNDYwHhcNMjUwMTAxMDU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2I2MGFhNDA3ZDI5MGU3MmRlODU4MzQ1YzVmNjhhZDAwM2E3M2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnkXY7TWxWkSALxdCHER+epS0oDS
GPXFXM8bi/FrkbO6wt7VAWruERqTATHBr6zSNZQY4sJ4FxHt46X7DzHcwpi33xBg
HTyBRV7v8txyBM6ULzoqKMkgP/eGmpVxCHYC5Q++etdIU4NqQx18HgvH3WGYRFyG
8Xp5loeWkzjQY8GHK7aR6BeBnCxR6zg1p1wqrQ3vGLj4+2t11CUEpZbo8d1na4Nh
92z2DNrc9VokEA/gTPq7mQ5hNBwAcWr8xxRJrEL2Pt3Ax1VdI1Fl+MrToILfnVQy
/qDqA3IgfdWFhNyGxwhZ+DtoTte8qhoSlcPQnKSaIlw6DdbdSRJbztl21QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMe2CqQH0pDnLehYNFxfaK0AOnPIMB8GA1UdIwQY
MBaAFGaVM2H/bACD/ZPVKGUDMxmGP7xGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBVellmOXNBSVA5azlVb1pRTXpHWVlfdkVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wMTM1MjYtNzcxMC00YmIwLWI1MTQt
ZmJiN2QzMGRjZTM4LzEveDdZS3BBZlNrT2N0NkZnMFhGOW9yUUE2YzhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wMTM1MjYtNzcxMC00YmIwLWI1MTQtZmJiN2QzMGRjZTM4
LzEvWnBVellmOXNBSVA5azlVb1pRTXpHWVlfdkVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cVtMA0G
CSqGSIb3DQEBCwUAA4IBAQBtcMSEEBfynVidQC2ut1CcKZNRRDr1UE160FYdDdWX
MajYbDUpnrmhnS49BbsQm4B3mhp9/6RPNyOo3s3n+Rcnzrng3acLZEOQGu0uJ3Ec
LAGy6IKZdeUYvoIxnEV+TfQS33NQ5ALqPnNNoar6MYzwkBv/s4u/HxpqW1JrqJ3m
ZsI9dQz3Xz0DXh31VOo1/qSfS1ivKowPMRFjtXxFql8cIm35MfTwgUzYjQ8aGWhj
MNs2qHA1wrqj/Cyua8hLkrMkAH9X6eLDd7BBQU75RV26RUsINpHwE7S5EDolESuc
nyV7aXi9UVCP5mSpKkSwqVNSHXBd6fShvERz6SVHoVK1
-----END CERTIFICATE-----