Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/oZnVT418idK-bBV1Ix8JYSLtndk.roa
File:                     oZnVT418idK-bBV1Ix8JYSLtndk.roa (raw, json)
Hash identifier:          Pp+Q8Q0cOFtcTfJz0XOMouer5ztwh90IK6Sm1DJHuDU=
Subject key identifier:   A1:99:D5:4F:8D:7C:89:D2:BE:6C:15:75:23:1F:09:61:22:ED:9D:D9
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01931A566C702B171D476EBA9B481786B2D8
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/oZnVT418idK-bBV1Ix8JYSLtndk.roa
Signing time:             Mon 11 Nov 2024 08:28:11 +0000
ROA not before:           Mon 11 Nov 2024 08:28:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        217.177.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:56:6c:70:2b:17:1d:47:6e:ba:9b:48:17:86:b2:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Nov 11 08:28:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a199d54f8d7c89d2be6c1575231f096122ed9dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2c:79:c9:c6:0a:02:e3:a2:1c:65:8d:fd:51:
                    a3:73:68:b3:1d:d2:f2:5f:f0:61:e7:0f:46:a7:ce:
                    d1:e7:1e:f1:08:b3:38:7a:b4:05:ef:01:39:8f:95:
                    53:44:ae:3c:a2:8c:6e:ae:3b:c7:0f:94:3c:da:d2:
                    ed:b3:97:ac:1e:be:ac:ce:46:85:0a:91:bb:a3:27:
                    67:4b:ea:0d:e1:cf:6d:c3:2e:62:6a:48:6a:15:d9:
                    ac:e0:a4:0e:1b:19:be:ce:4b:f6:52:c6:8c:5d:fa:
                    35:c5:94:a7:18:7f:26:cc:d9:1b:9a:fa:3f:eb:28:
                    66:b3:b1:64:c0:50:c0:b1:d9:57:d6:a9:b0:d0:0e:
                    cd:56:de:e9:30:d4:ca:1e:5e:3f:6a:99:ff:be:b9:
                    5d:c9:80:60:12:c6:b5:61:cb:58:41:23:3e:fd:1f:
                    06:cc:f0:2d:b4:12:d0:23:76:5e:26:b4:93:26:6b:
                    e6:b9:d4:e2:c3:99:59:8e:e9:c3:e3:df:1d:e3:54:
                    e8:0f:d1:be:19:7a:20:95:27:34:ea:30:75:51:3c:
                    12:f2:53:bd:d7:bc:e4:4b:4f:9f:d1:4f:60:58:18:
                    5c:4f:e6:9b:d0:f2:a3:6b:02:91:d6:00:3b:c7:d9:
                    57:4f:f8:03:82:9f:27:e2:c3:75:25:62:25:4f:c3:
                    c6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:99:D5:4F:8D:7C:89:D2:BE:6C:15:75:23:1F:09:61:22:ED:9D:D9
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/oZnVT418idK-bBV1Ix8JYSLtndk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:de:7c:63:77:a4:7b:04:6b:79:90:fc:11:58:8b:fc:a4:6c:
         92:a4:50:28:45:4c:a7:fc:81:27:85:f1:59:70:d1:39:7f:e6:
         34:ee:2f:95:45:b8:e6:3a:ab:50:b2:23:06:fc:d6:1e:5e:bc:
         3f:96:8b:0f:fa:ae:fc:5d:46:8b:84:4d:94:5f:ea:89:d8:6d:
         6f:4a:d2:dc:d2:a0:1d:4d:f7:6f:62:ce:68:9e:93:f5:55:10:
         c0:90:f5:c1:fe:91:4e:f5:c3:3b:1b:68:dc:82:36:42:a9:b3:
         46:5f:1b:bb:a8:0e:69:9e:09:3d:9b:0c:61:77:4b:1f:04:31:
         4c:3d:1c:31:b2:e8:d3:be:e3:62:89:f5:48:ff:36:f0:53:cb:
         31:34:8c:8d:9a:22:64:b9:c9:23:48:b3:0d:13:bc:95:2a:db:
         bf:62:db:64:c3:2e:5c:5a:dd:d0:a5:26:29:dd:9c:04:ac:b8:
         cf:d4:63:c1:4d:9a:5a:04:88:8a:21:90:be:b6:81:69:94:a1:
         be:0a:42:cd:4e:a4:d2:dd:8e:39:ac:91:fc:f7:54:8e:ac:f9:
         09:cb:83:df:b1:86:94:3a:65:86:33:2e:a2:fe:e5:c6:42:19:
         dc:8f:98:0c:ba:90:82:65:3b:ce:40:81:c3:22:66:d8:9b:67:
         84:65:6b:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMaVmxwKxcdR266m0gXhrLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQxMTExMDgyODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTk5ZDU0ZjhkN2M4OWQyYmU2YzE1NzUyMzFmMDk2MTIyZWQ5ZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsix5ycYKAuOiHGWN/VGjc2izHdLy
X/Bh5w9Gp87R5x7xCLM4erQF7wE5j5VTRK48ooxurjvHD5Q82tLts5esHr6szkaF
CpG7oydnS+oN4c9twy5iakhqFdms4KQOGxm+zkv2UsaMXfo1xZSnGH8mzNkbmvo/
6yhms7FkwFDAsdlX1qmw0A7NVt7pMNTKHl4/apn/vrldyYBgEsa1YctYQSM+/R8G
zPAttBLQI3ZeJrSTJmvmudTiw5lZjunD498d41ToD9G+GXoglSc06jB1UTwS8lO9
17zkS0+f0U9gWBhcT+ab0PKjawKR1gA7x9lXT/gDgp8n4sN1JWIlT8PGCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGZ1U+NfInSvmwVdSMfCWEi7Z3ZMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvb1puVlQ0MThpZEstYkJWMUl4OEpZU0x0bmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2bEMMA0G
CSqGSIb3DQEBCwUAA4IBAQCM3nxjd6R7BGt5kPwRWIv8pGySpFAoRUyn/IEnhfFZ
cNE5f+Y07i+VRbjmOqtQsiMG/NYeXrw/losP+q78XUaLhE2UX+qJ2G1vStLc0qAd
TfdvYs5onpP1VRDAkPXB/pFO9cM7G2jcgjZCqbNGXxu7qA5pngk9mwxhd0sfBDFM
PRwxsujTvuNiifVI/zbwU8sxNIyNmiJkuckjSLMNE7yVKtu/Yttkwy5cWt3QpSYp
3ZwErLjP1GPBTZpaBIiKIZC+toFplKG+CkLNTqTS3Y45rJH891SOrPkJy4PfsYaU
OmWGMy6i/uXGQhncj5gMupCCZTvOQIHDImbYm2eEZWsE
-----END CERTIFICATE-----