Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/pd3mdOT8agiACSepSs9mrkMBjb0.roa
File:                     pd3mdOT8agiACSepSs9mrkMBjb0.roa (raw, json)
Hash identifier:          jqUdQcoKLTm4rxSGiLxF/uMtXKISzq6uTnjKhbm/bG4=
Subject key identifier:   A5:DD:E6:74:E4:FC:6A:08:80:09:27:A9:4A:CF:66:AE:43:01:8D:BD
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       018CC793FFA470767E7614C5BD6F89A2C823
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/pd3mdOT8agiACSepSs9mrkMBjb0.roa
Signing time:             Tue 02 Jan 2024 00:30:14 +0000
ROA not before:           Tue 02 Jan 2024 00:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207305
IP address blocks:        217.147.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:ff:a4:70:76:7e:76:14:c5:bd:6f:89:a2:c8:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  2 00:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5dde674e4fc6a08800927a94acf66ae43018dbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e5:19:02:0b:ec:80:82:d5:d3:a5:14:38:93:
                    2b:f9:e4:f6:73:f7:b6:38:5c:a6:e2:55:8d:f0:a4:
                    b6:b5:84:ea:a3:26:fd:0d:53:0a:e8:c4:d5:eb:61:
                    93:fd:ed:54:cc:f6:e8:ee:52:e4:58:fd:0d:10:6a:
                    95:10:9b:75:f8:11:c1:f1:c1:51:af:42:95:ef:33:
                    8a:ef:45:7e:27:ea:50:e0:7a:02:b2:76:21:bb:46:
                    4b:39:1a:2d:f3:c8:6f:b4:04:f4:ca:57:ca:a0:cb:
                    3f:9a:f8:08:36:b5:7d:0a:f4:c9:9f:d0:ea:a0:f7:
                    ca:83:5c:01:32:ce:14:79:4b:bb:7a:6e:1e:97:b5:
                    e7:39:7a:54:64:b3:d9:d4:3b:a6:34:2f:04:e8:c4:
                    56:e4:a5:b6:91:1d:55:41:58:d2:14:41:3f:ee:5d:
                    51:f6:13:37:1c:68:83:a1:9e:69:c9:98:0d:8b:7d:
                    79:db:19:ac:c5:4d:b3:1f:ec:77:7c:0f:06:8b:9b:
                    40:ca:96:7e:a4:bb:0e:83:fb:58:96:f8:60:40:1a:
                    31:fe:a5:9d:5a:db:98:19:ce:1f:14:34:29:38:91:
                    df:90:ab:58:7f:91:0b:65:de:e5:dd:db:36:33:47:
                    14:00:cd:04:ae:f5:90:b5:f4:78:bf:09:e7:69:1d:
                    c8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:DD:E6:74:E4:FC:6A:08:80:09:27:A9:4A:CF:66:AE:43:01:8D:BD
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/pd3mdOT8agiACSepSs9mrkMBjb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:70:06:1a:92:be:33:6a:cf:f8:ab:d8:30:c7:d1:fc:39:51:
         fb:4a:c6:70:93:79:61:3c:00:5c:8a:f0:2c:1c:a4:5b:e4:b3:
         9a:e6:cd:29:bc:f5:aa:69:a3:e3:62:6c:a2:78:07:f9:29:7b:
         a8:94:1e:0f:0c:dd:03:4c:8d:d6:ef:f9:3d:2a:76:1a:f7:7e:
         be:28:9c:52:b9:16:20:b9:f3:e6:61:29:17:c7:0b:32:7f:b3:
         77:a2:e5:47:df:63:da:ae:ba:75:7e:15:11:78:5a:1b:84:f5:
         7f:d6:24:2a:d9:d5:af:2d:78:f0:84:3c:87:6f:41:26:e5:35:
         c0:6c:f6:2f:d5:31:35:d9:bd:05:cd:0d:b3:34:c9:4b:09:da:
         41:26:fd:0f:81:68:bb:f5:df:77:9e:79:7d:20:35:c3:82:6b:
         89:ba:ab:68:60:b4:0f:f5:4b:f9:a6:e4:81:ed:5e:ec:e7:77:
         0b:ae:ff:68:70:92:fb:14:e0:2d:de:c7:0d:c1:9a:82:57:c0:
         3c:c7:9e:41:20:df:61:79:a8:be:19:eb:de:96:cb:c6:2d:62:
         6d:9f:b3:81:8b:ba:5c:66:6c:2a:aa:b1:31:14:a0:3d:c1:9c:
         8d:84:85:88:4a:08:ee:15:d5:84:c5:45:b9:ea:02:7d:25:a1:
         39:ef:fd:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk/+kcHZ+dhTFvW+JosgjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjQwMTAyMDAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWRkZTY3NGU0ZmM2YTA4ODAwOTI3YTk0YWNmNjZhZTQzMDE4ZGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOUZAgvsgILV06UUOJMr+eT2c/e2
OFym4lWN8KS2tYTqoyb9DVMK6MTV62GT/e1UzPbo7lLkWP0NEGqVEJt1+BHB8cFR
r0KV7zOK70V+J+pQ4HoCsnYhu0ZLORot88hvtAT0ylfKoMs/mvgINrV9CvTJn9Dq
oPfKg1wBMs4UeUu7em4el7XnOXpUZLPZ1DumNC8E6MRW5KW2kR1VQVjSFEE/7l1R
9hM3HGiDoZ5pyZgNi3152xmsxU2zH+x3fA8Gi5tAypZ+pLsOg/tYlvhgQBox/qWd
WtuYGc4fFDQpOJHfkKtYf5ELZd7l3ds2M0cUAM0ErvWQtfR4vwnnaR3IxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXd5nTk/GoIgAknqUrPZq5DAY29MB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvcGQzbWRPVDhhZ2lBQ1NlcFNzOW1ya01CamIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOrMA0G
CSqGSIb3DQEBCwUAA4IBAQCIcAYakr4zas/4q9gwx9H8OVH7SsZwk3lhPABcivAs
HKRb5LOa5s0pvPWqaaPjYmyieAf5KXuolB4PDN0DTI3W7/k9KnYa936+KJxSuRYg
ufPmYSkXxwsyf7N3ouVH32Parrp1fhUReFobhPV/1iQq2dWvLXjwhDyHb0Em5TXA
bPYv1TE12b0FzQ2zNMlLCdpBJv0PgWi79d93nnl9IDXDgmuJuqtoYLQP9Uv5puSB
7V7s53cLrv9ocJL7FOAt3scNwZqCV8A8x55BIN9heai+GevelsvGLWJtn7OBi7pc
ZmwqqrExFKA9wZyNhIWISgjuFdWExUW56gJ9JaE57/2l
-----END CERTIFICATE-----