Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FYOTsLSpnQiXR1FyDbri9gafV38.roa
File:                     FYOTsLSpnQiXR1FyDbri9gafV38.roa (raw, json)
Hash identifier:          eOnZOf7HpKncaRMTP6C1fKEmoFib9YbwOdPz9tWkiyg=
Subject key identifier:   15:83:93:B0:B4:A9:9D:08:97:47:51:72:0D:BA:E2:F6:06:9F:57:7F
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       0194B93FFF42E13E114603D5D40EE5941D02
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FYOTsLSpnQiXR1FyDbri9gafV38.roa
Signing time:             Thu 30 Jan 2025 22:06:06 +0000
ROA not before:           Thu 30 Jan 2025 22:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211826
IP address blocks:        217.180.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b9:3f:ff:42:e1:3e:11:46:03:d5:d4:0e:e5:94:1d:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jan 30 22:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=158393b0b4a99d08974751720dbae2f6069f577f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d6:33:d1:68:14:05:0b:97:eb:44:a6:d4:24:
                    da:02:ed:8f:71:82:e4:1c:8a:d6:ea:5a:f2:bd:85:
                    d1:37:10:59:12:91:7c:34:fd:16:b9:96:3d:49:a4:
                    59:70:e1:98:3b:f6:4e:80:5f:ea:8c:64:fd:06:1c:
                    0e:73:25:1d:62:a9:0a:70:01:95:d3:23:e8:14:41:
                    89:62:63:ad:ab:4c:2f:71:d4:86:68:db:a5:10:9e:
                    2a:63:23:56:7e:3b:89:d6:ae:b0:f8:42:91:8f:97:
                    33:eb:52:2e:ef:72:98:4d:16:71:db:50:aa:d9:5c:
                    50:a3:85:26:39:92:94:c0:55:d2:7d:0b:9e:b9:3b:
                    98:91:be:29:e8:0c:0a:8a:2f:20:f2:50:f4:ad:e5:
                    03:2d:ca:22:3d:b7:78:59:40:37:a8:f4:9d:46:7b:
                    4f:24:85:64:66:25:98:63:39:db:05:08:d8:56:0c:
                    eb:37:eb:0a:6f:47:02:26:70:6c:99:6d:70:9a:ab:
                    d7:ca:91:2c:6f:cb:10:c0:a3:c2:0c:61:2c:cf:de:
                    d5:3c:43:59:df:e2:08:e9:8c:ae:2e:5c:f6:60:0b:
                    82:98:ad:e2:35:3e:c9:ad:19:fa:58:69:86:90:c7:
                    81:8b:ae:c7:ec:93:00:16:77:f5:fc:64:d8:ab:eb:
                    7d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:83:93:B0:B4:A9:9D:08:97:47:51:72:0D:BA:E2:F6:06:9F:57:7F
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/FYOTsLSpnQiXR1FyDbri9gafV38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:b4:98:a0:c3:e4:59:12:7f:d8:de:8a:08:3f:ae:38:ee:46:
         e9:1c:b3:2b:44:7e:f6:5b:4d:2f:6f:75:46:74:a1:9a:0b:7a:
         83:c7:39:0f:54:b4:88:da:e7:fc:09:c7:1c:ad:3b:de:02:64:
         ae:ba:c5:e1:7e:65:9c:6e:19:8f:ee:91:e7:7a:22:b1:31:18:
         da:a2:8b:03:e8:ad:31:69:16:f1:23:e3:6c:18:cb:ba:79:51:
         8d:87:39:84:f7:af:4b:1a:a1:1f:6f:ec:49:9c:17:d2:c2:52:
         74:ca:8e:ec:d8:0d:de:47:26:30:64:02:6c:54:84:48:97:53:
         56:94:75:31:da:d3:a1:eb:d1:92:68:7f:61:b3:2e:3a:27:b5:
         1c:b9:42:88:15:ed:e6:e9:be:f8:af:18:b9:37:86:f4:b9:83:
         7e:f4:49:d1:9d:4b:cb:05:26:bb:24:52:82:8a:21:08:c4:de:
         63:30:e5:bc:25:d4:69:a3:7b:d5:b4:02:9d:6d:64:56:52:ad:
         2e:62:8f:57:33:30:0d:3f:de:92:d3:64:64:40:0c:9e:b7:4f:
         87:8b:36:b1:bc:8e:a9:41:63:aa:f1:cb:72:73:95:b7:21:71:
         20:fd:2d:a8:49:b9:13:3a:c7:c2:b3:81:06:35:b9:25:40:2f:
         07:47:ed:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS5P/9C4T4RRgPV1A7llB0CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMTMwMjIwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTgzOTNiMGI0YTk5ZDA4OTc0NzUxNzIwZGJhZTJmNjA2OWY1NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudYz0WgUBQuX60Sm1CTaAu2PcYLk
HIrW6lryvYXRNxBZEpF8NP0WuZY9SaRZcOGYO/ZOgF/qjGT9BhwOcyUdYqkKcAGV
0yPoFEGJYmOtq0wvcdSGaNulEJ4qYyNWfjuJ1q6w+EKRj5cz61Iu73KYTRZx21Cq
2VxQo4UmOZKUwFXSfQueuTuYkb4p6AwKii8g8lD0reUDLcoiPbd4WUA3qPSdRntP
JIVkZiWYYznbBQjYVgzrN+sKb0cCJnBsmW1wmqvXypEsb8sQwKPCDGEsz97VPENZ
3+II6YyuLlz2YAuCmK3iNT7JrRn6WGmGkMeBi67H7JMAFnf1/GTYq+t94QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWDk7C0qZ0Il0dRcg264vYGn1d/MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvRllPVHNMU3BuUWlYUjFGeURicmk5Z2FmVjM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bQXMA0G
CSqGSIb3DQEBCwUAA4IBAQAFtJigw+RZEn/Y3ooIP6447kbpHLMrRH72W00vb3VG
dKGaC3qDxzkPVLSI2uf8CcccrTveAmSuusXhfmWcbhmP7pHneiKxMRjaoosD6K0x
aRbxI+NsGMu6eVGNhzmE969LGqEfb+xJnBfSwlJ0yo7s2A3eRyYwZAJsVIRIl1NW
lHUx2tOh69GSaH9hsy46J7UcuUKIFe3m6b74rxi5N4b0uYN+9EnRnUvLBSa7JFKC
iiEIxN5jMOW8JdRpo3vVtAKdbWRWUq0uYo9XMzANP96S02RkQAyet0+HizaxvI6p
QWOq8ctyc5W3IXEg/S2oSbkTOsfCs4EGNbklQC8HR+20
-----END CERTIFICATE-----