Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/dH-Fn-bLvIKl5MJZyueaEaNmc38.roa
File:                     dH-Fn-bLvIKl5MJZyueaEaNmc38.roa (raw, json)
Hash identifier:          O5K6pdvBkQ5WVS21x7yQFg9X7BzDm0nUsONeB+D/2mc=
Subject key identifier:   74:7F:85:9F:E6:CB:BC:82:A5:E4:C2:59:CA:E7:9A:11:A3:66:73:7F
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       0195B360A3A658E8E92C45095F42ED86D4FB
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/dH-Fn-bLvIKl5MJZyueaEaNmc38.roa
Signing time:             Thu 20 Mar 2025 11:46:49 +0000
ROA not before:           Thu 20 Mar 2025 11:46:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202364
IP address blocks:        217.179.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:60:a3:a6:58:e8:e9:2c:45:09:5f:42:ed:86:d4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Mar 20 11:46:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=747f859fe6cbbc82a5e4c259cae79a11a366737f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c1:33:48:ee:5c:f8:b7:25:61:ce:53:7c:2c:
                    bf:f5:38:5c:45:3a:54:1b:e6:63:90:b6:ce:03:7b:
                    1f:5a:c1:1a:a6:96:7a:55:1a:e0:8d:f1:14:78:c1:
                    7f:c9:12:a4:1b:8a:7c:27:82:57:15:4c:31:ed:1c:
                    66:55:49:8d:df:c5:eb:5c:e4:ed:00:2b:6d:af:04:
                    10:ed:a8:43:1d:6a:b7:62:a0:c0:f6:e5:4e:e6:d2:
                    d9:89:e3:87:11:93:93:36:3c:de:6f:35:70:12:30:
                    37:9c:39:f3:69:cc:0a:b2:f5:fe:e4:6e:55:ab:52:
                    5a:f7:a8:2c:fa:12:d5:63:fd:e0:ba:67:de:e1:b8:
                    06:7c:a9:6e:0d:6b:08:d3:1e:d2:9a:58:18:14:57:
                    1c:a6:75:db:28:0d:f5:0b:2c:ac:f8:80:86:73:bd:
                    e2:e8:b1:88:52:d0:27:22:cd:3f:24:2d:3d:0a:a6:
                    7c:b3:5c:72:ef:f8:e1:b3:c9:e6:45:d4:3c:da:db:
                    55:8d:7c:a3:24:8b:d1:fe:3f:17:f7:be:14:21:fd:
                    6a:88:90:fa:d1:56:02:49:0d:61:10:b5:a7:8d:8d:
                    e5:b9:f2:e7:2c:43:6b:b0:d7:97:f2:ca:9b:b2:d8:
                    12:80:df:70:e4:d9:05:fa:c6:69:dd:6a:29:9c:ae:
                    0e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:7F:85:9F:E6:CB:BC:82:A5:E4:C2:59:CA:E7:9A:11:A3:66:73:7F
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/dH-Fn-bLvIKl5MJZyueaEaNmc38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.179.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ca:df:8b:60:a0:7c:a4:c3:48:4b:c8:25:61:47:e7:21:ab:
         7b:76:35:ad:fb:6f:c2:02:0d:de:af:69:81:f4:24:5b:3a:fd:
         83:dc:44:a2:87:c1:f6:62:16:c4:55:d1:c4:64:ad:d8:cb:b9:
         0d:f5:91:ad:82:9a:cd:ac:e6:cd:df:19:a2:4c:1c:7f:f0:ce:
         17:4b:6c:8f:a6:aa:b3:60:e3:5b:83:20:9f:fd:b1:fd:16:5c:
         24:7f:d1:45:b9:fe:90:c7:bc:cf:41:44:2e:a7:af:29:cf:49:
         77:e3:d3:36:4d:77:d0:51:e3:a5:41:04:57:88:9a:26:6f:93:
         e9:61:21:f9:34:5a:e6:d8:a3:a1:e0:9f:69:02:19:eb:13:73:
         95:ae:f7:e1:41:af:7e:7d:1a:88:2a:9e:cb:7b:c1:21:8d:89:
         b6:d8:2d:c8:9b:d2:b3:a4:1e:2a:f7:6a:ed:01:2c:19:79:a8:
         4f:a3:87:34:98:74:62:19:dd:99:54:a8:02:55:5f:fc:b8:30:
         1b:3e:a7:87:29:f0:5c:31:68:e8:3d:6a:22:35:31:83:04:94:
         6d:57:74:20:bb:4a:33:4d:a9:82:d9:16:b8:29:fc:00:2d:ee:
         42:66:f1:64:ce:e3:a8:87:3b:49:49:04:2f:8f:ec:47:0d:fa:
         73:60:40:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWzYKOmWOjpLEUJX0LthtT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMzIwMTE0NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDdmODU5ZmU2Y2JiYzgyYTVlNGMyNTljYWU3OWExMWEzNjY3MzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsEzSO5c+LclYc5TfCy/9ThcRTpU
G+ZjkLbOA3sfWsEappZ6VRrgjfEUeMF/yRKkG4p8J4JXFUwx7RxmVUmN38XrXOTt
ACttrwQQ7ahDHWq3YqDA9uVO5tLZieOHEZOTNjzebzVwEjA3nDnzacwKsvX+5G5V
q1Ja96gs+hLVY/3gumfe4bgGfKluDWsI0x7SmlgYFFccpnXbKA31Cyys+ICGc73i
6LGIUtAnIs0/JC09CqZ8s1xy7/jhs8nmRdQ82ttVjXyjJIvR/j8X974UIf1qiJD6
0VYCSQ1hELWnjY3lufLnLENrsNeX8sqbstgSgN9w5NkF+sZp3WopnK4OuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHR/hZ/my7yCpeTCWcrnmhGjZnN/MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvZEgtRm4tYkx2SUtsNU1KWnl1ZWFFYU5tYzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bNbMA0G
CSqGSIb3DQEBCwUAA4IBAQA6yt+LYKB8pMNIS8glYUfnIat7djWt+2/CAg3er2mB
9CRbOv2D3ESih8H2YhbEVdHEZK3Yy7kN9ZGtgprNrObN3xmiTBx/8M4XS2yPpqqz
YONbgyCf/bH9Flwkf9FFuf6Qx7zPQUQup68pz0l349M2TXfQUeOlQQRXiJomb5Pp
YSH5NFrm2KOh4J9pAhnrE3OVrvfhQa9+fRqIKp7Le8EhjYm22C3Im9KzpB4q92rt
ASwZeahPo4c0mHRiGd2ZVKgCVV/8uDAbPqeHKfBcMWjoPWoiNTGDBJRtV3Qgu0oz
TamC2Ra4KfwALe5CZvFkzuOohztJSQQvj+xHDfpzYEA5
-----END CERTIFICATE-----