Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/AMTfdcOhvN2UxA7mt3gv3KECuGg.roa
File:                     AMTfdcOhvN2UxA7mt3gv3KECuGg.roa (raw, json)
Hash identifier:          k51GSY+oL6d3vSnVOqR7gGcER+6PBSvBsmHDXYmEq2c=
Subject key identifier:   00:C4:DF:75:C3:A1:BC:DD:94:C4:0E:E6:B7:78:2F:DC:A1:02:B8:68
Certificate issuer:       /CN=9c73d9453fbedfb80c4543bb529fc330c1f8c1ce
Certificate serial:       01941FFAB5AA2AEE7C42B81BF8333BD7F760
Authority key identifier: 9C:73:D9:45:3F:BE:DF:B8:0C:45:43:BB:52:9F:C3:30:C1:F8:C1:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/AMTfdcOhvN2UxA7mt3gv3KECuGg.roa
Signing time:             Wed 01 Jan 2025 03:48:31 +0000
ROA not before:           Wed 01 Jan 2025 03:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208752
IP address blocks:        217.199.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b5:aa:2a:ee:7c:42:b8:1b:f8:33:3b:d7:f7:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c73d9453fbedfb80c4543bb529fc330c1f8c1ce
        Validity
            Not Before: Jan  1 03:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00c4df75c3a1bcdd94c40ee6b7782fdca102b868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c5:90:a1:d8:87:22:0e:30:27:c1:d6:57:eb:
                    23:93:29:55:76:07:a2:84:3c:a0:85:3a:bc:6a:89:
                    4c:fe:f3:6c:16:f7:fa:8e:5c:e6:ce:6f:a8:4a:75:
                    5c:3e:77:60:29:a9:74:60:fe:24:8f:75:7c:3f:68:
                    f6:df:1e:e1:5a:2c:c5:3e:91:71:4d:b9:51:c7:1b:
                    62:4a:82:10:1a:37:8e:6e:85:19:d3:20:35:81:98:
                    7e:60:58:3d:7e:d8:e8:cb:8a:ff:27:62:6a:c8:18:
                    8e:9c:bf:e7:f4:1d:de:39:4a:0f:83:45:e4:ea:0e:
                    d5:9f:a4:bc:c4:57:48:96:ad:e8:55:3a:a5:59:ef:
                    fb:53:7d:1e:22:77:f8:79:ee:60:e6:8a:69:b5:0c:
                    20:55:89:ae:f0:e4:74:5d:0a:e8:0a:4b:34:0b:7b:
                    83:69:60:c5:8e:0d:f8:a7:79:de:23:30:25:36:a1:
                    f8:29:78:a7:1e:35:3f:4a:98:61:3c:87:c7:49:88:
                    27:28:f2:af:e6:ea:ea:89:bd:ad:c5:e5:48:f7:9d:
                    bc:e4:bc:8c:78:60:5b:a7:ff:87:ad:e3:21:80:d0:
                    10:cc:b2:31:fc:62:71:96:f3:ba:6e:db:0a:ab:a4:
                    7f:58:6e:38:32:e7:75:97:cc:9d:d3:04:81:7f:7c:
                    4e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:C4:DF:75:C3:A1:BC:DD:94:C4:0E:E6:B7:78:2F:DC:A1:02:B8:68
            X509v3 Authority Key Identifier:
                keyid:9C:73:D9:45:3F:BE:DF:B8:0C:45:43:BB:52:9F:C3:30:C1:F8:C1:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/AMTfdcOhvN2UxA7mt3gv3KECuGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.199.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:38:96:de:57:86:12:80:67:fc:46:2a:46:5e:bc:13:bc:2f:
         c5:74:99:33:a1:ab:0f:e4:d3:29:55:67:d1:0b:08:ff:e1:55:
         29:99:24:df:12:52:95:73:ef:5b:6d:60:68:2d:c1:e6:3b:4b:
         a6:17:ec:50:5f:9a:62:48:f2:9e:6d:46:b3:5f:14:64:0d:44:
         b3:40:f3:a3:2f:a1:94:f0:41:ef:bb:fd:a6:70:5a:cc:d4:f0:
         5c:16:f9:cc:5e:83:e4:6b:f6:19:be:ed:92:13:88:2b:58:e1:
         dc:93:11:2b:53:9d:ee:cd:b0:a2:84:c7:69:9e:98:3a:7c:c0:
         82:b2:da:d4:3c:b5:93:9a:97:de:b9:b5:98:8b:4a:07:26:91:
         81:63:2f:2a:fd:53:fb:9f:80:50:cc:00:bf:21:fd:d2:45:73:
         dd:b0:9f:7d:cc:65:f5:0b:b9:df:1c:4b:77:47:ea:30:34:de:
         72:d5:ff:ca:89:d3:a0:23:82:84:64:ad:e4:a2:11:c8:c6:cf:
         be:05:41:67:2b:76:20:88:69:4e:9c:a3:2c:59:10:2a:9b:2f:
         05:8f:76:72:e0:5c:1d:44:d3:a2:bd:cb:2f:fc:5e:5e:e9:9b:
         ea:c3:55:fc:69:ab:b1:ba:6e:67:39:a5:ad:49:25:8d:63:f8:
         45:f9:37:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+rWqKu58Qrgb+DM71/dgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNzNkOTQ1M2ZiZWRmYjgwYzQ1NDNiYjUyOWZjMzMwYzFm
OGMxY2UwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGM0ZGY3NWMzYTFiY2RkOTRjNDBlZTZiNzc4MmZkY2ExMDJiODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8WQodiHIg4wJ8HWV+sjkylVdgei
hDyghTq8aolM/vNsFvf6jlzmzm+oSnVcPndgKal0YP4kj3V8P2j23x7hWizFPpFx
TblRxxtiSoIQGjeOboUZ0yA1gZh+YFg9ftjoy4r/J2JqyBiOnL/n9B3eOUoPg0Xk
6g7Vn6S8xFdIlq3oVTqlWe/7U30eInf4ee5g5opptQwgVYmu8OR0XQroCks0C3uD
aWDFjg34p3neIzAlNqH4KXinHjU/SphhPIfHSYgnKPKv5urqib2txeVI95285LyM
eGBbp/+HreMhgNAQzLIx/GJxlvO6btsKq6R/WG44Mud1l8yd0wSBf3xOhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADE33XDobzdlMQO5rd4L9yhArhoMB8GA1UdIwQY
MBaAFJxz2UU/vt+4DEVDu1KfwzDB+MHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkhQWlJULS0zN2dNUlVPN1VwX0RNTUg0d2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9iMzUzNzktMjEyMi00MTkxLTg4MjEt
YzQ3ZTE4ZGYwMzcxLzEvQU1UZmRjT2h2TjJVeEE3bXQzZ3YzS0VDdUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9iMzUzNzktMjEyMi00MTkxLTg4MjEtYzQ3ZTE4ZGYwMzcx
LzEvbkhQWlJULS0zN2dNUlVPN1VwX0RNTUg0d2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cfZMA0G
CSqGSIb3DQEBCwUAA4IBAQB1OJbeV4YSgGf8RipGXrwTvC/FdJkzoasP5NMpVWfR
Cwj/4VUpmSTfElKVc+9bbWBoLcHmO0umF+xQX5piSPKebUazXxRkDUSzQPOjL6GU
8EHvu/2mcFrM1PBcFvnMXoPka/YZvu2SE4grWOHckxErU53uzbCihMdpnpg6fMCC
strUPLWTmpfeubWYi0oHJpGBYy8q/VP7n4BQzAC/If3SRXPdsJ99zGX1C7nfHEt3
R+owNN5y1f/KidOgI4KEZK3kohHIxs++BUFnK3YgiGlOnKMsWRAqmy8Fj3Zy4Fwd
RNOivcsv/F5e6Zvqw1X8aauxum5nOaWtSSWNY/hF+Teo
-----END CERTIFICATE-----