Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/BtdtlAQbDv3uuvp8_1QbVfkwq5E.roa
File:                     BtdtlAQbDv3uuvp8_1QbVfkwq5E.roa (raw, json)
Hash identifier:          137x/1cyTET2RrX+pNx/AkDBKihpt7+YuCpWTd/7tgg=
Subject key identifier:   06:D7:6D:94:04:1B:0E:FD:EE:BA:FA:7C:FF:54:1B:55:F9:30:AB:91
Certificate issuer:       /CN=17dd9c23af69ec2cdb6fe2b9936eb494cfd1621f
Certificate serial:       01924847A8765A0B4861D4CEFCB6E232CB3D
Authority key identifier: 17:DD:9C:23:AF:69:EC:2C:DB:6F:E2:B9:93:6E:B4:94:CF:D1:62:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/BtdtlAQbDv3uuvp8_1QbVfkwq5E.roa
Signing time:             Tue 01 Oct 2024 13:31:48 +0000
ROA not before:           Tue 01 Oct 2024 13:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13448
IP address blocks:        86.111.219.0/24 maxlen: 24
                          157.167.1.0/24 maxlen: 24
                          157.167.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:47:a8:76:5a:0b:48:61:d4:ce:fc:b6:e2:32:cb:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17dd9c23af69ec2cdb6fe2b9936eb494cfd1621f
        Validity
            Not Before: Oct  1 13:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06d76d94041b0efdeebafa7cff541b55f930ab91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f8:d7:5a:7b:c2:d0:23:b1:bf:d9:17:91:8c:
                    21:09:fe:12:7d:55:ac:e6:44:c1:11:06:97:81:b5:
                    8f:da:43:d1:27:d8:a4:11:34:06:83:c9:d8:d0:af:
                    57:bf:81:8a:47:0f:b1:98:2c:61:08:09:04:b2:08:
                    b0:30:48:a7:2a:31:33:b4:1e:52:5b:20:d9:9d:48:
                    a1:1d:fc:1a:ae:bf:20:41:25:ac:77:15:29:ae:82:
                    3f:50:57:18:b2:31:f3:68:f9:4f:fa:a5:38:da:e7:
                    dc:5c:25:12:41:f1:8e:d5:0d:e1:13:bb:6e:8e:6b:
                    c2:0c:65:dc:20:cd:2d:9b:a3:00:ac:67:08:e4:55:
                    1a:f7:34:cb:0e:d7:53:82:2d:c4:33:73:07:b9:b8:
                    5e:1f:a5:b4:26:3f:60:1b:9f:74:0c:0a:92:7a:3b:
                    12:65:e1:7e:21:19:f9:1a:69:f8:d2:55:ac:9f:9c:
                    71:d5:a2:a5:8f:20:35:0e:7b:d3:e6:af:9b:13:18:
                    83:0d:df:f8:9c:86:dc:6a:c9:54:14:3b:67:cc:0e:
                    f2:be:3d:ae:f4:4e:3d:a1:bb:ab:f3:39:ed:a2:e9:
                    a5:cd:8e:9b:de:3b:98:ad:05:95:bd:a2:61:bc:aa:
                    23:75:5e:a5:22:cb:41:21:a5:4c:64:6b:7e:7b:8e:
                    ee:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D7:6D:94:04:1B:0E:FD:EE:BA:FA:7C:FF:54:1B:55:F9:30:AB:91
            X509v3 Authority Key Identifier:
                keyid:17:DD:9C:23:AF:69:EC:2C:DB:6F:E2:B9:93:6E:B4:94:CF:D1:62:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/BtdtlAQbDv3uuvp8_1QbVfkwq5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.111.219.0/24
                  157.167.1.0/24
                  157.167.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:57:a9:f9:18:fa:87:3e:46:35:2e:69:7e:00:11:81:6d:c7:
         53:ef:f7:54:94:f1:28:5e:8a:17:48:53:f6:4d:1b:54:8b:d8:
         3c:51:66:21:7d:82:85:e3:0e:c1:83:99:6d:f7:dd:86:31:58:
         ff:1e:1a:bc:67:95:0e:4e:69:34:52:db:82:d1:e9:f4:a7:ea:
         f6:61:74:3a:1e:eb:f9:1a:c4:23:8f:76:53:a5:38:2e:50:a4:
         c1:78:bc:af:8e:8a:b4:a8:a0:5b:8a:cd:55:a9:0d:dc:d1:fb:
         87:58:79:6b:2c:1e:bd:a1:25:ec:2b:1b:da:10:06:c7:59:3a:
         43:56:c1:11:a4:39:2e:f4:85:77:2c:31:1b:0b:2c:11:16:da:
         3d:9d:75:c4:3f:66:e8:2a:1d:21:5a:5d:65:78:c9:94:55:84:
         72:2c:be:9a:6e:81:e4:30:0b:46:d8:53:86:76:69:5d:5e:8b:
         c1:ff:4b:be:cb:46:28:fd:2a:d3:99:a3:0f:f3:ab:b6:22:8f:
         87:d3:b5:c8:8f:7a:b3:08:df:bf:5a:cd:cd:21:6f:df:e4:d6:
         79:79:12:88:d6:84:48:30:40:a0:ad:0e:c5:0e:51:59:31:d0:
         dd:05:54:46:9b:9b:d6:49:9c:df:66:42:99:e9:0e:b2:55:6c:
         33:f7:e3:fd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJIR6h2WgtIYdTO/LbiMss9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZGQ5YzIzYWY2OWVjMmNkYjZmZTJiOTkzNmViNDk0Y2Zk
MTYyMWYwHhcNMjQxMDAxMTMzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQ3NmQ5NDA0MWIwZWZkZWViYWZhN2NmZjU0MWI1NWY5MzBhYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfjXWnvC0COxv9kXkYwhCf4SfVWs
5kTBEQaXgbWP2kPRJ9ikETQGg8nY0K9Xv4GKRw+xmCxhCAkEsgiwMEinKjEztB5S
WyDZnUihHfwarr8gQSWsdxUproI/UFcYsjHzaPlP+qU42ufcXCUSQfGO1Q3hE7tu
jmvCDGXcIM0tm6MArGcI5FUa9zTLDtdTgi3EM3MHubheH6W0Jj9gG590DAqSejsS
ZeF+IRn5Gmn40lWsn5xx1aKljyA1DnvT5q+bExiDDd/4nIbcaslUFDtnzA7yvj2u
9E49obur8zntoumlzY6b3juYrQWVvaJhvKojdV6lIstBIaVMZGt+e47utwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAbXbZQEGw797rr6fP9UG1X5MKuRMB8GA1UdIwQY
MBaAFBfdnCOvaews22/iuZNutJTP0WIfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjkyY0k2OXA3Q3piYi1LNWsyNjBsTV9SWWg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni84MzU3ZTItYTEwNi00NGFlLWI4NjYt
OGZhN2I0YzUzMDczLzEvQnRkdGxBUWJEdjN1dXZwOF8xUWJWZmt3cTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni84MzU3ZTItYTEwNi00NGFlLWI4NjYtOGZhN2I0YzUzMDcz
LzEvRjkyY0k2OXA3Q3piYi1LNWsyNjBsTV9SWWg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVm/bAwQA
nacBAwQAnacDMA0GCSqGSIb3DQEBCwUAA4IBAQAUV6n5GPqHPkY1Lml+ABGBbcdT
7/dUlPEoXooXSFP2TRtUi9g8UWYhfYKF4w7Bg5lt992GMVj/Hhq8Z5UOTmk0UtuC
0en0p+r2YXQ6Huv5GsQjj3ZTpTguUKTBeLyvjoq0qKBbis1VqQ3c0fuHWHlrLB69
oSXsKxvaEAbHWTpDVsERpDku9IV3LDEbCywRFto9nXXEP2boKh0hWl1leMmUVYRy
LL6aboHkMAtG2FOGdmldXovB/0u+y0Yo/SrTmaMP86u2Io+H07XIj3qzCN+/Ws3N
IW/f5NZ5eRKI1oRIMECgrQ7FDlFZMdDdBVRGm5vWSZzfZkKZ6Q6yVWwz9+P9
-----END CERTIFICATE-----