Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2GgxymSj789RBZZH6Qr311JOO3c.roa
File:                     2GgxymSj789RBZZH6Qr311JOO3c.roa (raw, json)
Hash identifier:          xxHGIN8RcP18Ff052v35zzO1Qu2FWHnYm7uLj+9oo4s=
Subject key identifier:   D8:68:31:CA:64:A3:EF:CF:51:05:96:47:E9:0A:F7:D7:52:4E:3B:77
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01973B37BC01AB3396AA8811F2982B13B72D
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2GgxymSj789RBZZH6Qr311JOO3c.roa
Signing time:             Wed 04 Jun 2025 13:53:17 +0000
ROA not before:           Wed 04 Jun 2025 13:53:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        217.180.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:37:bc:01:ab:33:96:aa:88:11:f2:98:2b:13:b7:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jun  4 13:53:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d86831ca64a3efcf51059647e90af7d7524e3b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:57:93:3b:5f:9f:d3:53:de:e5:b2:bf:99:f4:
                    f6:fe:2c:2a:2a:a9:e1:ec:c2:63:b9:89:24:ae:8d:
                    1a:0f:ce:8a:63:53:91:d1:da:cc:c1:f4:ee:c2:4c:
                    97:ec:9f:fc:47:ff:8d:fa:42:55:7f:0d:35:4e:24:
                    86:79:49:e2:ca:f5:37:df:cb:96:f3:89:42:6d:bf:
                    e5:42:8b:59:99:f4:d4:25:9a:1e:08:6c:c4:cb:eb:
                    f9:28:2b:6e:b4:cb:2e:26:03:71:77:81:fc:49:f0:
                    d8:23:9b:43:34:ba:6f:d2:4c:3d:3a:0b:2d:7c:9a:
                    2c:a3:75:fc:f0:78:52:7c:e7:5f:a8:29:2b:8e:0e:
                    86:68:6e:22:8e:a1:50:b2:92:b2:f1:d0:16:0c:c5:
                    75:d2:10:17:c6:63:a3:27:76:28:b8:d3:16:80:82:
                    22:d8:b6:fe:97:82:35:0c:58:09:b4:3f:2b:ff:26:
                    0d:de:dc:61:5b:6d:93:0e:50:c7:8d:7b:27:9c:a6:
                    bd:aa:15:d8:e3:96:40:63:c5:4a:7a:40:05:f2:a9:
                    e7:17:74:db:01:68:9d:87:bc:36:7c:7a:67:53:04:
                    d3:d0:df:9e:18:ce:c0:04:10:62:a3:38:ad:3c:b1:
                    d0:cf:d9:04:1c:b4:37:f0:08:be:6b:04:3e:55:0c:
                    b1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:68:31:CA:64:A3:EF:CF:51:05:96:47:E9:0A:F7:D7:52:4E:3B:77
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2GgxymSj789RBZZH6Qr311JOO3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:2c:a5:c8:69:98:b3:cd:49:55:a2:fe:5b:0c:04:d6:56:3b:
         d2:33:fe:42:d5:46:a0:fe:67:d4:67:d4:c0:44:4a:e1:dc:cb:
         2e:41:0d:f3:fd:d9:d2:bd:83:12:e1:70:90:2f:be:b8:68:dd:
         3c:46:1b:2a:ba:b8:5a:3c:5e:7e:6e:f2:d8:0b:6b:f1:37:9e:
         26:ef:a4:19:93:39:ae:f7:6d:07:3e:65:3d:e3:13:c2:9d:3d:
         b9:da:78:e3:0f:2b:6e:04:77:f8:dc:bc:54:41:42:f9:c1:b2:
         0f:f3:29:db:f2:74:d0:8d:e7:8f:ea:b3:b3:8a:a5:64:b6:0f:
         5b:93:cd:46:fd:a6:18:17:7e:3c:2e:a3:07:01:79:a3:03:1a:
         30:a9:a7:44:ff:a1:1a:d7:b3:0a:01:92:d2:b9:55:87:02:38:
         4a:34:6d:ab:93:09:2d:0f:e9:6a:0c:d3:cb:2a:f9:82:07:d7:
         e5:d2:78:b1:a9:9c:6b:17:bd:e2:ad:90:e6:fc:5d:c9:29:f8:
         c2:66:46:10:6c:3b:d0:bd:dc:4d:6d:d0:bd:3b:46:1d:1d:c4:
         d2:89:5b:58:c4:fa:b1:01:ce:71:db:6e:72:43:8a:da:af:42:
         2a:5b:77:17:e6:2a:03:7f:22:b8:0e:c2:21:d7:7f:ac:cf:2f:
         92:99:57:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7N7wBqzOWqogR8pgrE7ctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwNjA0MTM1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY4MzFjYTY0YTNlZmNmNTEwNTk2NDdlOTBhZjdkNzUyNGUzYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1eTO1+f01Pe5bK/mfT2/iwqKqnh
7MJjuYkkro0aD86KY1OR0drMwfTuwkyX7J/8R/+N+kJVfw01TiSGeUniyvU338uW
84lCbb/lQotZmfTUJZoeCGzEy+v5KCtutMsuJgNxd4H8SfDYI5tDNLpv0kw9Ogst
fJoso3X88HhSfOdfqCkrjg6GaG4ijqFQspKy8dAWDMV10hAXxmOjJ3YouNMWgIIi
2Lb+l4I1DFgJtD8r/yYN3txhW22TDlDHjXsnnKa9qhXY45ZAY8VKekAF8qnnF3Tb
AWidh7w2fHpnUwTT0N+eGM7ABBBiozitPLHQz9kEHLQ38Ai+awQ+VQyx7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhoMcpko+/PUQWWR+kK99dSTjt3MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvMkdneHltU2o3ODlSQlpaSDZRcjMxMUpPTzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bQPMA0G
CSqGSIb3DQEBCwUAA4IBAQBtLKXIaZizzUlVov5bDATWVjvSM/5C1Uag/mfUZ9TA
RErh3MsuQQ3z/dnSvYMS4XCQL764aN08RhsqurhaPF5+bvLYC2vxN54m76QZkzmu
920HPmU94xPCnT252njjDytuBHf43LxUQUL5wbIP8ynb8nTQjeeP6rOziqVktg9b
k81G/aYYF348LqMHAXmjAxowqadE/6Ea17MKAZLSuVWHAjhKNG2rkwktD+lqDNPL
KvmCB9fl0nixqZxrF73irZDm/F3JKfjCZkYQbDvQvdxNbdC9O0YdHcTSiVtYxPqx
Ac5x225yQ4rar0IqW3cX5ioDfyK4DsIh13+szy+SmVeN
-----END CERTIFICATE-----