Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/E0BTLtOGRCgE7shsJ9zHdTovgwI.roa
File:                     E0BTLtOGRCgE7shsJ9zHdTovgwI.roa (raw, json)
Hash identifier:          M+X7/sSR8qzYuzwNgQxNvGCDZocwzQo8c87DGDgS4LE=
Subject key identifier:   13:40:53:2E:D3:86:44:28:04:EE:C8:6C:27:DC:C7:75:3A:2F:83:02
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019424B29B11D353197ABAE3D20AE6626F25
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/E0BTLtOGRCgE7shsJ9zHdTovgwI.roa
Signing time:             Thu 02 Jan 2025 01:47:52 +0000
ROA not before:           Thu 02 Jan 2025 01:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        217.177.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:9b:11:d3:53:19:7a:ba:e3:d2:0a:e6:62:6f:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jan  2 01:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1340532ed386442804eec86c27dcc7753a2f8302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1a:e3:1d:43:0a:9b:cc:8a:3d:99:cd:11:69:
                    a1:6d:93:c6:7a:92:eb:9d:76:2c:ad:24:4f:70:5b:
                    d4:f1:8c:92:28:f3:8c:67:5f:a2:13:ca:a1:43:8e:
                    0d:8d:7d:9e:68:18:42:de:f6:29:af:97:e9:1a:ec:
                    c4:4f:42:f8:0e:5b:e3:f7:8e:3f:56:4e:14:00:c1:
                    e1:7c:65:0e:87:ac:f9:a7:dc:d0:2b:4f:3b:e6:a5:
                    f1:35:52:10:79:d7:19:a1:9e:98:1f:20:a4:8b:1e:
                    c9:cd:eb:39:6d:73:e5:01:51:03:ec:a3:bc:cf:3e:
                    bc:c1:d0:19:10:73:fd:55:4c:df:72:bd:47:93:b5:
                    70:5c:c0:9f:14:85:c8:97:dc:91:cd:e2:63:0e:e0:
                    ec:be:48:54:5e:4d:26:c3:57:fa:0b:6b:2a:2a:9a:
                    98:d4:1b:08:0a:ec:06:4e:2f:d3:ee:11:5f:04:1c:
                    7d:91:c4:d3:7c:67:7f:c2:10:6e:5e:ec:c1:5f:14:
                    a5:7b:2d:03:16:0e:ac:5a:3e:84:72:90:5e:53:9f:
                    a3:74:92:e3:4b:24:1c:28:f3:06:f6:48:ed:6b:55:
                    8b:b4:57:56:7c:91:ad:e9:97:83:7b:7a:b7:0b:cf:
                    f4:b6:99:b7:c3:86:14:54:72:79:98:92:8f:ca:81:
                    6e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:40:53:2E:D3:86:44:28:04:EE:C8:6C:27:DC:C7:75:3A:2F:83:02
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/E0BTLtOGRCgE7shsJ9zHdTovgwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b3:38:30:40:10:f0:8e:9a:87:63:b2:2a:6c:b5:06:3f:6e:7b:
         bc:bd:46:66:73:06:84:31:41:75:bc:9d:01:e6:b4:b2:42:ae:
         e2:93:7a:81:82:d7:91:70:ea:67:b8:33:61:fe:21:69:7d:80:
         5c:ad:66:0b:6f:27:a1:88:46:b7:38:6c:81:7d:91:ef:0e:03:
         f4:fb:76:8d:45:4f:df:cf:9c:d6:08:da:2e:11:2a:71:65:aa:
         83:6c:e5:cc:50:80:b8:4e:67:b2:00:81:23:2b:92:1a:c6:96:
         9e:dc:58:e4:c8:d0:1e:6d:43:ea:32:b4:03:79:be:1a:61:2c:
         55:cb:93:4f:11:12:0c:6e:08:e7:a6:1d:0a:fc:12:f8:d2:fe:
         29:b4:69:9c:56:9d:54:3c:37:85:28:36:7a:06:eb:2b:bd:fd:
         71:8b:5c:18:b2:c7:b1:1b:d6:f9:ae:05:7b:71:23:6c:6a:ff:
         81:88:5a:35:06:ed:86:1a:bf:a0:e6:5f:c3:3e:07:ea:11:89:
         cf:f6:1e:87:c5:7d:3e:d6:2e:b3:2d:49:9a:3a:fe:3c:aa:41:
         c0:e9:f8:03:08:33:c7:84:bc:d2:88:8d:ef:49:4a:98:66:e8:
         78:f8:59:c7:73:24:c8:5f:8c:1f:67:12:65:09:52:6c:30:12:
         20:d8:b1:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkspsR01MZerrj0grmYm8lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMTAyMDE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzQwNTMyZWQzODY0NDI4MDRlZWM4NmMyN2RjYzc3NTNhMmY4MzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BrjHUMKm8yKPZnNEWmhbZPGepLr
nXYsrSRPcFvU8YySKPOMZ1+iE8qhQ44NjX2eaBhC3vYpr5fpGuzET0L4Dlvj944/
Vk4UAMHhfGUOh6z5p9zQK0875qXxNVIQedcZoZ6YHyCkix7Jzes5bXPlAVED7KO8
zz68wdAZEHP9VUzfcr1Hk7VwXMCfFIXIl9yRzeJjDuDsvkhUXk0mw1f6C2sqKpqY
1BsICuwGTi/T7hFfBBx9kcTTfGd/whBuXuzBXxSley0DFg6sWj6EcpBeU5+jdJLj
SyQcKPMG9kjta1WLtFdWfJGt6ZeDe3q3C8/0tpm3w4YUVHJ5mJKPyoFuWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBNAUy7ThkQoBO7IbCfcx3U6L4MCMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvRTBCVEx0T0dSQ2dFN3Noc0o5ekhkVG92Z3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2bEMMA0G
CSqGSIb3DQEBCwUAA4IBAQCzODBAEPCOmodjsipstQY/bnu8vUZmcwaEMUF1vJ0B
5rSyQq7ik3qBgteRcOpnuDNh/iFpfYBcrWYLbyehiEa3OGyBfZHvDgP0+3aNRU/f
z5zWCNouESpxZaqDbOXMUIC4TmeyAIEjK5Iaxpae3FjkyNAebUPqMrQDeb4aYSxV
y5NPERIMbgjnph0K/BL40v4ptGmcVp1UPDeFKDZ6Busrvf1xi1wYssexG9b5rgV7
cSNsav+BiFo1Bu2GGr+g5l/DPgfqEYnP9h6HxX0+1i6zLUmaOv48qkHA6fgDCDPH
hLzSiI3vSUqYZuh4+FnHcyTIX4wfZxJlCVJsMBIg2LHH
-----END CERTIFICATE-----