Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/l-DhQVId14lLiR2CC18PSmaWD58.roa
File:                     l-DhQVId14lLiR2CC18PSmaWD58.roa (raw, json)
Hash identifier:          kDvQ14x5xl/z/Akv3wuLy8Glw+piuvb8lVLCQ9ahBkI=
Subject key identifier:   97:E0:E1:41:52:1D:D7:89:4B:89:1D:82:0B:5F:0F:4A:66:96:0F:9F
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019421B24C7E1090D59340CAF1D1604CEB3E
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/l-DhQVId14lLiR2CC18PSmaWD58.roa
Signing time:             Wed 01 Jan 2025 11:48:40 +0000
ROA not before:           Wed 01 Jan 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395753
IP address blocks:        217.79.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4c:7e:10:90:d5:93:40:ca:f1:d1:60:4c:eb:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  1 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97e0e141521dd7894b891d820b5f0f4a66960f9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ba:53:0d:d0:0e:0c:44:f4:48:bb:e5:38:07:
                    ca:21:d6:4d:a8:aa:e6:7e:ef:a3:1d:af:d3:6a:9f:
                    f0:21:d8:40:4f:d8:30:7b:ab:66:14:c6:31:c8:11:
                    ef:62:d4:0e:57:a5:9c:aa:6a:ae:e9:1f:97:8a:3c:
                    fc:bb:96:46:a3:8b:87:9c:18:78:75:e2:19:b0:3a:
                    6f:14:43:45:7a:cc:33:46:5a:30:1f:5b:0e:88:66:
                    5a:a6:c3:95:b8:aa:e2:2f:20:3b:3f:13:49:e7:36:
                    97:4a:9e:14:ca:ae:0e:17:9d:b8:fb:93:ac:e0:5f:
                    5f:a9:88:fa:2c:2f:9b:54:e1:05:79:01:d8:ae:0a:
                    27:c1:e5:72:04:2e:ff:40:b4:6f:6b:23:05:1a:0d:
                    30:3a:65:79:ef:74:3d:92:f8:7b:db:ef:e3:0b:f5:
                    b7:74:bf:c9:0c:3b:1e:47:21:93:48:36:ef:9b:cc:
                    ef:30:86:d6:22:49:4f:ab:ca:ab:90:ee:0c:c1:a6:
                    59:1a:94:84:0c:d4:c3:28:28:73:fa:44:b7:7f:51:
                    30:2b:30:d9:5e:86:5a:01:7f:2d:c5:f9:f2:cb:1f:
                    bb:46:39:87:6f:f2:fa:90:1d:49:a9:60:1f:0f:9c:
                    6e:37:c4:27:d8:81:de:7e:35:b6:a3:6e:ce:6e:90:
                    60:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:E0:E1:41:52:1D:D7:89:4B:89:1D:82:0B:5F:0F:4A:66:96:0F:9F
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/l-DhQVId14lLiR2CC18PSmaWD58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.79.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:88:e1:d8:77:22:e5:f0:06:9f:14:8f:b0:9c:5b:5b:08:0b:
         ce:e8:a8:07:cb:50:20:ac:ea:5b:ac:17:60:b3:36:19:cb:e6:
         77:9d:bf:2b:aa:28:db:40:e2:5c:c9:8c:44:ca:14:e1:d7:b7:
         3a:23:bd:3c:30:eb:0a:75:7b:3c:36:1b:4a:4a:8a:95:69:a3:
         5c:c5:b4:31:64:f6:40:56:e6:e9:80:46:d3:91:8b:69:ff:3a:
         d5:37:da:c4:85:23:ee:c9:db:ff:91:08:da:3e:24:84:f5:c2:
         d4:2a:f9:b9:5b:df:65:12:97:f7:1d:e3:91:2d:6e:e0:58:65:
         81:0f:e2:64:c3:11:84:01:c5:60:c2:a8:71:1f:bd:fa:99:53:
         fb:85:b9:66:6d:f6:1c:20:5c:8b:03:b4:6b:18:b1:0c:93:bc:
         5c:35:6a:d3:81:08:89:70:72:30:24:a8:71:31:47:95:b7:dc:
         14:ca:90:1b:75:14:73:80:8b:54:c2:2d:e7:95:71:b4:3d:bf:
         b4:bd:66:a3:21:a7:d6:14:8b:78:f7:4d:d4:51:89:46:ff:37:
         65:ff:25:ce:2e:13:20:84:28:33:22:17:f1:cc:7c:eb:a2:12:
         d9:69:0c:71:47:aa:91:92:eb:10:51:5c:f3:ab:b7:04:f8:82:
         91:9f:44:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskx+EJDVk0DK8dFgTOs+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjUwMTAxMTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2UwZTE0MTUyMWRkNzg5NGI4OTFkODIwYjVmMGY0YTY2OTYwZjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7pTDdAODET0SLvlOAfKIdZNqKrm
fu+jHa/Tap/wIdhAT9gwe6tmFMYxyBHvYtQOV6Wcqmqu6R+Xijz8u5ZGo4uHnBh4
deIZsDpvFENFeswzRlowH1sOiGZapsOVuKriLyA7PxNJ5zaXSp4Uyq4OF524+5Os
4F9fqYj6LC+bVOEFeQHYrgonweVyBC7/QLRvayMFGg0wOmV573Q9kvh72+/jC/W3
dL/JDDseRyGTSDbvm8zvMIbWIklPq8qrkO4MwaZZGpSEDNTDKChz+kS3f1EwKzDZ
XoZaAX8txfnyyx+7RjmHb/L6kB1JqWAfD5xuN8Qn2IHefjW2o27ObpBgBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfg4UFSHdeJS4kdggtfD0pmlg+fMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvbC1EaFFWSWQxNGxMaVIyQ0MxOFBTbWFXRDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2U+iMA0G
CSqGSIb3DQEBCwUAA4IBAQAtiOHYdyLl8AafFI+wnFtbCAvO6KgHy1AgrOpbrBdg
szYZy+Z3nb8rqijbQOJcyYxEyhTh17c6I708MOsKdXs8NhtKSoqVaaNcxbQxZPZA
VubpgEbTkYtp/zrVN9rEhSPuydv/kQjaPiSE9cLUKvm5W99lEpf3HeORLW7gWGWB
D+JkwxGEAcVgwqhxH736mVP7hblmbfYcIFyLA7RrGLEMk7xcNWrTgQiJcHIwJKhx
MUeVt9wUypAbdRRzgItUwi3nlXG0Pb+0vWajIafWFIt4903UUYlG/zdl/yXOLhMg
hCgzIhfxzHzrohLZaQxxR6qRkusQUVzzq7cE+IKRn0SF
-----END CERTIFICATE-----