Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/PAOEGXpGQsJvw33MiKgLxU-N9pw.roa
File:                     PAOEGXpGQsJvw33MiKgLxU-N9pw.roa (raw, json)
Hash identifier:          SIleoKFm0+RmqPPjQ8NBeYamDKWHFmuPAgbu+GZPgRQ=
Subject key identifier:   3C:03:84:19:7A:46:42:C2:6F:C3:7D:CC:88:A8:0B:C5:4F:8D:F6:9C
Certificate issuer:       /CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
Certificate serial:       019424B280496F74854828A1D4EA171A6D62
Authority key identifier: 83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/PAOEGXpGQsJvw33MiKgLxU-N9pw.roa
Signing time:             Thu 02 Jan 2025 01:47:45 +0000
ROA not before:           Thu 02 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16221
IP address blocks:        217.118.206.0/23 maxlen: 24
                          2a07:600::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:80:49:6f:74:85:48:28:a1:d4:ea:17:1a:6d:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
        Validity
            Not Before: Jan  2 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c0384197a4642c26fc37dcc88a80bc54f8df69c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b9:ea:ea:1c:e9:f9:13:78:c7:53:ce:c2:1b:
                    05:e2:f3:ae:31:e9:a0:0b:a1:21:44:b3:68:63:f7:
                    e0:59:23:58:58:ac:5a:6b:e7:de:d2:74:4d:0b:13:
                    52:b5:d3:14:03:dc:9d:a2:52:30:d2:17:60:87:a7:
                    e1:b5:9c:d2:3d:8d:b3:dc:d1:81:2b:91:c9:bb:00:
                    78:c8:99:24:cc:d7:c1:2b:cd:2e:e7:58:b6:00:3b:
                    bb:50:b7:e1:53:c7:f2:c0:74:77:c9:af:98:3c:4f:
                    7a:e7:79:5c:f2:cd:33:4a:73:2a:fd:a6:94:3b:b4:
                    15:aa:32:2a:cd:a0:10:7b:1e:04:f8:d8:35:1a:31:
                    17:4d:b1:72:4d:4e:8f:d4:1c:40:3b:7d:43:1f:17:
                    22:e9:b4:5c:56:9f:5d:86:d3:92:64:aa:a2:90:5a:
                    0a:dd:1c:51:20:4a:0f:29:e7:f1:c0:42:db:c6:3f:
                    94:3c:b9:5c:34:7e:04:7f:4e:83:83:28:75:ea:c8:
                    c4:7e:02:59:97:fb:60:8f:3c:a3:62:22:71:0b:a0:
                    cc:87:ee:15:ff:55:4f:e4:23:00:bb:23:6a:f5:dc:
                    42:0b:0a:d9:53:d6:d7:14:28:3a:1f:e5:48:b3:ab:
                    8d:5b:93:f4:98:2c:fa:1e:bc:8a:b7:4d:65:ce:06:
                    41:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:03:84:19:7A:46:42:C2:6F:C3:7D:CC:88:A8:0B:C5:4F:8D:F6:9C
            X509v3 Authority Key Identifier:
                keyid:83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/PAOEGXpGQsJvw33MiKgLxU-N9pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.118.206.0/23
                IPv6:
                  2a07:600::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:57:71:65:e8:2d:21:85:0c:fb:61:b7:f2:7b:6b:81:51:7b:
         58:5c:69:8a:cb:ee:78:f5:5e:da:8e:bd:5a:1a:ba:9c:0c:52:
         83:b6:7d:67:30:9f:d8:16:b1:f2:f4:d4:3d:74:83:2f:93:72:
         c5:fa:c9:04:33:a8:b1:f4:60:fd:b0:2d:b7:50:d5:2c:b6:b4:
         0f:05:3d:c5:90:d7:46:bd:ca:93:cb:c0:7c:fe:8b:bf:3b:12:
         de:86:e5:3f:80:d8:ec:38:17:5f:fe:98:3a:58:71:a1:a0:13:
         df:ac:52:6b:a1:13:28:39:2e:43:b5:d4:5c:8b:40:e9:8c:39:
         aa:bc:cf:91:d7:0c:69:8a:0c:39:d7:3f:32:6b:7e:6e:1e:7b:
         59:f5:65:e1:9a:0e:1d:94:36:7d:44:ce:38:d4:48:c1:e5:8e:
         0c:65:21:87:c6:d0:93:55:84:e0:91:1c:e2:34:c7:26:61:10:
         50:47:3b:c1:6a:ed:91:6b:17:f4:91:6e:04:5c:34:54:1a:46:
         41:f0:35:9b:ae:34:d6:ac:07:6b:51:f0:62:e3:66:8f:53:a2:
         65:cc:e6:45:63:3f:65:01:de:41:44:12:e6:83:fa:8d:03:bb:
         46:85:50:ce:8e:41:a4:f2:5c:5b:4c:bc:b8:75:0a:46:c2:68:
         7f:05:20:c6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQksoBJb3SFSCih1OoXGm1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDc5NTE0OTU5Mzk3YzVlM2ZhNzZlMWVhNDk1ZThlMWY2
YzMxOWIwHhcNMjUwMTAyMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzAzODQxOTdhNDY0MmMyNmZjMzdkY2M4OGE4MGJjNTRmOGRmNjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7nq6hzp+RN4x1POwhsF4vOuMemg
C6EhRLNoY/fgWSNYWKxaa+fe0nRNCxNStdMUA9ydolIw0hdgh6fhtZzSPY2z3NGB
K5HJuwB4yJkkzNfBK80u51i2ADu7ULfhU8fywHR3ya+YPE9653lc8s0zSnMq/aaU
O7QVqjIqzaAQex4E+Ng1GjEXTbFyTU6P1BxAO31DHxci6bRcVp9dhtOSZKqikFoK
3RxRIEoPKefxwELbxj+UPLlcNH4Ef06Dgyh16sjEfgJZl/tgjzyjYiJxC6DMh+4V
/1VP5CMAuyNq9dxCCwrZU9bXFCg6H+VIs6uNW5P0mCz6HryKt01lzgZB+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDwDhBl6RkLCb8N9zIioC8VPjfacMB8GA1UdIwQY
MBaAFINHlRSVk5fF4/p24epJXo4fbDGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUt
MWU1ZTQzMGRkNzExLzEvUEFPRUdYcEdRc0p2dzMzTWlLZ0x4VS1OOXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUtMWU1ZTQzMGRkNzEx
LzEvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQB2XbOMA0E
AgACMAcDBQAqBwYAMA0GCSqGSIb3DQEBCwUAA4IBAQA8V3Fl6C0hhQz7Ybfye2uB
UXtYXGmKy+549V7ajr1aGrqcDFKDtn1nMJ/YFrHy9NQ9dIMvk3LF+skEM6ix9GD9
sC23UNUstrQPBT3FkNdGvcqTy8B8/ou/OxLehuU/gNjsOBdf/pg6WHGhoBPfrFJr
oRMoOS5DtdRci0DpjDmqvM+R1wxpigw51z8ya35uHntZ9WXhmg4dlDZ9RM441EjB
5Y4MZSGHxtCTVYTgkRziNMcmYRBQRzvBau2Raxf0kW4EXDRUGkZB8DWbrjTWrAdr
UfBi42aPU6JlzOZFYz9lAd5BRBLmg/qNA7tGhVDOjkGk8lxbTLy4dQpGwmh/BSDG
-----END CERTIFICATE-----