Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/rWo7u-nMM_586cVI0rUo0GnEIv8.roa
File:                     rWo7u-nMM_586cVI0rUo0GnEIv8.roa (raw, json)
Hash identifier:          qR7lJTev+Y5vaSKgz2LPUdwLhjak/pp2tnxTzxy/fRs=
Subject key identifier:   AD:6A:3B:BB:E9:CC:33:FE:7C:E9:C5:48:D2:B5:28:D0:69:C4:22:FF
Certificate issuer:       /CN=7d149f62447853689c12fb288afeb6b681cfebc1
Certificate serial:       018CC56E39E4B7326BB5F39DDA64EF542ACB
Authority key identifier: 7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/rWo7u-nMM_586cVI0rUo0GnEIv8.roa
Signing time:             Mon 01 Jan 2024 14:29:44 +0000
ROA not before:           Mon 01 Jan 2024 14:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13171
IP address blocks:        217.21.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:39:e4:b7:32:6b:b5:f3:9d:da:64:ef:54:2a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d149f62447853689c12fb288afeb6b681cfebc1
        Validity
            Not Before: Jan  1 14:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad6a3bbbe9cc33fe7ce9c548d2b528d069c422ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c3:42:2c:5a:a7:e0:f8:b9:d2:15:25:37:0c:
                    5b:ab:f2:ab:c5:88:ab:82:71:a4:c8:cb:7c:e2:09:
                    17:b0:af:24:cc:98:5a:6b:51:9b:71:e1:fc:d6:72:
                    8c:23:c2:64:05:11:cd:ca:4e:d3:e4:c1:2b:c8:9c:
                    c7:f7:4e:52:b3:d2:78:3f:e7:84:30:6d:0e:ed:89:
                    09:da:77:b7:5a:7d:68:94:6b:9f:2d:3b:db:8c:83:
                    fb:7f:92:ad:e8:8e:65:3b:cc:da:87:78:91:b2:76:
                    58:82:ae:3e:36:84:21:4e:f6:a6:e3:e3:fc:6f:dd:
                    ad:10:68:f2:6d:16:1b:47:84:b3:50:7a:ae:9b:19:
                    ec:a3:a8:20:d2:e2:f8:6d:79:ff:8e:88:d4:50:01:
                    c9:e1:e0:61:85:bc:62:b6:6b:4e:a6:5a:d1:33:f4:
                    8d:71:9a:81:21:e3:76:f8:06:21:b8:8d:59:5a:3c:
                    fa:17:65:63:09:9f:b8:80:ba:e7:7f:97:15:c9:e6:
                    b2:65:e9:39:36:5b:35:10:0c:c0:d7:c2:81:57:a6:
                    5d:f1:06:04:56:75:ea:c5:1a:f3:42:ac:91:b8:be:
                    b1:05:69:14:ff:09:47:c9:55:cb:a3:96:5a:fe:3d:
                    b3:39:af:47:e3:dd:ec:50:9b:23:9f:5e:09:28:42:
                    71:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:6A:3B:BB:E9:CC:33:FE:7C:E9:C5:48:D2:B5:28:D0:69:C4:22:FF
            X509v3 Authority Key Identifier:
                keyid:7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/rWo7u-nMM_586cVI0rUo0GnEIv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.21.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:a5:f7:4f:da:3b:ca:72:45:45:43:dc:99:19:1b:90:b0:69:
         77:e4:a9:3a:90:1d:ad:e3:ec:a5:d5:64:93:3c:aa:04:db:68:
         37:9f:07:e6:71:8b:2f:36:97:9c:ad:66:d5:01:e3:b7:88:84:
         15:65:64:e7:ea:00:29:e3:68:95:5b:a7:ed:c3:fc:ef:e7:61:
         ff:f9:01:89:40:42:36:54:c4:66:dc:eb:f4:ae:1b:f8:61:4e:
         d3:1e:fa:11:fc:d5:94:71:61:e8:93:66:d3:3e:d7:44:7a:99:
         1e:c9:49:20:07:83:1b:28:01:4d:43:b1:4c:36:ec:c1:c4:2c:
         9c:a9:dd:35:13:c6:ba:0c:88:11:1a:4e:b3:85:6c:0b:c5:e8:
         ff:56:c6:93:1e:1b:76:8b:ad:5a:85:6e:bf:33:92:8f:9e:d5:
         03:38:6d:ed:9d:b1:a1:ef:24:b1:ce:d0:6d:5f:04:7a:bf:04:
         c8:c1:43:10:ec:78:96:c8:09:46:f7:ec:72:fb:85:50:77:e3:
         a7:6e:2f:f6:84:63:0b:b1:cf:9e:82:51:95:d6:f2:81:12:75:
         47:e3:2e:8e:91:42:58:f4:35:55:62:76:85:01:1a:4f:86:1f:
         63:f0:79:7a:f5:85:f1:88:f4:4e:ca:d2:ee:b4:0e:2e:6c:65:
         99:40:b5:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjnktzJrtfOd2mTvVCrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMTQ5ZjYyNDQ3ODUzNjg5YzEyZmIyODhhZmViNmI2ODFj
ZmViYzEwHhcNMjQwMTAxMTQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDZhM2JiYmU5Y2MzM2ZlN2NlOWM1NDhkMmI1MjhkMDY5YzQyMmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8NCLFqn4Pi50hUlNwxbq/KrxYir
gnGkyMt84gkXsK8kzJhaa1GbceH81nKMI8JkBRHNyk7T5MEryJzH905Ss9J4P+eE
MG0O7YkJ2ne3Wn1olGufLTvbjIP7f5Kt6I5lO8zah3iRsnZYgq4+NoQhTvam4+P8
b92tEGjybRYbR4SzUHqumxnso6gg0uL4bXn/jojUUAHJ4eBhhbxitmtOplrRM/SN
cZqBIeN2+AYhuI1ZWjz6F2VjCZ+4gLrnf5cVyeayZek5Nls1EAzA18KBV6Zd8QYE
VnXqxRrzQqyRuL6xBWkU/wlHyVXLo5Za/j2zOa9H493sUJsjn14JKEJxvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1qO7vpzDP+fOnFSNK1KNBpxCL/MB8GA1UdIwQY
MBaAFH0Un2JEeFNonBL7KIr+traBz+vBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTct
YWFiMGU0MTRjYzYzLzEvcldvN3Utbk1NXzU4NmNWSTByVW8wR25FSXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTctYWFiMGU0MTRjYzYz
LzEvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RUrMA0G
CSqGSIb3DQEBCwUAA4IBAQAvpfdP2jvKckVFQ9yZGRuQsGl35Kk6kB2t4+yl1WST
PKoE22g3nwfmcYsvNpecrWbVAeO3iIQVZWTn6gAp42iVW6ftw/zv52H/+QGJQEI2
VMRm3Ov0rhv4YU7THvoR/NWUcWHok2bTPtdEepkeyUkgB4MbKAFNQ7FMNuzBxCyc
qd01E8a6DIgRGk6zhWwLxej/VsaTHht2i61ahW6/M5KPntUDOG3tnbGh7ySxztBt
XwR6vwTIwUMQ7HiWyAlG9+xy+4VQd+Onbi/2hGMLsc+eglGV1vKBEnVH4y6OkUJY
9DVVYnaFARpPhh9j8Hl69YXxiPROytLutA4ubGWZQLVO
-----END CERTIFICATE-----