Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/rWgm8VfZZaxYMrDBbTGSN-AtkDc.roa
File:                     rWgm8VfZZaxYMrDBbTGSN-AtkDc.roa (raw, json)
Hash identifier:          QYwHQ+ea9F5rs6muPzAO0Ozg70ZPUe8Ty3r7sre80vY=
Subject key identifier:   AD:68:26:F1:57:D9:65:AC:58:32:B0:C1:6D:31:92:37:E0:2D:90:37
Certificate issuer:       /CN=046acac713123856d4ae6c16054602684dfd07cb
Certificate serial:       01900BBED63330A4FFF6DEDE582A988880AB
Authority key identifier: 04:6A:CA:C7:13:12:38:56:D4:AE:6C:16:05:46:02:68:4D:FD:07:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BGrKxxMSOFbUrmwWBUYCaE39B8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/rWgm8VfZZaxYMrDBbTGSN-AtkDc.roa
Signing time:             Wed 12 Jun 2024 09:19:34 +0000
ROA not before:           Wed 12 Jun 2024 09:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12969
IP address blocks:        217.171.208.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/BGrKxxMSOFbUrmwWBUYCaE39B8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/BGrKxxMSOFbUrmwWBUYCaE39B8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BGrKxxMSOFbUrmwWBUYCaE39B8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0b:be:d6:33:30:a4:ff:f6:de:de:58:2a:98:88:80:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=046acac713123856d4ae6c16054602684dfd07cb
        Validity
            Not Before: Jun 12 09:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad6826f157d965ac5832b0c16d319237e02d9037
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:bf:f0:b5:15:e9:1b:e8:4a:70:78:be:34:d4:
                    5c:d8:bf:64:72:c5:a4:2e:80:7d:f0:ab:f5:a6:82:
                    7f:4a:db:32:a3:6b:53:b4:e0:2f:e7:4f:ca:88:2d:
                    cb:27:bd:ed:cc:10:50:f5:ac:83:c5:55:8f:52:50:
                    60:d1:d5:dd:1d:f6:22:df:89:de:cc:d6:4f:ac:19:
                    25:c9:b8:53:1e:20:b9:bc:de:93:bf:20:fa:c6:68:
                    bc:f6:c4:ac:09:77:66:07:f2:3e:bb:68:c7:23:81:
                    cb:1b:12:15:62:df:84:85:77:ea:d9:9d:73:e4:b2:
                    41:cd:e5:d1:e5:26:e8:39:6b:43:e4:44:7e:a7:91:
                    36:3e:3b:ef:68:39:72:9b:b5:59:d0:7c:8e:aa:28:
                    19:ba:1b:c9:60:28:16:71:dc:40:21:d7:5c:80:a1:
                    3f:61:f9:b2:14:6f:ac:27:27:00:0f:4f:a2:3d:41:
                    ca:46:79:cc:28:cd:30:f5:90:bf:40:4a:24:c5:7f:
                    04:b1:67:d9:81:2e:f0:c6:c2:e9:93:5a:46:60:47:
                    62:77:bb:e0:89:73:54:a8:70:0d:b5:28:43:d8:83:
                    e0:8c:9a:cc:81:39:3e:f7:13:9b:7d:c5:2a:e5:e8:
                    f8:53:d2:1e:e7:80:99:e3:04:2e:a9:30:b6:21:ab:
                    40:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:68:26:F1:57:D9:65:AC:58:32:B0:C1:6D:31:92:37:E0:2D:90:37
            X509v3 Authority Key Identifier:
                keyid:04:6A:CA:C7:13:12:38:56:D4:AE:6C:16:05:46:02:68:4D:FD:07:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BGrKxxMSOFbUrmwWBUYCaE39B8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/rWgm8VfZZaxYMrDBbTGSN-AtkDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/BGrKxxMSOFbUrmwWBUYCaE39B8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.171.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a2:f3:38:c4:8a:ae:22:67:25:9f:c4:c2:c4:6e:fb:19:b7:4d:
         73:1f:7a:8a:f0:04:19:15:4c:89:0b:4a:15:97:b1:0c:18:e8:
         18:8f:19:81:7c:2d:80:ce:1c:24:83:6f:24:d3:54:44:6f:5a:
         11:c7:1e:24:5f:26:d0:95:e5:9a:cd:b7:0d:88:a1:97:c2:52:
         58:43:29:da:98:b2:d0:24:a3:f6:ab:89:29:26:35:b4:35:4c:
         0f:34:d8:77:b9:87:ac:d1:ef:5c:46:4b:d5:3a:89:7a:1e:d5:
         14:04:1a:f7:4d:ef:07:0a:3f:3b:17:c2:67:b8:ba:fb:2d:15:
         05:5b:ec:42:9c:44:fa:14:80:58:f5:74:8c:66:eb:4b:28:ed:
         87:77:25:e4:2a:c9:64:19:5d:7f:ba:16:73:99:04:88:84:a1:
         81:fb:de:e8:5a:5d:ff:45:ad:6e:78:f4:97:87:91:ed:c4:4a:
         9b:dc:56:cc:cb:e7:5a:91:7d:95:e7:60:b3:c0:58:03:6c:27:
         59:73:0f:c6:c1:93:fa:02:b7:1e:93:2a:0e:1b:a4:f3:52:da:
         c0:e9:b5:bb:18:1b:c3:47:d2:5b:60:c1:21:fc:a9:3f:7b:73:
         d2:80:8c:0e:d6:f8:fd:5c:4a:a2:ef:53:99:be:b7:fa:3f:50:
         b2:9f:ea:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZALvtYzMKT/9t7eWCqYiICrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NmFjYWM3MTMxMjM4NTZkNGFlNmMxNjA1NDYwMjY4NGRm
ZDA3Y2IwHhcNMjQwNjEyMDkxOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY4MjZmMTU3ZDk2NWFjNTgzMmIwYzE2ZDMxOTIzN2UwMmQ5MDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAur/wtRXpG+hKcHi+NNRc2L9kcsWk
LoB98Kv1poJ/Stsyo2tTtOAv50/KiC3LJ73tzBBQ9ayDxVWPUlBg0dXdHfYi34ne
zNZPrBklybhTHiC5vN6TvyD6xmi89sSsCXdmB/I+u2jHI4HLGxIVYt+EhXfq2Z1z
5LJBzeXR5SboOWtD5ER+p5E2PjvvaDlym7VZ0HyOqigZuhvJYCgWcdxAIddcgKE/
YfmyFG+sJycAD0+iPUHKRnnMKM0w9ZC/QEokxX8EsWfZgS7wxsLpk1pGYEdid7vg
iXNUqHANtShD2IPgjJrMgTk+9xObfcUq5ej4U9Ie54CZ4wQuqTC2IatA3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1oJvFX2WWsWDKwwW0xkjfgLZA3MB8GA1UdIwQY
MBaAFARqyscTEjhW1K5sFgVGAmhN/QfLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkdyS3h4TVNPRmJVcm13V0JVWUNhRTM5QjhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MTg2ZTQtYTJhMC00YmRhLWJjODgt
ZTZlOTI4Y2U1MzRmLzEvcldnbThWZlpaYXhZTXJEQmJUR1NOLUF0a0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MTg2ZTQtYTJhMC00YmRhLWJjODgtZTZlOTI4Y2U1MzRm
LzEvQkdyS3h4TVNPRmJVcm13V0JVWUNhRTM5QjhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2avQMA0G
CSqGSIb3DQEBCwUAA4IBAQCi8zjEiq4iZyWfxMLEbvsZt01zH3qK8AQZFUyJC0oV
l7EMGOgYjxmBfC2Azhwkg28k01REb1oRxx4kXybQleWazbcNiKGXwlJYQynamLLQ
JKP2q4kpJjW0NUwPNNh3uYes0e9cRkvVOol6HtUUBBr3Te8HCj87F8JnuLr7LRUF
W+xCnET6FIBY9XSMZutLKO2HdyXkKslkGV1/uhZzmQSIhKGB+97oWl3/Ra1uePSX
h5HtxEqb3FbMy+dakX2V52CzwFgDbCdZcw/GwZP6ArcekyoOG6TzUtrA6bW7GBvD
R9JbYMEh/Kk/e3PSgIwO1vj9XEqi71OZvrf6P1Cyn+pc
-----END CERTIFICATE-----