Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/AfYm6QPcPnGIYaT4GgjAL6uV-5c.roa
File:                     AfYm6QPcPnGIYaT4GgjAL6uV-5c.roa (raw, json)
Hash identifier:          vu3N4DZ2T3exeWnKktMw8sfYE+WGXgvdo7zdBJWDZ2s=
Subject key identifier:   01:F6:26:E9:03:DC:3E:71:88:61:A4:F8:1A:08:C0:2F:AB:95:FB:97
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01921DA2EA8222D9FFD92533A4045B9CEA45
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/AfYm6QPcPnGIYaT4GgjAL6uV-5c.roa
Signing time:             Mon 23 Sep 2024 06:47:48 +0000
ROA not before:           Mon 23 Sep 2024 06:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        217.177.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1d:a2:ea:82:22:d9:ff:d9:25:33:a4:04:5b:9c:ea:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Sep 23 06:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01f626e903dc3e718861a4f81a08c02fab95fb97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:af:59:20:e4:65:ff:4c:b2:99:ea:5a:a2:4a:
                    48:69:0d:89:9b:98:bb:e7:98:91:f3:93:c1:8f:d8:
                    d0:4a:49:9c:9c:36:bb:26:85:80:56:96:c8:40:8c:
                    98:10:fa:6b:ee:69:ad:ba:5b:34:d9:80:b6:7c:06:
                    c0:84:38:ef:86:77:95:40:0e:25:b8:2c:68:f1:5e:
                    f0:c6:ea:f8:04:66:ec:70:ba:c9:cf:fd:0a:9f:9b:
                    eb:01:49:21:99:d6:1b:64:2d:c0:df:a0:01:32:5d:
                    f4:16:58:08:1c:08:44:05:81:81:96:dc:95:ca:df:
                    0e:47:23:8e:f3:29:21:d5:c3:86:53:40:96:9d:5e:
                    d4:66:65:75:fd:98:69:3c:2f:a0:af:a1:95:09:ad:
                    17:12:7e:02:46:fc:4d:79:b0:59:74:ae:a1:23:00:
                    2d:cd:0e:8f:4e:2c:57:12:e1:39:d2:19:29:0c:12:
                    79:e8:ef:41:c9:17:92:f5:54:f1:16:c8:35:27:c1:
                    81:ad:80:68:da:a1:fb:9d:98:4b:bb:f7:82:e0:80:
                    b8:78:ad:de:87:66:e9:ea:6c:30:e9:10:35:59:8d:
                    c7:4a:79:de:4e:91:c4:28:30:d7:99:93:41:f0:75:
                    9f:06:25:87:08:e4:8c:e3:97:a3:d4:64:f5:45:48:
                    28:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F6:26:E9:03:DC:3E:71:88:61:A4:F8:1A:08:C0:2F:AB:95:FB:97
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/AfYm6QPcPnGIYaT4GgjAL6uV-5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:d7:25:86:3c:94:61:f1:a5:43:ed:55:3a:bc:f4:79:af:67:
         27:9e:d3:fb:b7:56:64:e0:e5:ef:86:1a:44:dc:3d:65:64:eb:
         fa:6f:f2:39:8d:64:74:67:e4:75:71:31:a7:27:a9:2f:a5:1e:
         9d:cf:7b:d3:77:9a:2a:14:4c:71:77:20:68:d9:08:65:f5:16:
         ed:bc:98:74:f5:81:de:ff:c8:ca:a1:fa:33:08:65:4c:5b:85:
         fa:6d:0c:33:5d:2b:a7:6f:32:19:72:19:44:c9:43:e5:41:fe:
         66:f7:43:19:9b:29:10:92:cb:52:f5:48:df:c7:2c:20:12:38:
         0c:95:fc:7e:25:fa:22:b7:a5:ab:8e:f6:bb:b8:c4:b9:4a:14:
         84:70:68:01:2e:31:c4:40:de:0a:89:f6:05:8f:87:9e:54:92:
         ae:2f:79:1a:78:eb:f0:68:ad:21:c6:1a:ca:e9:47:e7:51:df:
         59:2b:a3:6a:56:9d:a0:1b:90:15:63:76:c4:a9:65:7e:ab:4b:
         15:a1:08:21:49:47:a8:ba:2e:e5:7b:97:3e:8d:40:cd:d6:6d:
         ec:38:1b:ec:5a:cc:64:46:60:95:d1:29:af:e0:73:a0:4a:41:
         a7:2a:33:32:2d:df:a4:3e:96:3c:41:a1:4a:78:5e:c0:58:d4:
         80:7a:f0:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIdouqCItn/2SUzpARbnOpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwOTIzMDY0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWY2MjZlOTAzZGMzZTcxODg2MWE0ZjgxYTA4YzAyZmFiOTVmYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs69ZIORl/0yymepaokpIaQ2Jm5i7
55iR85PBj9jQSkmcnDa7JoWAVpbIQIyYEPpr7mmtuls02YC2fAbAhDjvhneVQA4l
uCxo8V7wxur4BGbscLrJz/0Kn5vrAUkhmdYbZC3A36ABMl30FlgIHAhEBYGBltyV
yt8ORyOO8ykh1cOGU0CWnV7UZmV1/ZhpPC+gr6GVCa0XEn4CRvxNebBZdK6hIwAt
zQ6PTixXEuE50hkpDBJ56O9ByReS9VTxFsg1J8GBrYBo2qH7nZhLu/eC4IC4eK3e
h2bp6mww6RA1WY3HSnneTpHEKDDXmZNB8HWfBiWHCOSM45ej1GT1RUgoOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAH2JukD3D5xiGGk+BoIwC+rlfuXMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvQWZZbTZRUGNQbkdJWWFUNEdnakFMNnVWLTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bFJMA0G
CSqGSIb3DQEBCwUAA4IBAQCI1yWGPJRh8aVD7VU6vPR5r2cnntP7t1Zk4OXvhhpE
3D1lZOv6b/I5jWR0Z+R1cTGnJ6kvpR6dz3vTd5oqFExxdyBo2Qhl9RbtvJh09YHe
/8jKofozCGVMW4X6bQwzXSunbzIZchlEyUPlQf5m90MZmykQkstS9UjfxywgEjgM
lfx+Jfoit6Wrjva7uMS5ShSEcGgBLjHEQN4KifYFj4eeVJKuL3kaeOvwaK0hxhrK
6UfnUd9ZK6NqVp2gG5AVY3bEqWV+q0sVoQghSUeoui7le5c+jUDN1m3sOBvsWsxk
RmCV0Smv4HOgSkGnKjMyLd+kPpY8QaFKeF7AWNSAevA4
-----END CERTIFICATE-----