Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/cytdtCbjU7a_zbP2uu-x0Upkdpo.roa
File:                     cytdtCbjU7a_zbP2uu-x0Upkdpo.roa (raw, json)
Hash identifier:          hfhu0KCv/BjBtKtTgtdlhXp4SDRv1LgCWxNecHS2HCk=
Subject key identifier:   73:2B:5D:B4:26:E3:53:B6:BF:CD:B3:F6:BA:EF:B1:D1:4A:64:76:9A
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       0192C23C7CAE07EC84B1A8FF842C8A92CF9A
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/cytdtCbjU7a_zbP2uu-x0Upkdpo.roa
Signing time:             Fri 25 Oct 2024 05:53:16 +0000
ROA not before:           Fri 25 Oct 2024 05:53:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210818
IP address blocks:        217.114.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c2:3c:7c:ae:07:ec:84:b1:a8:ff:84:2c:8a:92:cf:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Oct 25 05:53:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=732b5db426e353b6bfcdb3f6baefb1d14a64769a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b0:db:3f:77:d9:d1:d4:b5:15:0f:c4:22:3b:
                    73:b3:51:11:70:83:a9:4e:f3:1e:85:c7:8b:77:21:
                    72:ae:9f:0b:54:86:fa:d8:e1:92:d4:52:64:99:39:
                    8b:48:0c:9e:77:a5:76:78:dc:56:17:79:08:0c:f5:
                    7d:34:63:ea:b0:40:03:6a:26:92:7b:26:ba:22:ea:
                    3a:e1:39:bd:81:96:5d:1d:7d:c0:2f:cf:d7:25:d0:
                    b9:c9:98:f7:52:f4:f9:32:18:86:cc:af:e4:f2:38:
                    93:b1:47:6c:9b:5c:e4:9a:a4:18:20:13:93:c1:35:
                    d9:bb:5d:9a:9e:e7:c6:a4:25:ae:89:ff:af:84:76:
                    29:b2:90:a6:3c:79:bc:b6:65:d8:8b:15:fc:b5:e1:
                    ca:fe:39:34:14:3f:64:d5:19:bb:cc:d9:fa:f2:69:
                    74:22:2b:b1:e6:20:53:9a:f2:4f:a4:5c:be:94:5d:
                    b4:d5:50:a2:0e:59:b9:e3:8d:fa:e7:60:a9:ae:8a:
                    fe:31:65:a8:54:65:b8:22:a2:68:eb:9f:cb:a1:76:
                    5f:6a:64:bc:70:47:8e:2e:41:7e:8d:d9:db:7a:25:
                    2b:22:7b:85:fe:cc:f1:61:41:a7:a0:40:dc:4f:6a:
                    84:e9:96:13:af:41:d5:7f:21:50:c0:37:9d:81:9e:
                    5e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:2B:5D:B4:26:E3:53:B6:BF:CD:B3:F6:BA:EF:B1:D1:4A:64:76:9A
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/cytdtCbjU7a_zbP2uu-x0Upkdpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.114.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:0d:54:0b:73:0c:7f:0b:9e:3e:2e:c6:05:cc:7c:c7:f3:a6:
         f8:62:ae:d3:9b:09:3b:0d:7a:96:11:6d:46:8c:b0:18:a9:e0:
         35:97:ce:92:30:ea:2e:29:78:45:fb:3d:85:29:25:33:21:f6:
         f6:02:a2:9b:4e:16:0c:f2:2e:66:15:fa:a8:06:3a:1b:27:5b:
         cd:a7:ac:67:f9:96:16:21:05:35:89:7f:1f:46:f7:69:30:a8:
         43:66:39:51:58:b4:2d:8f:5d:e5:3d:ab:a5:25:3b:09:d5:f2:
         8d:1d:76:42:3e:1e:4f:7f:8e:80:d9:8b:3a:a8:26:e7:16:e0:
         19:82:e0:a9:fd:e5:b6:ac:88:f9:6b:3b:2f:16:85:b5:e8:c7:
         ee:29:b2:ce:57:1f:bb:5e:7d:71:7e:7b:a4:03:83:d5:a6:92:
         3e:89:5e:6d:c5:79:59:c0:7f:1c:60:be:ed:3e:9b:6e:8b:6a:
         36:64:70:9a:f6:da:93:f7:07:0c:37:0d:be:0d:c6:92:7f:c0:
         79:87:c2:35:fb:69:54:49:5e:27:af:64:70:6a:f4:b5:57:10:
         9b:62:b0:fe:59:b4:90:fd:95:45:54:c0:bb:da:00:80:08:9d:
         9c:7f:70:53:5a:83:72:b9:13:67:38:f3:35:4f:d2:31:9d:d4:
         30:82:c9:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLCPHyuB+yEsaj/hCyKks+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQxMDI1MDU1MzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzJiNWRiNDI2ZTM1M2I2YmZjZGIzZjZiYWVmYjFkMTRhNjQ3NjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrDbP3fZ0dS1FQ/EIjtzs1ERcIOp
TvMehceLdyFyrp8LVIb62OGS1FJkmTmLSAyed6V2eNxWF3kIDPV9NGPqsEADaiaS
eya6Iuo64Tm9gZZdHX3AL8/XJdC5yZj3UvT5MhiGzK/k8jiTsUdsm1zkmqQYIBOT
wTXZu12anufGpCWuif+vhHYpspCmPHm8tmXYixX8teHK/jk0FD9k1Rm7zNn68ml0
Iiux5iBTmvJPpFy+lF201VCiDlm5443652Cpror+MWWoVGW4IqJo65/LoXZfamS8
cEeOLkF+jdnbeiUrInuF/szxYUGnoEDcT2qE6ZYTr0HVfyFQwDedgZ5eUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMrXbQm41O2v82z9rrvsdFKZHaaMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvY3l0ZHRDYmpVN2FfemJQMnV1LXgwVXBrZHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XIoMA0G
CSqGSIb3DQEBCwUAA4IBAQAhDVQLcwx/C54+LsYFzHzH86b4Yq7Tmwk7DXqWEW1G
jLAYqeA1l86SMOouKXhF+z2FKSUzIfb2AqKbThYM8i5mFfqoBjobJ1vNp6xn+ZYW
IQU1iX8fRvdpMKhDZjlRWLQtj13lPaulJTsJ1fKNHXZCPh5Pf46A2Ys6qCbnFuAZ
guCp/eW2rIj5azsvFoW16MfuKbLOVx+7Xn1xfnukA4PVppI+iV5txXlZwH8cYL7t
Pptui2o2ZHCa9tqT9wcMNw2+DcaSf8B5h8I1+2lUSV4nr2RwavS1VxCbYrD+WbSQ
/ZVFVMC72gCACJ2cf3BTWoNyuRNnOPM1T9IxndQwgskP
-----END CERTIFICATE-----