Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/RuOi2OeVJdwH3Q6pVke6pui-1E8.roa
File:                     RuOi2OeVJdwH3Q6pVke6pui-1E8.roa (raw, json)
Hash identifier:          BsUPGdr6IGp3DYNoUG3GCCkksQVBZT3mPP+PTIsI/CA=
Subject key identifier:   46:E3:A2:D8:E7:95:25:DC:07:DD:0E:A9:56:47:BA:A6:E8:BE:D4:4F
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019425FC3FD1A7041F4713E79FCA4D239128
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/RuOi2OeVJdwH3Q6pVke6pui-1E8.roa
Signing time:             Thu 02 Jan 2025 07:47:55 +0000
ROA not before:           Thu 02 Jan 2025 07:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62390
IP address blocks:        217.147.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:3f:d1:a7:04:1f:47:13:e7:9f:ca:4d:23:91:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  2 07:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46e3a2d8e79525dc07dd0ea95647baa6e8bed44f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:36:c6:e4:7f:7b:da:37:84:2b:bd:e1:c6:60:
                    96:32:8b:d4:6d:98:5a:03:3b:88:b1:ec:6e:84:f8:
                    22:b9:de:0f:06:aa:e9:85:c8:26:cb:d2:33:ab:db:
                    6a:1a:c9:2d:7a:c9:f6:89:0c:5e:41:b3:a8:9d:4c:
                    71:a3:a6:b3:cf:57:12:f0:43:b8:60:ce:3c:00:18:
                    36:08:c2:8e:39:e1:62:48:17:bb:ce:dc:52:8b:61:
                    53:54:85:6f:a4:2d:b8:42:9f:9c:32:bd:13:e2:11:
                    c3:2c:c6:4d:f0:53:10:59:79:b2:92:d6:22:cf:1b:
                    83:2c:69:af:46:c3:3d:a2:cd:48:22:fd:87:ba:0a:
                    fe:99:4d:ce:b4:2a:dc:30:0e:c2:f5:35:9c:70:8f:
                    e8:95:8a:2e:2d:ca:39:28:4c:45:b6:70:f8:d2:40:
                    0a:ee:f4:cf:d9:f0:2d:0f:c2:fc:7a:c3:a2:53:06:
                    b2:f7:b5:ac:9b:60:c6:53:f7:bc:a6:57:0c:42:47:
                    2a:5a:66:5c:12:f7:cc:7d:bf:fa:4e:8f:65:0b:d2:
                    0b:d6:6b:d3:41:a3:72:34:1e:66:59:43:0b:6b:fe:
                    db:fd:0a:4a:24:b0:d7:ea:18:b9:eb:29:49:51:fa:
                    63:26:14:8f:b3:e1:fe:96:15:94:42:e2:d9:20:2b:
                    63:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:E3:A2:D8:E7:95:25:DC:07:DD:0E:A9:56:47:BA:A6:E8:BE:D4:4F
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/RuOi2OeVJdwH3Q6pVke6pui-1E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:b2:ab:9e:72:d9:ea:d9:1f:8e:6b:48:1c:c8:69:a1:65:1c:
         58:0a:54:91:28:b7:72:b5:c1:a2:f9:21:d8:4c:a8:6a:93:eb:
         ae:1a:ad:fe:5f:2b:9b:66:c8:c9:5c:94:2e:38:8f:a6:be:ef:
         55:e3:03:1a:54:ce:81:53:14:62:40:69:dc:46:13:a9:12:77:
         b2:e2:07:3b:14:f7:73:59:51:b8:75:48:e9:d2:b6:ed:56:0f:
         d4:3f:d3:d8:71:97:fe:05:d0:23:34:42:de:73:6e:3c:a1:45:
         53:f1:61:cc:a1:67:d1:16:f8:03:b2:b5:11:82:5a:ef:37:30:
         fd:10:55:8c:a5:65:fc:7b:87:9d:c3:35:a3:1c:98:ef:51:dc:
         12:be:d7:7d:e1:0e:c5:c6:d6:5c:46:aa:2c:9f:71:7e:61:66:
         d2:4f:5f:f3:0d:5f:c2:88:25:27:49:c1:b1:9d:77:31:6a:15:
         bf:5b:51:3b:67:86:1e:06:e8:23:b8:94:a0:88:86:40:11:0f:
         f8:06:bd:38:1e:54:76:af:5b:17:10:8c:13:f0:82:26:a3:be:
         10:a9:83:93:2e:09:82:24:8c:dc:45:0c:e7:e0:c9:74:c7:65:
         79:17:01:ae:f0:29:0e:cc:71:44:d7:73:27:c0:9b:12:0e:71:
         26:c1:ff:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/D/RpwQfRxPnn8pNI5EoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjUwMTAyMDc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmUzYTJkOGU3OTUyNWRjMDdkZDBlYTk1NjQ3YmFhNmU4YmVkNDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjbG5H972jeEK73hxmCWMovUbZha
AzuIsexuhPgiud4PBqrphcgmy9Izq9tqGsktesn2iQxeQbOonUxxo6azz1cS8EO4
YM48ABg2CMKOOeFiSBe7ztxSi2FTVIVvpC24Qp+cMr0T4hHDLMZN8FMQWXmyktYi
zxuDLGmvRsM9os1IIv2Hugr+mU3OtCrcMA7C9TWccI/olYouLco5KExFtnD40kAK
7vTP2fAtD8L8esOiUway97Wsm2DGU/e8plcMQkcqWmZcEvfMfb/6To9lC9IL1mvT
QaNyNB5mWUMLa/7b/QpKJLDX6hi56ylJUfpjJhSPs+H+lhWUQuLZICtjdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbjotjnlSXcB90OqVZHuqbovtRPMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvUnVPaTJPZVZKZHdIM1E2cFZrZTZwdWktMUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOnMA0G
CSqGSIb3DQEBCwUAA4IBAQBXsquectnq2R+Oa0gcyGmhZRxYClSRKLdytcGi+SHY
TKhqk+uuGq3+XyubZsjJXJQuOI+mvu9V4wMaVM6BUxRiQGncRhOpEney4gc7FPdz
WVG4dUjp0rbtVg/UP9PYcZf+BdAjNELec248oUVT8WHMoWfRFvgDsrURglrvNzD9
EFWMpWX8e4edwzWjHJjvUdwSvtd94Q7FxtZcRqosn3F+YWbST1/zDV/CiCUnScGx
nXcxahW/W1E7Z4YeBugjuJSgiIZAEQ/4Br04HlR2r1sXEIwT8IImo74QqYOTLgmC
JIzcRQzn4Ml0x2V5FwGu8CkOzHFE13MnwJsSDnEmwf8E
-----END CERTIFICATE-----