Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/Dx0fHRmlY7JG-1pOif8AL-_L-JU.roa
File:                     Dx0fHRmlY7JG-1pOif8AL-_L-JU.roa (raw, json)
Hash identifier:          iVUbRkRSmNDlYGBkVlFi+Re9lL2+gMKyo6vDiLlLf7E=
Subject key identifier:   0F:1D:1F:1D:19:A5:63:B2:46:FB:5A:4E:89:FF:00:2F:EF:CB:F8:95
Certificate issuer:       /CN=2f246475d7c9ba399f07f843621f6e081372d757
Certificate serial:       018D0D9F008E833A5955B39B7C8DDA0F4FB7
Authority key identifier: 2F:24:64:75:D7:C9:BA:39:9F:07:F8:43:62:1F:6E:08:13:72:D7:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyRkddfJujmfB_hDYh9uCBNy11c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/Dx0fHRmlY7JG-1pOif8AL-_L-JU.roa
Signing time:             Mon 15 Jan 2024 14:55:40 +0000
ROA not before:           Mon 15 Jan 2024 14:55:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215746
IP address blocks:        217.20.252.0/24 maxlen: 24
                          2a12:fec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/LyRkddfJujmfB_hDYh9uCBNy11c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/LyRkddfJujmfB_hDYh9uCBNy11c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyRkddfJujmfB_hDYh9uCBNy11c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:9f:00:8e:83:3a:59:55:b3:9b:7c:8d:da:0f:4f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f246475d7c9ba399f07f843621f6e081372d757
        Validity
            Not Before: Jan 15 14:55:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f1d1f1d19a563b246fb5a4e89ff002fefcbf895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3e:2d:95:5c:5a:be:c3:47:25:a6:b3:5d:9f:
                    d5:25:79:a7:dd:58:70:49:1d:2d:87:85:bf:0a:23:
                    b1:1f:33:59:d0:9d:b7:20:03:3b:7b:a3:e2:19:28:
                    7b:94:77:43:6d:4a:9f:d3:47:ff:4b:c0:e9:7a:d6:
                    b7:22:1f:34:43:8c:a1:b8:d8:9b:39:a1:4a:a9:b6:
                    70:45:60:fb:3b:af:36:97:26:67:05:e9:37:52:a6:
                    dd:0c:2a:b1:2f:0c:e9:e0:b4:d1:14:f0:08:88:1a:
                    a7:a6:1d:c8:d3:77:4f:03:22:ef:23:31:56:9a:31:
                    93:f5:0e:57:20:91:de:6e:8b:51:5d:99:ab:c7:51:
                    6d:7a:f1:08:73:1e:39:40:15:df:c7:fe:92:87:67:
                    85:bc:d9:76:a5:a0:de:3a:8f:75:23:02:ed:60:50:
                    f0:e2:6d:7e:dc:16:ac:65:bd:74:7f:30:9a:f9:e1:
                    88:4d:8d:96:6f:cc:e9:a9:fa:f6:9d:ba:a3:ae:4e:
                    9a:2c:4c:9e:6f:43:3c:7b:14:59:9f:d8:c2:6d:43:
                    c2:41:1e:70:50:e8:f9:9e:37:84:9e:7a:e9:06:d1:
                    e7:2f:0e:7b:b7:61:b0:87:d6:60:cc:f7:e3:41:4c:
                    d7:a0:ac:a4:63:b3:08:2b:19:95:54:1c:a0:db:14:
                    55:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1D:1F:1D:19:A5:63:B2:46:FB:5A:4E:89:FF:00:2F:EF:CB:F8:95
            X509v3 Authority Key Identifier:
                keyid:2F:24:64:75:D7:C9:BA:39:9F:07:F8:43:62:1F:6E:08:13:72:D7:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyRkddfJujmfB_hDYh9uCBNy11c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/Dx0fHRmlY7JG-1pOif8AL-_L-JU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/LyRkddfJujmfB_hDYh9uCBNy11c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.20.252.0/24
                IPv6:
                  2a12:fec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:9b:1d:de:9c:8a:e8:39:69:c1:4d:8b:4b:14:a5:0f:b0:71:
         95:a2:a0:3d:2c:b1:09:60:80:30:a6:79:e6:ca:0a:df:59:57:
         76:ac:e8:07:26:9c:95:bd:8e:04:d0:39:f7:69:35:4f:ec:fc:
         55:8a:fc:0e:1e:f6:64:1b:e9:bc:15:de:30:27:b9:3d:3c:71:
         70:c4:69:50:9e:ce:fa:7c:bc:42:2c:e5:68:50:64:39:c5:02:
         a5:6f:11:54:c1:f0:55:f8:04:89:45:18:55:40:7d:9c:23:3b:
         0d:6e:06:ce:30:30:62:af:c6:2c:03:fc:47:7e:85:e2:b3:b5:
         dc:6d:cf:d3:cd:c2:6f:a3:49:b3:9c:52:eb:c0:b8:4e:0a:0e:
         1e:91:f5:22:07:82:c9:33:e0:03:26:c7:29:90:0f:33:a8:06:
         b5:60:4b:fa:16:d1:21:9e:17:fa:31:49:9e:a4:75:65:54:8d:
         13:db:1f:0c:5a:43:1f:88:bd:c7:49:d8:54:20:ce:6f:62:bc:
         d4:41:dd:ab:40:b5:b6:a0:f1:51:86:a4:73:7d:91:09:fc:b3:
         ab:62:9b:58:b7:fa:c9:7a:3d:97:7c:b5:b9:ed:14:6e:91:4a:
         80:91:4e:56:ff:67:6e:c3:a7:60:49:33:b7:c5:20:c7:ba:9d:
         63:a9:64:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY0NnwCOgzpZVbObfI3aD0+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMjQ2NDc1ZDdjOWJhMzk5ZjA3Zjg0MzYyMWY2ZTA4MTM3
MmQ3NTcwHhcNMjQwMTE1MTQ1NTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjFkMWYxZDE5YTU2M2IyNDZmYjVhNGU4OWZmMDAyZmVmY2JmODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzz4tlVxavsNHJaazXZ/VJXmn3Vhw
SR0th4W/CiOxHzNZ0J23IAM7e6PiGSh7lHdDbUqf00f/S8Dpeta3Ih80Q4yhuNib
OaFKqbZwRWD7O682lyZnBek3UqbdDCqxLwzp4LTRFPAIiBqnph3I03dPAyLvIzFW
mjGT9Q5XIJHebotRXZmrx1FtevEIcx45QBXfx/6Sh2eFvNl2paDeOo91IwLtYFDw
4m1+3BasZb10fzCa+eGITY2Wb8zpqfr2nbqjrk6aLEyeb0M8exRZn9jCbUPCQR5w
UOj5njeEnnrpBtHnLw57t2Gwh9ZgzPfjQUzXoKykY7MIKxmVVByg2xRVKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA8dHx0ZpWOyRvtaTon/AC/vy/iVMB8GA1UdIwQY
MBaAFC8kZHXXybo5nwf4Q2IfbggTctdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlSa2RkZkp1am1mQl9oRFloOXVDQk55MTFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9kZjUyYTAtNTgyNC00MmFkLTliNGQt
ZDlhMWZhOTA4MTBmLzEvRHgwZkhSbWxZN0pHLTFwT2lmOEFMLV9MLUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9kZjUyYTAtNTgyNC00MmFkLTliNGQtZDlhMWZhOTA4MTBm
LzEvTHlSa2RkZkp1am1mQl9oRFloOXVDQk55MTFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RT8MA0E
AgACMAcDBQMqEv7AMA0GCSqGSIb3DQEBCwUAA4IBAQCqmx3enIroOWnBTYtLFKUP
sHGVoqA9LLEJYIAwpnnmygrfWVd2rOgHJpyVvY4E0Dn3aTVP7PxVivwOHvZkG+m8
Fd4wJ7k9PHFwxGlQns76fLxCLOVoUGQ5xQKlbxFUwfBV+ASJRRhVQH2cIzsNbgbO
MDBir8YsA/xHfoXis7Xcbc/TzcJvo0mznFLrwLhOCg4ekfUiB4LJM+ADJscpkA8z
qAa1YEv6FtEhnhf6MUmepHVlVI0T2x8MWkMfiL3HSdhUIM5vYrzUQd2rQLW2oPFR
hqRzfZEJ/LOrYptYt/rJej2XfLW57RRukUqAkU5W/2duw6dgSTO3xSDHup1jqWS4
-----END CERTIFICATE-----