Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/pD7HPK_aW3QH3PPrNYbHeMKhGy4.roa
File:                     pD7HPK_aW3QH3PPrNYbHeMKhGy4.roa (raw, json)
Hash identifier:          GJeO7Q27YxmGksDjROFyKoncsMRwot0oI2b9og4LUSw=
Subject key identifier:   A4:3E:C7:3C:AF:DA:5B:74:07:DC:F3:EB:35:86:C7:78:C2:A1:1B:2E
Certificate issuer:       /CN=c4064476c2c47f778474a14816c1e06a40813e5c
Certificate serial:       0194228DB1A385DDBB7414FA5DA2019C59FC
Authority key identifier: C4:06:44:76:C2:C4:7F:77:84:74:A1:48:16:C1:E0:6A:40:81:3E:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xAZEdsLEf3eEdKFIFsHgakCBPlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/pD7HPK_aW3QH3PPrNYbHeMKhGy4.roa
Signing time:             Wed 01 Jan 2025 15:48:18 +0000
ROA not before:           Wed 01 Jan 2025 15:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199284
IP address blocks:        217.17.206.0/23 maxlen: 23
                          2001:4bd8:52::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/xAZEdsLEf3eEdKFIFsHgakCBPlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/xAZEdsLEf3eEdKFIFsHgakCBPlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xAZEdsLEf3eEdKFIFsHgakCBPlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:b1:a3:85:dd:bb:74:14:fa:5d:a2:01:9c:59:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4064476c2c47f778474a14816c1e06a40813e5c
        Validity
            Not Before: Jan  1 15:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a43ec73cafda5b7407dcf3eb3586c778c2a11b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d1:f1:e8:47:fe:95:4e:a6:e8:ce:1a:39:17:
                    23:a9:01:42:49:37:f1:bb:b6:ef:c5:22:12:01:4a:
                    4d:d6:61:a7:a0:cb:39:b8:03:86:2e:cd:65:37:6c:
                    9e:f8:ee:35:dc:1d:9e:65:5b:15:39:93:d0:70:82:
                    5f:d1:f0:30:9d:4a:79:14:ae:80:8d:c8:f8:cf:d6:
                    30:cd:86:cf:46:7e:54:30:5b:28:57:6e:dc:8f:c0:
                    ef:b8:f4:94:1a:16:5d:40:d5:0a:ac:2c:39:8e:f9:
                    df:f3:84:8c:f6:5c:48:b6:9d:9d:3e:ae:d0:8f:c6:
                    25:af:48:3d:ad:5d:72:4e:5e:45:d1:e1:65:9a:0b:
                    1c:ee:0d:76:22:71:d4:4c:a7:5e:38:eb:ec:52:af:
                    3d:0b:58:0f:b0:b6:9c:ec:fd:74:bb:43:29:26:da:
                    6b:2b:ed:85:9b:55:64:ef:1f:89:40:57:d1:ee:c5:
                    b2:bb:93:74:d2:84:e0:cb:1f:8a:35:2b:af:78:1f:
                    ad:15:ad:19:cc:15:6b:f0:43:47:7e:5f:66:a7:13:
                    56:17:72:4b:58:7c:b7:05:22:b4:48:93:74:ee:78:
                    ea:e7:6a:39:8c:a2:d1:7c:3f:63:40:9d:30:be:82:
                    77:91:d7:2e:5b:73:01:0e:54:45:7b:1f:68:1a:36:
                    c0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:3E:C7:3C:AF:DA:5B:74:07:DC:F3:EB:35:86:C7:78:C2:A1:1B:2E
            X509v3 Authority Key Identifier:
                keyid:C4:06:44:76:C2:C4:7F:77:84:74:A1:48:16:C1:E0:6A:40:81:3E:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xAZEdsLEf3eEdKFIFsHgakCBPlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/pD7HPK_aW3QH3PPrNYbHeMKhGy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/xAZEdsLEf3eEdKFIFsHgakCBPlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.17.206.0/23
                IPv6:
                  2001:4bd8:52::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:99:a9:48:1c:1e:6e:10:d4:4a:ad:07:a3:81:07:4c:64:60:
         23:e0:81:01:74:74:74:a0:a9:61:a2:d8:74:08:f0:c3:03:1f:
         06:aa:57:f1:20:40:eb:19:90:fe:90:ec:08:8d:ad:9a:22:6d:
         72:36:f1:bc:6f:d0:80:b3:4f:c6:ac:9b:dd:9e:48:4e:cb:c5:
         94:df:9f:a6:9a:da:1c:e3:88:44:17:fe:42:ac:c0:9e:ce:53:
         4b:8c:44:6e:76:3b:53:cd:f8:c9:65:66:a3:11:96:bd:b0:0d:
         51:21:49:aa:20:6f:9e:71:dc:69:8f:ad:39:e6:76:7d:8b:24:
         d6:0e:34:9f:41:a5:11:f9:fb:4a:a8:61:1d:0b:cb:3d:e8:e5:
         67:99:45:e7:3a:c4:d0:73:c3:1e:4a:10:50:69:09:42:75:5d:
         3c:7c:2a:55:7e:cf:72:af:9e:09:86:e2:89:03:c5:e5:b3:20:
         e9:cf:51:ef:b2:c8:ba:20:a9:a1:ac:1a:05:23:27:95:b3:2b:
         7c:6f:9c:c3:1e:9b:d5:4a:c9:e8:a4:c1:41:c6:ad:f6:dc:67:
         a7:17:08:7f:5e:ae:68:9b:06:e3:d0:e1:85:bb:ef:7f:9a:20:
         2e:e8:c5:93:d5:e4:b0:0b:44:7f:e0:09:89:2d:52:72:10:f3:
         dc:b0:de:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijbGjhd27dBT6XaIBnFn8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MDY0NDc2YzJjNDdmNzc4NDc0YTE0ODE2YzFlMDZhNDA4
MTNlNWMwHhcNMjUwMTAxMTU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDNlYzczY2FmZGE1Yjc0MDdkY2YzZWIzNTg2Yzc3OGMyYTExYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9Hx6Ef+lU6m6M4aORcjqQFCSTfx
u7bvxSISAUpN1mGnoMs5uAOGLs1lN2ye+O413B2eZVsVOZPQcIJf0fAwnUp5FK6A
jcj4z9YwzYbPRn5UMFsoV27cj8DvuPSUGhZdQNUKrCw5jvnf84SM9lxItp2dPq7Q
j8Ylr0g9rV1yTl5F0eFlmgsc7g12InHUTKdeOOvsUq89C1gPsLac7P10u0MpJtpr
K+2Fm1Vk7x+JQFfR7sWyu5N00oTgyx+KNSuveB+tFa0ZzBVr8ENHfl9mpxNWF3JL
WHy3BSK0SJN07njq52o5jKLRfD9jQJ0wvoJ3kdcuW3MBDlRFex9oGjbA1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKQ+xzyv2lt0B9zz6zWGx3jCoRsuMB8GA1UdIwQY
MBaAFMQGRHbCxH93hHShSBbB4GpAgT5cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEFaRWRzTEVmM2VFZEtGSUZzSGdha0NCUGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85YTdkZjctMThiYS00MWY3LTg4MGEt
NzQ2Nzc3ZTIxYzViLzEvcEQ3SFBLX2FXM1FIM1BQck5ZYkhlTUtoR3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85YTdkZjctMThiYS00MWY3LTg4MGEtNzQ2Nzc3ZTIxYzVi
LzEveEFaRWRzTEVmM2VFZEtGSUZzSGdha0NCUGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQB2RHOMA8E
AgACMAkDBwAgAUvYAFIwDQYJKoZIhvcNAQELBQADggEBAAKZqUgcHm4Q1EqtB6OB
B0xkYCPggQF0dHSgqWGi2HQI8MMDHwaqV/EgQOsZkP6Q7AiNrZoibXI28bxv0ICz
T8asm92eSE7LxZTfn6aa2hzjiEQX/kKswJ7OU0uMRG52O1PN+MllZqMRlr2wDVEh
Saogb55x3GmPrTnmdn2LJNYONJ9BpRH5+0qoYR0Lyz3o5WeZRec6xNBzwx5KEFBp
CUJ1XTx8KlV+z3KvngmG4okDxeWzIOnPUe+yyLogqaGsGgUjJ5WzK3xvnMMem9VK
yeikwUHGrfbcZ6cXCH9ermibBuPQ4YW773+aIC7oxZPV5LALRH/gCYktUnIQ89yw
3v8=
-----END CERTIFICATE-----