Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/Egv_COpkQ4qE0m0lj_BQmNwIMRA.roa
File:                     Egv_COpkQ4qE0m0lj_BQmNwIMRA.roa (raw, json)
Hash identifier:          7o6c3PTeF8AIq/25Q6USnosQEeLS7MscdEHZbwRxm6I=
Subject key identifier:   12:0B:FF:08:EA:64:43:8A:84:D2:6D:25:8F:F0:50:98:DC:08:31:10
Certificate issuer:       /CN=72d8dbea4023d69f47f89bd2082fffb2466dd2a5
Certificate serial:       019424454DC7DAEE4B4A8C97E56249AE0453
Authority key identifier: 72:D8:DB:EA:40:23:D6:9F:47:F8:9B:D2:08:2F:FF:B2:46:6D:D2:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ctjb6kAj1p9H-JvSCC__skZt0qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/Egv_COpkQ4qE0m0lj_BQmNwIMRA.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204816
IP address blocks:        217.20.253.0/24 maxlen: 24
                          2a12:ffc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/ctjb6kAj1p9H-JvSCC__skZt0qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/ctjb6kAj1p9H-JvSCC__skZt0qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ctjb6kAj1p9H-JvSCC__skZt0qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Jan 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4d:c7:da:ee:4b:4a:8c:97:e5:62:49:ae:04:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72d8dbea4023d69f47f89bd2082fffb2466dd2a5
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=120bff08ea64438a84d26d258ff05098dc083110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:20:de:7e:9b:38:c9:85:b3:65:57:8b:de:d6:
                    6a:77:9d:32:7e:d0:5a:a0:4e:7b:d5:87:9c:29:f9:
                    31:40:c9:e1:02:07:ae:f6:f5:23:98:5b:d3:f5:21:
                    ef:04:ab:c3:39:11:6d:1f:85:d5:c4:4f:fb:b3:d3:
                    58:f2:dd:33:fb:e3:54:c7:63:0e:da:9e:fb:2a:58:
                    ba:09:7e:49:c4:e5:16:31:64:f0:99:98:8b:42:61:
                    50:0a:ba:e4:bf:f5:81:8d:b6:70:ec:69:28:ea:2d:
                    f6:99:c1:43:07:5b:8b:60:82:e2:fa:31:05:6e:a5:
                    47:1b:0f:a3:50:dc:4e:fd:aa:36:0a:a1:a8:82:8d:
                    8a:44:64:06:4c:3e:dd:5e:6e:ee:ff:5c:11:df:94:
                    ad:b9:80:96:06:c7:db:4a:af:0d:9c:e9:48:f9:74:
                    58:a8:bd:65:15:0a:e6:2b:3a:32:a2:a2:be:bb:4e:
                    7a:5b:d0:bc:44:eb:f8:33:44:8b:fa:27:51:38:ca:
                    d2:dd:40:a1:d2:05:59:9c:10:b1:91:03:f4:92:74:
                    6a:1e:f0:3f:ac:08:12:59:f5:a9:c3:b6:37:b7:c3:
                    4d:d7:81:5f:55:51:01:03:fd:1e:7b:0b:07:86:77:
                    8f:10:2c:5a:f6:f1:87:4f:96:2d:97:46:9c:d7:2b:
                    89:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:0B:FF:08:EA:64:43:8A:84:D2:6D:25:8F:F0:50:98:DC:08:31:10
            X509v3 Authority Key Identifier:
                keyid:72:D8:DB:EA:40:23:D6:9F:47:F8:9B:D2:08:2F:FF:B2:46:6D:D2:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ctjb6kAj1p9H-JvSCC__skZt0qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/Egv_COpkQ4qE0m0lj_BQmNwIMRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/ctjb6kAj1p9H-JvSCC__skZt0qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.20.253.0/24
                IPv6:
                  2a12:ffc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:2c:24:0f:81:68:19:cf:2e:9f:c0:30:e2:af:24:b8:f1:a8:
         f1:9c:09:61:81:8f:54:0d:80:c1:df:77:ee:78:c4:44:01:e7:
         1f:a2:c0:f1:86:db:bf:9f:28:f7:fe:1a:2a:df:66:e8:ea:b0:
         4a:be:19:20:ad:d2:ef:7c:4a:ec:79:c0:3c:21:26:dc:e4:cf:
         6c:ee:45:ed:da:ed:03:80:65:18:39:04:73:a9:ec:a3:d1:79:
         b4:e8:88:15:03:40:99:9c:7a:35:2b:60:ab:68:43:ba:d8:5d:
         c4:28:84:df:2d:4a:35:0b:d6:b8:04:e6:ae:38:4d:3f:3d:76:
         36:db:60:40:55:3e:68:a3:9a:6a:e4:f0:e0:7c:78:83:dc:fe:
         e8:83:be:65:dc:20:1e:14:3f:ff:01:96:ec:f1:68:a2:fb:23:
         8d:39:c9:67:cb:c3:f7:ba:5a:e1:b7:ce:b6:b0:c7:4f:9d:c7:
         ff:6d:cb:92:d1:a7:9a:6f:4e:30:72:ba:b0:79:56:00:a8:2d:
         53:21:d1:7e:33:a1:f6:ff:0f:16:1d:d8:7b:9d:3a:ef:09:ce:
         49:98:96:3d:64:b5:c5:27:fc:7d:23:da:bc:c3:c2:e5:5f:5c:
         ad:1c:46:4b:1b:26:aa:a3:7c:5c:79:4d:46:59:52:65:21:26:
         cd:be:97:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRU3H2u5LSoyX5WJJrgRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZDhkYmVhNDAyM2Q2OWY0N2Y4OWJkMjA4MmZmZmIyNDY2
ZGQyYTUwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjBiZmYwOGVhNjQ0MzhhODRkMjZkMjU4ZmYwNTA5OGRjMDgzMTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CDefps4yYWzZVeL3tZqd50yftBa
oE571YecKfkxQMnhAgeu9vUjmFvT9SHvBKvDORFtH4XVxE/7s9NY8t0z++NUx2MO
2p77Kli6CX5JxOUWMWTwmZiLQmFQCrrkv/WBjbZw7Gko6i32mcFDB1uLYILi+jEF
bqVHGw+jUNxO/ao2CqGogo2KRGQGTD7dXm7u/1wR35StuYCWBsfbSq8NnOlI+XRY
qL1lFQrmKzoyoqK+u056W9C8ROv4M0SL+idROMrS3UCh0gVZnBCxkQP0knRqHvA/
rAgSWfWpw7Y3t8NN14FfVVEBA/0eewsHhnePECxa9vGHT5Ytl0ac1yuJ9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBIL/wjqZEOKhNJtJY/wUJjcCDEQMB8GA1UdIwQY
MBaAFHLY2+pAI9afR/ib0ggv/7JGbdKlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3RqYjZrQWoxcDlILUp2U0NDX19za1p0MHFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hOTA5MWYtMjdhMi00MmEzLTk1MmIt
OWVkMTgwNGYzMjgyLzEvRWd2X0NPcGtRNHFFMG0wbGpfQlFtTndJTVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hOTA5MWYtMjdhMi00MmEzLTk1MmItOWVkMTgwNGYzMjgy
LzEvY3RqYjZrQWoxcDlILUp2U0NDX19za1p0MHFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RT9MA0E
AgACMAcDBQMqEv/AMA0GCSqGSIb3DQEBCwUAA4IBAQBlLCQPgWgZzy6fwDDiryS4
8ajxnAlhgY9UDYDB33fueMREAecfosDxhtu/nyj3/hoq32bo6rBKvhkgrdLvfErs
ecA8ISbc5M9s7kXt2u0DgGUYOQRzqeyj0Xm06IgVA0CZnHo1K2CraEO62F3EKITf
LUo1C9a4BOauOE0/PXY222BAVT5oo5pq5PDgfHiD3P7og75l3CAeFD//AZbs8Wii
+yONOclny8P3ulrht862sMdPncf/bcuS0aeab04wcrqweVYAqC1TIdF+M6H2/w8W
Hdh7nTrvCc5JmJY9ZLXFJ/x9I9q8w8LlX1ytHEZLGyaqo3xceU1GWVJlISbNvpch
-----END CERTIFICATE-----