Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/DdRCFIheUFidGVYkqyyFDq2Fupc.roa
File:                     DdRCFIheUFidGVYkqyyFDq2Fupc.roa (raw, json)
Hash identifier:          ZuRnTsFjjRzqtn5Q2uk0bKS1nWBcS7a3xm0Q/qBs1XU=
Subject key identifier:   0D:D4:42:14:88:5E:50:58:9D:19:56:24:AB:2C:85:0E:AD:85:BA:97
Certificate issuer:       /CN=9c73d9453fbedfb80c4543bb529fc330c1f8c1ce
Certificate serial:       018CC8702B76D15D12C9FA3F242F14EFCD0D
Authority key identifier: 9C:73:D9:45:3F:BE:DF:B8:0C:45:43:BB:52:9F:C3:30:C1:F8:C1:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/DdRCFIheUFidGVYkqyyFDq2Fupc.roa
Signing time:             Tue 02 Jan 2024 04:30:43 +0000
ROA not before:           Tue 02 Jan 2024 04:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208752
IP address blocks:        217.199.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:2b:76:d1:5d:12:c9:fa:3f:24:2f:14:ef:cd:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c73d9453fbedfb80c4543bb529fc330c1f8c1ce
        Validity
            Not Before: Jan  2 04:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dd44214885e50589d195624ab2c850ead85ba97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:14:a7:ac:6d:bd:55:9e:02:56:85:c4:6f:79:
                    00:83:12:0d:0d:8b:06:d0:e5:e6:8d:d3:d0:09:5e:
                    38:be:27:a5:aa:84:5f:32:85:60:a9:71:51:ea:36:
                    06:61:c4:b9:36:b1:f5:0e:0f:c3:9e:36:07:a5:f9:
                    39:c4:fa:c8:4c:d9:11:9f:5d:a1:07:7b:61:77:48:
                    12:cb:a8:00:64:57:b4:2a:cf:d5:72:d3:e3:e5:63:
                    dc:0d:f1:5e:40:d6:5c:98:52:d0:d4:fe:47:a5:9e:
                    91:ef:53:5a:d6:c1:b1:b9:b1:73:38:84:16:77:92:
                    63:bb:aa:0c:ae:e0:8d:cf:00:e0:0e:7d:92:72:f4:
                    3c:10:19:e6:c4:e4:40:ee:5d:50:b7:5a:0c:4b:8d:
                    6d:b8:e9:bc:45:47:50:0f:ab:6e:ea:1f:4c:26:7b:
                    cb:e9:f1:da:14:a4:ef:ab:78:62:ff:98:9c:7b:8a:
                    0b:ff:cc:41:92:9a:37:92:25:b8:13:29:ef:9a:fd:
                    09:aa:a3:b2:cb:d0:a5:92:c6:c3:d6:f0:6b:7c:8f:
                    91:24:f4:bd:39:4b:fc:bf:cc:5f:40:28:c6:d7:22:
                    97:71:fd:30:7c:f2:03:60:6c:22:66:12:0f:7f:ec:
                    c5:71:ed:df:c9:69:9c:95:63:88:ae:40:18:2d:69:
                    c1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D4:42:14:88:5E:50:58:9D:19:56:24:AB:2C:85:0E:AD:85:BA:97
            X509v3 Authority Key Identifier:
                keyid:9C:73:D9:45:3F:BE:DF:B8:0C:45:43:BB:52:9F:C3:30:C1:F8:C1:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/DdRCFIheUFidGVYkqyyFDq2Fupc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.199.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:3b:49:fd:75:75:e6:8a:d4:d9:48:3e:01:ca:06:4a:cf:51:
         65:c7:b2:81:88:2e:f9:20:cc:eb:14:57:dd:19:48:8f:70:9e:
         72:26:52:f4:ef:08:b3:54:76:20:5f:e0:22:51:82:3d:a2:c1:
         2e:c3:f8:d1:17:57:6e:50:80:17:b6:d2:28:6b:69:8a:2a:53:
         2f:02:72:bc:f8:a2:8f:fe:71:9b:48:2e:51:27:f1:63:9b:26:
         24:3c:5d:6b:45:40:fc:50:c4:58:99:2d:d7:b4:08:e6:e1:2d:
         fb:ab:c6:1d:b7:d5:c9:a4:48:7c:56:53:f1:57:11:9b:58:1c:
         f8:73:bc:7b:9b:d9:34:4c:cd:32:2f:57:78:fc:16:c1:17:76:
         1b:a6:55:06:15:b7:04:cc:0d:1e:5b:ab:77:ae:b4:3c:b6:4d:
         ee:56:6b:dd:88:6e:17:8f:c5:7b:e5:74:4d:de:44:10:42:6f:
         50:b8:85:ed:3f:bf:f2:80:cd:e2:cb:64:15:14:6d:f0:e8:6a:
         55:50:3a:1c:d2:25:b8:71:df:90:89:2d:e9:b5:bf:be:59:e7:
         1a:ab:d3:4b:56:36:4d:db:91:8c:61:24:43:b9:0a:8f:0b:e2:
         61:25:6b:aa:57:6d:c7:fe:bc:83:65:9e:12:cb:c5:60:25:33:
         e8:31:e3:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcCt20V0Syfo/JC8U780NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNzNkOTQ1M2ZiZWRmYjgwYzQ1NDNiYjUyOWZjMzMwYzFm
OGMxY2UwHhcNMjQwMTAyMDQzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGQ0NDIxNDg4NWU1MDU4OWQxOTU2MjRhYjJjODUwZWFkODViYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBSnrG29VZ4CVoXEb3kAgxINDYsG
0OXmjdPQCV44vielqoRfMoVgqXFR6jYGYcS5NrH1Dg/DnjYHpfk5xPrITNkRn12h
B3thd0gSy6gAZFe0Ks/VctPj5WPcDfFeQNZcmFLQ1P5HpZ6R71Na1sGxubFzOIQW
d5Jju6oMruCNzwDgDn2ScvQ8EBnmxORA7l1Qt1oMS41tuOm8RUdQD6tu6h9MJnvL
6fHaFKTvq3hi/5ice4oL/8xBkpo3kiW4Eynvmv0JqqOyy9ClksbD1vBrfI+RJPS9
OUv8v8xfQCjG1yKXcf0wfPIDYGwiZhIPf+zFce3fyWmclWOIrkAYLWnBhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3UQhSIXlBYnRlWJKsshQ6thbqXMB8GA1UdIwQY
MBaAFJxz2UU/vt+4DEVDu1KfwzDB+MHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkhQWlJULS0zN2dNUlVPN1VwX0RNTUg0d2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9iMzUzNzktMjEyMi00MTkxLTg4MjEt
YzQ3ZTE4ZGYwMzcxLzEvRGRSQ0ZJaGVVRmlkR1ZZa3F5eUZEcTJGdXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9iMzUzNzktMjEyMi00MTkxLTg4MjEtYzQ3ZTE4ZGYwMzcx
LzEvbkhQWlJULS0zN2dNUlVPN1VwX0RNTUg0d2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cfZMA0G
CSqGSIb3DQEBCwUAA4IBAQAhO0n9dXXmitTZSD4BygZKz1Flx7KBiC75IMzrFFfd
GUiPcJ5yJlL07wizVHYgX+AiUYI9osEuw/jRF1duUIAXttIoa2mKKlMvAnK8+KKP
/nGbSC5RJ/FjmyYkPF1rRUD8UMRYmS3XtAjm4S37q8Ydt9XJpEh8VlPxVxGbWBz4
c7x7m9k0TM0yL1d4/BbBF3YbplUGFbcEzA0eW6t3rrQ8tk3uVmvdiG4Xj8V75XRN
3kQQQm9QuIXtP7/ygM3iy2QVFG3w6GpVUDoc0iW4cd+QiS3ptb++Wecaq9NLVjZN
25GMYSRDuQqPC+JhJWuqV23H/ryDZZ4Sy8VgJTPoMePv
-----END CERTIFICATE-----