Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/RqIoqzKF1SeZu7y97KXtXSlLN_k.roa
File:                     RqIoqzKF1SeZu7y97KXtXSlLN_k.roa (raw, json)
Hash identifier:          oX8skCfWz9nrYPu3BmkEe0K1TbgNoTCncVn5v0h5GWQ=
Subject key identifier:   46:A2:28:AB:32:85:D5:27:99:BB:BC:BD:EC:A5:ED:5D:29:4B:37:F9
Certificate issuer:       /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial:       018DCF826F320270EE8110C2D75462D2F547
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/RqIoqzKF1SeZu7y97KXtXSlLN_k.roa
Signing time:             Thu 22 Feb 2024 06:30:48 +0000
ROA not before:           Thu 22 Feb 2024 06:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        217.60.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cf:82:6f:32:02:70:ee:81:10:c2:d7:54:62:d2:f5:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
        Validity
            Not Before: Feb 22 06:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46a228ab3285d52799bbbcbdeca5ed5d294b37f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:bb:7e:33:b0:1b:e7:6a:2c:5b:03:2a:da:65:
                    74:90:c9:6a:d6:45:a3:34:21:66:f4:09:ee:d6:c3:
                    a5:dc:c4:7c:b9:52:6c:48:34:de:a9:c8:a5:c9:4c:
                    9f:37:b3:35:15:c0:d2:32:72:9e:d4:c7:3e:52:e7:
                    f6:b3:85:ca:4a:4e:d0:54:18:25:7d:16:2c:8d:1a:
                    88:cc:63:e0:1a:6c:69:3a:1c:e6:ab:2a:d8:d0:83:
                    4c:ec:0a:e0:31:20:90:c6:8f:a7:ae:c0:bb:39:07:
                    0e:6c:d6:8d:8d:9e:a6:15:1b:91:b8:b3:58:48:79:
                    e9:ca:33:0e:58:4f:4f:38:72:a1:26:66:d8:77:88:
                    91:83:d9:23:d7:59:98:cb:ba:14:d7:03:96:c7:59:
                    09:2e:8a:d7:c8:f9:de:79:62:a9:79:e4:97:9a:69:
                    da:36:e5:bd:8e:22:f3:8c:69:1b:fa:0b:44:37:74:
                    ae:c8:ee:ee:a5:b7:36:14:c7:a6:cc:6b:f6:62:e8:
                    bc:27:56:f1:8f:12:2b:ae:ee:a3:df:c3:0f:da:b7:
                    ef:1f:1f:b6:d5:f7:4a:d2:e9:10:09:26:1d:9e:04:
                    03:28:62:b9:e2:b6:ca:6c:d5:3b:a6:59:97:04:55:
                    ee:39:9b:1b:f5:76:76:ca:35:d4:c2:74:9c:05:ab:
                    dc:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A2:28:AB:32:85:D5:27:99:BB:BC:BD:EC:A5:ED:5D:29:4B:37:F9
            X509v3 Authority Key Identifier:
                keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/RqIoqzKF1SeZu7y97KXtXSlLN_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:f3:b2:bb:c2:ea:69:2d:96:8f:1f:27:ee:68:6d:2a:59:20:
         e7:77:bb:95:de:6e:ce:34:5d:0d:50:e0:5d:9d:e2:8b:42:c1:
         4a:b3:66:a3:91:93:2d:e5:69:35:12:25:2e:7f:d4:25:5b:19:
         2d:3a:c8:c8:1c:0c:5a:c9:a1:c4:1c:b2:25:62:3b:de:55:e7:
         66:c0:3a:e4:22:07:df:0a:ba:f6:8c:61:36:26:69:92:19:5a:
         d0:82:84:b9:65:99:ae:1d:11:10:53:75:96:4e:6b:dc:b6:80:
         f6:33:62:26:bf:ed:e3:9f:41:25:2a:13:88:54:b5:51:af:f3:
         05:37:ed:d0:04:47:ad:d1:92:e6:01:81:6f:95:87:35:47:9c:
         a4:dd:00:6d:db:ba:76:a2:b0:25:c2:78:95:4d:ea:cc:b7:25:
         24:22:7f:22:7b:0e:72:76:eb:51:d7:92:68:f6:99:b2:13:9d:
         62:4c:27:5b:c2:69:60:bc:0d:de:7e:78:e8:dc:22:c0:ce:ca:
         20:ff:d2:19:6d:9e:95:de:81:a7:19:9c:d1:a1:23:69:82:b3:
         8c:57:c2:7c:b2:bd:11:23:fa:4a:7f:7f:d5:4c:cf:58:39:c7:
         83:25:75:d2:b7:38:52:cc:f9:9b:d3:fc:d8:37:7d:d8:66:e4:
         29:77:ca:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Pgm8yAnDugRDC11Ri0vVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwMjIyMDYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmEyMjhhYjMyODVkNTI3OTliYmJjYmRlY2E1ZWQ1ZDI5NGIzN2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rt+M7Ab52osWwMq2mV0kMlq1kWj
NCFm9Anu1sOl3MR8uVJsSDTeqcilyUyfN7M1FcDSMnKe1Mc+Uuf2s4XKSk7QVBgl
fRYsjRqIzGPgGmxpOhzmqyrY0INM7ArgMSCQxo+nrsC7OQcObNaNjZ6mFRuRuLNY
SHnpyjMOWE9POHKhJmbYd4iRg9kj11mYy7oU1wOWx1kJLorXyPneeWKpeeSXmmna
NuW9jiLzjGkb+gtEN3SuyO7upbc2FMemzGv2Yui8J1bxjxIrru6j38MP2rfvHx+2
1fdK0ukQCSYdngQDKGK54rbKbNU7plmXBFXuOZsb9XZ2yjXUwnScBavciwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaiKKsyhdUnmbu8veyl7V0pSzf5MB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvUnFJb3F6S0YxU2VadTd5OTdLWHRYU2xMTl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Tz7MA0G
CSqGSIb3DQEBCwUAA4IBAQAl87K7wuppLZaPHyfuaG0qWSDnd7uV3m7ONF0NUOBd
neKLQsFKs2ajkZMt5Wk1EiUuf9QlWxktOsjIHAxayaHEHLIlYjveVedmwDrkIgff
Crr2jGE2JmmSGVrQgoS5ZZmuHREQU3WWTmvctoD2M2Imv+3jn0ElKhOIVLVRr/MF
N+3QBEet0ZLmAYFvlYc1R5yk3QBt27p2orAlwniVTerMtyUkIn8iew5ydutR15Jo
9pmyE51iTCdbwmlgvA3efnjo3CLAzsog/9IZbZ6V3oGnGZzRoSNpgrOMV8J8sr0R
I/pKf3/VTM9YOceDJXXStzhSzPmb0/zYN33YZuQpd8pa
-----END CERTIFICATE-----