Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/N9l24h9HyK6kAtkXD09UL27Eum0.roa
File:                     N9l24h9HyK6kAtkXD09UL27Eum0.roa (raw, json)
Hash identifier:          Xv+8Dv2RI7WnHgqmAi/VbFX+HLMpAXUADpkW2PUX/hM=
Subject key identifier:   37:D9:76:E2:1F:47:C8:AE:A4:02:D9:17:0F:4F:54:2F:6E:C4:BA:6D
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       0194221FA9993D55134923C0525A57E9AC30
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/N9l24h9HyK6kAtkXD09UL27Eum0.roa
Signing time:             Wed 01 Jan 2025 13:48:07 +0000
ROA not before:           Wed 01 Jan 2025 13:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216300
IP address blocks:        217.196.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a9:99:3d:55:13:49:23:c0:52:5a:57:e9:ac:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Jan  1 13:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37d976e21f47c8aea402d9170f4f542f6ec4ba6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4e:78:4a:bb:59:52:4b:ab:a9:c1:6a:f1:39:
                    b1:a1:78:52:13:f3:24:c8:d7:e2:c3:52:aa:fd:2d:
                    44:f6:90:39:22:67:09:cf:a8:41:76:3e:c7:0e:c3:
                    40:41:0b:34:bf:be:5d:d1:8b:0a:80:e3:8c:f9:d7:
                    16:03:e8:a0:57:eb:e2:83:31:3e:88:f0:12:51:c5:
                    80:39:88:94:95:62:a2:5c:be:37:83:bf:82:89:a6:
                    a2:69:21:4d:5e:17:34:e6:f2:21:ca:5f:ec:99:8e:
                    df:60:6d:e9:ab:5e:0f:ed:2a:83:2f:7f:37:a0:d7:
                    95:23:09:98:ef:49:ab:75:23:e9:29:04:ef:39:84:
                    45:71:8d:98:41:4c:c2:8a:c0:3a:ca:4e:50:2b:aa:
                    be:82:24:2d:a7:df:fe:c4:ff:8c:b7:2f:d8:98:0f:
                    bf:2f:b7:f3:53:ce:94:e5:93:78:84:e8:3f:9f:14:
                    f3:ee:44:58:ac:00:35:ff:df:dd:d1:74:2a:22:1c:
                    fa:af:18:c7:62:74:9f:4b:41:22:16:a2:37:99:e3:
                    db:c4:09:82:c0:be:70:20:b2:f0:6c:10:5d:40:1d:
                    88:23:94:9c:46:c8:7b:ee:13:de:69:e4:6e:8a:63:
                    c5:77:76:a5:22:da:14:54:a0:21:00:c3:76:71:8d:
                    92:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:D9:76:E2:1F:47:C8:AE:A4:02:D9:17:0F:4F:54:2F:6E:C4:BA:6D
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/N9l24h9HyK6kAtkXD09UL27Eum0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.196.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:0a:05:59:38:91:49:21:e4:81:0f:c7:54:7f:f7:b1:3c:be:
         6e:b6:1f:d6:1c:5a:8c:bc:a1:9b:1d:2e:59:6e:9a:ff:e8:00:
         5f:15:aa:f3:d9:1e:ac:f3:19:46:4c:c1:1b:d4:34:60:e1:a4:
         86:06:ef:d6:38:8d:70:68:19:37:74:79:c7:2e:8c:14:78:a2:
         90:49:f5:80:88:ca:9f:47:d8:8e:79:87:00:a1:f4:1d:2f:eb:
         05:7a:dc:d4:6c:2b:d2:d9:9d:e5:e0:24:cd:7c:59:b6:f9:be:
         09:4c:63:69:4e:03:b9:9c:a1:dc:1e:d1:f7:a2:fd:d8:0a:e1:
         98:d8:f4:0e:97:a8:7b:20:d1:02:e7:bb:6b:08:33:3f:2e:06:
         7e:d1:57:93:1e:43:51:cd:9e:3e:00:4d:12:7b:d0:45:d2:fa:
         4a:a5:01:0e:9b:e0:28:c9:52:48:c1:8b:0b:1c:53:c2:df:7d:
         f8:8f:75:41:81:ae:2e:e0:0f:9f:e2:8b:b2:6d:26:30:e2:53:
         11:5b:37:28:a5:47:02:3f:94:84:ce:19:45:3f:5d:be:22:76:
         18:08:d1:19:11:e4:1d:58:78:2d:22:1f:7b:26:18:34:88:8e:
         a1:7d:4d:6d:97:86:76:2d:21:74:d9:2c:3c:5a:55:35:9c:d3:
         e6:c3:da:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6mZPVUTSSPAUlpX6awwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjUwMTAxMTM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Q5NzZlMjFmNDdjOGFlYTQwMmQ5MTcwZjRmNTQyZjZlYzRiYTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq054SrtZUkurqcFq8TmxoXhSE/Mk
yNfiw1Kq/S1E9pA5ImcJz6hBdj7HDsNAQQs0v75d0YsKgOOM+dcWA+igV+vigzE+
iPASUcWAOYiUlWKiXL43g7+CiaaiaSFNXhc05vIhyl/smY7fYG3pq14P7SqDL383
oNeVIwmY70mrdSPpKQTvOYRFcY2YQUzCisA6yk5QK6q+giQtp9/+xP+Mty/YmA+/
L7fzU86U5ZN4hOg/nxTz7kRYrAA1/9/d0XQqIhz6rxjHYnSfS0EiFqI3mePbxAmC
wL5wILLwbBBdQB2II5ScRsh77hPeaeRuimPFd3alItoUVKAhAMN2cY2SfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfZduIfR8iupALZFw9PVC9uxLptMB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvTjlsMjRoOUh5SzZrQXRrWEQwOVVMMjdFdW0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cRhMA0G
CSqGSIb3DQEBCwUAA4IBAQBjCgVZOJFJIeSBD8dUf/exPL5uth/WHFqMvKGbHS5Z
bpr/6ABfFarz2R6s8xlGTMEb1DRg4aSGBu/WOI1waBk3dHnHLowUeKKQSfWAiMqf
R9iOeYcAofQdL+sFetzUbCvS2Z3l4CTNfFm2+b4JTGNpTgO5nKHcHtH3ov3YCuGY
2PQOl6h7INEC57trCDM/LgZ+0VeTHkNRzZ4+AE0Se9BF0vpKpQEOm+AoyVJIwYsL
HFPC3334j3VBga4u4A+f4ouybSYw4lMRWzcopUcCP5SEzhlFP12+InYYCNEZEeQd
WHgtIh97Jhg0iI6hfU1tl4Z2LSF02Sw8WlU1nNPmw9pp
-----END CERTIFICATE-----