Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/HYkelKhWY7NiPV2rIoXC5vMsggM.roa
File:                     HYkelKhWY7NiPV2rIoXC5vMsggM.roa (raw, json)
Hash identifier:          8m611pZGVk4ujPG9J04iZxFPYTUOzYbyGd2fDqvqZP4=
Subject key identifier:   1D:89:1E:94:A8:56:63:B3:62:3D:5D:AB:22:85:C2:E6:F3:2C:82:03
Certificate issuer:       /CN=7d149f62447853689c12fb288afeb6b681cfebc1
Certificate serial:       0194266C16A1152BEF48F7964B4275FB600D
Authority key identifier: 7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/HYkelKhWY7NiPV2rIoXC5vMsggM.roa
Signing time:             Thu 02 Jan 2025 09:50:05 +0000
ROA not before:           Thu 02 Jan 2025 09:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13171
IP address blocks:        217.21.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:16:a1:15:2b:ef:48:f7:96:4b:42:75:fb:60:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d149f62447853689c12fb288afeb6b681cfebc1
        Validity
            Not Before: Jan  2 09:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d891e94a85663b3623d5dab2285c2e6f32c8203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fa:30:6d:41:ab:b9:f6:3c:3e:2b:20:f1:80:
                    99:ca:90:76:05:8a:da:c8:45:86:d8:14:67:f7:84:
                    7b:4c:4f:c0:f3:0d:54:ab:24:a7:79:54:3a:b5:67:
                    88:dd:07:b2:ef:c1:c2:a7:1f:9d:40:44:50:04:7e:
                    89:4e:75:3c:b5:da:67:33:39:61:4e:ac:ef:20:38:
                    80:1e:64:43:3d:20:a6:85:ea:88:01:75:26:6e:90:
                    e0:01:4d:52:7e:4c:eb:1f:30:c5:9f:5b:e0:a5:30:
                    0f:d9:6d:ec:7a:ee:99:b6:50:c5:29:f9:a2:81:0a:
                    4e:6c:6f:ce:dd:0c:45:31:96:29:ff:85:23:73:ed:
                    0a:be:e3:58:4d:49:e5:9a:f6:3d:f3:a0:e7:b9:40:
                    6d:01:93:66:8e:ed:21:d4:1e:6e:bb:e7:8c:d0:c7:
                    ee:e3:aa:fc:31:55:f0:ee:18:38:fc:98:42:d9:4e:
                    6b:f0:dc:92:65:a2:96:13:b9:d0:7f:8f:b0:e1:1c:
                    31:60:49:5f:fe:a6:50:f4:c5:11:52:5c:e4:49:0b:
                    21:01:3e:9d:63:0a:43:16:17:26:10:b2:d4:5c:89:
                    28:79:d5:af:f7:dc:75:5e:e9:a3:f6:78:66:88:4d:
                    fa:41:f2:b0:e3:f8:c4:a0:52:c7:ef:e8:30:96:f0:
                    93:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:89:1E:94:A8:56:63:B3:62:3D:5D:AB:22:85:C2:E6:F3:2C:82:03
            X509v3 Authority Key Identifier:
                keyid:7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/HYkelKhWY7NiPV2rIoXC5vMsggM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.21.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:f8:e3:b6:aa:5d:99:e5:9d:0f:cd:bc:bd:c5:14:dd:e6:36:
         b7:e7:a2:7c:68:90:30:2f:65:b9:f9:50:5d:24:76:d3:f1:be:
         a1:53:eb:c0:db:8f:58:ee:1b:46:5f:2b:64:8d:79:bb:60:82:
         8e:67:ce:6e:bf:af:bc:40:92:5d:d0:c0:62:8c:73:98:c7:e3:
         d7:fe:72:3c:d7:5a:96:a9:c6:9d:0f:e0:46:c2:3b:56:fb:08:
         db:a7:9d:54:4d:d5:a6:df:13:12:20:c9:68:38:09:89:db:8d:
         d2:09:cf:9f:6b:61:0c:d5:e6:8a:76:bc:dc:06:94:49:f3:d7:
         42:9f:76:06:08:fe:74:dc:49:66:9a:bb:ca:85:20:01:52:8c:
         c0:e1:82:95:7c:13:93:46:c8:3b:10:49:f3:99:93:7f:5b:1f:
         5b:f7:d2:50:a1:da:ec:84:20:22:e1:e2:9f:ba:7f:a0:45:83:
         db:b2:8b:b1:95:f5:b0:2d:81:eb:c4:7c:a5:b9:a6:df:94:9d:
         64:c1:94:c5:62:44:ae:4c:2f:2e:0e:ce:bf:8a:19:db:92:2e:
         c3:58:08:24:b2:a6:bd:d8:40:77:f3:16:ec:dc:ac:33:0b:b6:
         c8:4b:8b:54:44:47:62:ef:d5:5c:1d:38:b4:89:42:a0:81:87:
         1c:4b:f6:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbBahFSvvSPeWS0J1+2ANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMTQ5ZjYyNDQ3ODUzNjg5YzEyZmIyODhhZmViNmI2ODFj
ZmViYzEwHhcNMjUwMTAyMDk1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDg5MWU5NGE4NTY2M2IzNjIzZDVkYWIyMjg1YzJlNmYzMmM4MjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfowbUGrufY8Pisg8YCZypB2BYra
yEWG2BRn94R7TE/A8w1UqySneVQ6tWeI3Qey78HCpx+dQERQBH6JTnU8tdpnMzlh
TqzvIDiAHmRDPSCmheqIAXUmbpDgAU1SfkzrHzDFn1vgpTAP2W3seu6ZtlDFKfmi
gQpObG/O3QxFMZYp/4Ujc+0KvuNYTUnlmvY986DnuUBtAZNmju0h1B5uu+eM0Mfu
46r8MVXw7hg4/JhC2U5r8NySZaKWE7nQf4+w4RwxYElf/qZQ9MURUlzkSQshAT6d
YwpDFhcmELLUXIkoedWv99x1Xumj9nhmiE36QfKw4/jEoFLH7+gwlvCTUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2JHpSoVmOzYj1dqyKFwubzLIIDMB8GA1UdIwQY
MBaAFH0Un2JEeFNonBL7KIr+traBz+vBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTct
YWFiMGU0MTRjYzYzLzEvSFlrZWxLaFdZN05pUFYycklvWEM1dk1zZ2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTctYWFiMGU0MTRjYzYz
LzEvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RUrMA0G
CSqGSIb3DQEBCwUAA4IBAQAS+OO2ql2Z5Z0Pzby9xRTd5ja356J8aJAwL2W5+VBd
JHbT8b6hU+vA249Y7htGXytkjXm7YIKOZ85uv6+8QJJd0MBijHOYx+PX/nI811qW
qcadD+BGwjtW+wjbp51UTdWm3xMSIMloOAmJ243SCc+fa2EM1eaKdrzcBpRJ89dC
n3YGCP503ElmmrvKhSABUozA4YKVfBOTRsg7EEnzmZN/Wx9b99JQodrshCAi4eKf
un+gRYPbsouxlfWwLYHrxHyluabflJ1kwZTFYkSuTC8uDs6/ihnbki7DWAgksqa9
2EB38xbs3KwzC7bIS4tUREdi79VcHTi0iUKggYccS/aI
-----END CERTIFICATE-----