Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/75e82Mo-UTEsH5ZQ5vF9MCNjDzI.roa
File:                     75e82Mo-UTEsH5ZQ5vF9MCNjDzI.roa (raw, json)
Hash identifier:          KDwzZqkmUw9popunKsd98zXfFwfFd0UZsyqynkg9ogc=
Subject key identifier:   EF:97:BC:D8:CA:3E:51:31:2C:1F:96:50:E6:F1:7D:30:23:63:0F:32
Certificate issuer:       /CN=79101035d53377c5a72bedca522fc1456e0b8419
Certificate serial:       019422FC4C9273E20BC926523A6441B3032F
Authority key identifier: 79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/75e82Mo-UTEsH5ZQ5vF9MCNjDzI.roa
Signing time:             Wed 01 Jan 2025 17:49:07 +0000
ROA not before:           Wed 01 Jan 2025 17:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215119
IP address blocks:        217.23.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:4c:92:73:e2:0b:c9:26:52:3a:64:41:b3:03:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79101035d53377c5a72bedca522fc1456e0b8419
        Validity
            Not Before: Jan  1 17:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef97bcd8ca3e51312c1f9650e6f17d3023630f32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:54:f0:32:c8:4d:52:bd:c7:ae:84:68:0b:8a:
                    03:48:67:50:de:51:40:03:4d:87:ab:38:fc:b0:7a:
                    9a:07:62:bd:09:8d:e1:a8:60:a3:dd:b3:c7:66:73:
                    00:96:6b:35:9b:9b:db:29:42:4e:b8:bb:c7:59:96:
                    2b:a8:67:ac:fe:d8:7a:dd:3c:4f:a2:c2:40:21:c3:
                    c1:da:9c:7b:83:36:8e:37:04:71:1b:c6:8c:3f:2c:
                    59:80:65:f6:cb:a1:bb:a1:4c:37:34:e8:51:78:22:
                    11:8d:2a:9b:75:64:5f:45:3b:67:d9:4f:41:7a:ad:
                    22:a5:1f:9d:64:a6:e5:41:a5:61:c4:28:09:74:dc:
                    92:d8:01:5f:e7:ce:a5:e8:20:fc:4e:3f:0b:c0:9f:
                    c0:0d:ba:13:e8:ee:7d:4f:dd:70:a9:57:47:9a:ed:
                    f8:b0:71:5a:fc:92:54:c7:58:c8:8e:c4:ee:a9:97:
                    b9:64:f2:a6:ae:6a:ee:51:38:d1:05:32:b2:09:cf:
                    5f:c4:ff:cf:35:46:4e:b4:8a:39:28:9f:16:7a:ab:
                    69:f2:c0:e4:24:83:3b:59:72:42:03:5f:9c:4e:8b:
                    a8:06:d0:d8:a3:6c:9b:5f:e6:90:df:59:8c:ef:55:
                    42:27:d2:82:d1:0c:d4:1a:b3:59:25:8b:91:b6:e2:
                    00:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:97:BC:D8:CA:3E:51:31:2C:1F:96:50:E6:F1:7D:30:23:63:0F:32
            X509v3 Authority Key Identifier:
                keyid:79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/75e82Mo-UTEsH5ZQ5vF9MCNjDzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.23.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:62:d8:b3:3a:d0:10:66:d0:5f:9b:7a:e2:fe:40:c3:3e:b3:
         c5:49:b5:b7:94:ef:e4:9a:11:71:f9:95:b0:c2:0c:df:9d:9d:
         31:9c:ba:cd:9f:14:ed:09:9b:3e:82:e8:e1:d0:cd:63:af:10:
         23:33:6b:08:68:54:73:73:96:be:8a:45:39:f1:b4:ff:cb:94:
         52:31:e6:0a:19:33:b5:50:1e:20:16:ff:20:66:26:96:8d:1d:
         ad:fc:c6:48:2b:0e:be:76:b3:be:80:24:f3:1f:f9:c4:c7:f4:
         70:ed:ac:0d:3e:d3:28:f4:e3:bf:bc:59:1e:3c:10:10:5f:0e:
         92:f3:b8:8a:eb:a7:89:d1:1d:0a:31:41:7c:e4:15:97:a5:16:
         b5:1b:40:4f:ca:32:77:68:41:d8:64:88:22:88:7b:94:3e:4e:
         14:b1:37:c3:8d:fc:bd:85:81:ba:5e:97:bc:a1:9a:d5:ef:42:
         5b:c1:af:3b:b1:b0:1c:b7:1e:31:89:00:53:7f:3d:fa:3e:4f:
         3a:81:14:f5:73:0a:f5:f3:97:dc:8e:4e:47:60:43:68:6f:67:
         83:76:53:aa:20:33:02:7e:9d:bd:af:94:eb:d3:4e:c4:95:de:
         15:3f:93:c4:f7:18:27:ef:00:e9:a8:b3:f3:42:52:f1:0a:e4:
         c3:d0:04:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/EySc+ILySZSOmRBswMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTAxMDM1ZDUzMzc3YzVhNzJiZWRjYTUyMmZjMTQ1NmUw
Yjg0MTkwHhcNMjUwMTAxMTc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjk3YmNkOGNhM2U1MTMxMmMxZjk2NTBlNmYxN2QzMDIzNjMwZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VTwMshNUr3HroRoC4oDSGdQ3lFA
A02Hqzj8sHqaB2K9CY3hqGCj3bPHZnMAlms1m5vbKUJOuLvHWZYrqGes/th63TxP
osJAIcPB2px7gzaONwRxG8aMPyxZgGX2y6G7oUw3NOhReCIRjSqbdWRfRTtn2U9B
eq0ipR+dZKblQaVhxCgJdNyS2AFf586l6CD8Tj8LwJ/ADboT6O59T91wqVdHmu34
sHFa/JJUx1jIjsTuqZe5ZPKmrmruUTjRBTKyCc9fxP/PNUZOtIo5KJ8Weqtp8sDk
JIM7WXJCA1+cTouoBtDYo2ybX+aQ31mM71VCJ9KC0QzUGrNZJYuRtuIAewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+XvNjKPlExLB+WUObxfTAjYw8yMB8GA1UdIwQY
MBaAFHkQEDXVM3fFpyvtylIvwUVuC4QZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEt
MGNjODNiMDBmYzU4LzEvNzVlODJNby1VVEVzSDVaUTV2RjlNQ05qRHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEtMGNjODNiMDBmYzU4
LzEvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Rd4MA0G
CSqGSIb3DQEBCwUAA4IBAQBPYtizOtAQZtBfm3ri/kDDPrPFSbW3lO/kmhFx+ZWw
wgzfnZ0xnLrNnxTtCZs+gujh0M1jrxAjM2sIaFRzc5a+ikU58bT/y5RSMeYKGTO1
UB4gFv8gZiaWjR2t/MZIKw6+drO+gCTzH/nEx/Rw7awNPtMo9OO/vFkePBAQXw6S
87iK66eJ0R0KMUF85BWXpRa1G0BPyjJ3aEHYZIgiiHuUPk4UsTfDjfy9hYG6Xpe8
oZrV70Jbwa87sbActx4xiQBTfz36Pk86gRT1cwr185fcjk5HYENob2eDdlOqIDMC
fp29r5Tr007Eld4VP5PE9xgn7wDpqLPzQlLxCuTD0AR0
-----END CERTIFICATE-----