Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/9n96BTfEQYh7UD0i0pJ_xR_0HsE.roa
File:                     9n96BTfEQYh7UD0i0pJ_xR_0HsE.roa (raw, json)
Hash identifier:          QB7TBRObULZLgqkqillBBWtJe5vTGqeAyOFmEadhudY=
Subject key identifier:   F6:7F:7A:05:37:C4:41:88:7B:50:3D:22:D2:92:7F:C5:1F:F4:1E:C1
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01922EC7F2BC86D4276A2A226BB46B56AF00
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/9n96BTfEQYh7UD0i0pJ_xR_0HsE.roa
Signing time:             Thu 26 Sep 2024 14:41:48 +0000
ROA not before:           Thu 26 Sep 2024 14:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        217.177.0.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2e:c7:f2:bc:86:d4:27:6a:2a:22:6b:b4:6b:56:af:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Sep 26 14:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f67f7a0537c441887b503d22d2927fc51ff41ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a0:48:b3:08:11:c2:fc:04:27:d0:60:0c:01:
                    1d:32:16:fd:78:2f:69:3f:06:72:b8:97:11:84:41:
                    06:18:d2:be:c0:ec:5d:34:aa:c3:d7:c6:ab:50:2a:
                    8d:66:7a:18:ab:50:a5:54:4a:6c:db:46:7c:5c:62:
                    79:e4:20:9e:50:ab:ad:e6:d6:a8:81:02:d0:8c:e0:
                    ed:cd:fc:73:57:8e:ea:33:ab:94:7d:26:cc:2a:c7:
                    e3:e7:06:57:8a:87:9b:bb:da:df:9c:34:fa:9b:97:
                    55:e9:e8:ad:a0:cd:e0:74:98:80:90:0c:f0:49:de:
                    bf:f5:c2:d6:11:75:fb:fb:9f:d1:91:fe:12:28:e3:
                    6a:c2:30:37:6b:73:7f:90:fc:50:80:ed:21:c8:be:
                    c2:e3:37:cc:27:c3:16:df:9b:b2:d8:0d:ab:ce:48:
                    81:77:e1:3a:50:63:6c:bf:ca:73:3e:2a:c9:7d:72:
                    a9:41:f1:98:81:87:3d:00:88:86:a3:c4:c7:01:fc:
                    10:1d:5b:5e:12:8e:11:ff:32:c4:d1:4b:ac:b7:fd:
                    eb:a3:ff:16:60:3a:d2:3e:82:14:3c:18:c0:30:2a:
                    da:a6:f7:67:5a:d5:7a:3b:a6:cd:63:fa:78:6a:d9:
                    08:f3:a9:0f:a6:c2:82:e6:09:d3:ba:0c:c2:8b:d4:
                    0c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:7F:7A:05:37:C4:41:88:7B:50:3D:22:D2:92:7F:C5:1F:F4:1E:C1
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/9n96BTfEQYh7UD0i0pJ_xR_0HsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:40:ca:55:65:61:de:60:91:17:22:da:5f:5c:08:03:dc:6c:
         ac:b8:e5:80:05:d1:8c:21:1c:65:19:6b:c0:3c:e0:25:9f:d1:
         a4:c0:dd:0b:a1:a7:51:3b:51:94:23:38:cf:ff:13:ad:2e:6c:
         7c:5a:70:1a:31:2f:6f:dd:21:8a:16:39:c7:fa:39:c3:33:77:
         68:06:89:83:52:f9:b3:98:b0:b4:9b:af:7f:a0:0e:35:80:ec:
         18:d0:8b:4a:88:01:84:22:5d:29:0a:cf:84:14:4d:b4:d2:39:
         75:a0:d1:8b:73:c5:90:78:c9:aa:49:75:69:98:c7:9b:35:d4:
         21:01:f9:b4:69:4f:79:95:00:2d:4b:c8:5f:e8:27:77:2a:d0:
         a3:53:db:89:65:0b:18:2d:dd:7d:b4:35:fd:b5:1c:9d:05:0a:
         01:6f:38:09:5d:d0:48:58:91:fc:42:f0:db:36:6c:e6:ce:51:
         b2:5c:fc:d2:7a:1c:24:ae:44:6f:80:2d:e7:22:57:c1:2d:d7:
         f8:46:d8:31:33:cf:28:3d:a2:d0:6d:fc:51:b0:87:ed:c5:9a:
         e7:6b:6d:bc:37:b2:ed:ad:92:63:8b:9f:30:90:a8:44:0a:04:
         29:94:6b:e3:5b:78:50:20:a4:c6:6b:7d:cb:14:a9:56:19:53:
         12:23:bc:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIux/K8htQnaioia7RrVq8AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwOTI2MTQ0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjdmN2EwNTM3YzQ0MTg4N2I1MDNkMjJkMjkyN2ZjNTFmZjQxZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaBIswgRwvwEJ9BgDAEdMhb9eC9p
PwZyuJcRhEEGGNK+wOxdNKrD18arUCqNZnoYq1ClVEps20Z8XGJ55CCeUKut5tao
gQLQjODtzfxzV47qM6uUfSbMKsfj5wZXioebu9rfnDT6m5dV6eitoM3gdJiAkAzw
Sd6/9cLWEXX7+5/Rkf4SKONqwjA3a3N/kPxQgO0hyL7C4zfMJ8MW35uy2A2rzkiB
d+E6UGNsv8pzPirJfXKpQfGYgYc9AIiGo8THAfwQHVteEo4R/zLE0Uust/3ro/8W
YDrSPoIUPBjAMCrapvdnWtV6O6bNY/p4atkI86kPpsKC5gnTugzCi9QMFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZ/egU3xEGIe1A9ItKSf8Uf9B7BMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvOW45NkJUZkVRWWg3VUQwaTBwSl94Ul8wSHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2bEAMA0G
CSqGSIb3DQEBCwUAA4IBAQBkQMpVZWHeYJEXItpfXAgD3GysuOWABdGMIRxlGWvA
POAln9GkwN0LoadRO1GUIzjP/xOtLmx8WnAaMS9v3SGKFjnH+jnDM3doBomDUvmz
mLC0m69/oA41gOwY0ItKiAGEIl0pCs+EFE200jl1oNGLc8WQeMmqSXVpmMebNdQh
Afm0aU95lQAtS8hf6Cd3KtCjU9uJZQsYLd19tDX9tRydBQoBbzgJXdBIWJH8QvDb
NmzmzlGyXPzSehwkrkRvgC3nIlfBLdf4RtgxM88oPaLQbfxRsIftxZrna228N7Lt
rZJji58wkKhECgQplGvjW3hQIKTGa33LFKlWGVMSI7xH
-----END CERTIFICATE-----