Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/D4aJgyurg5sBV9aRkfmz2Wsl9lU.roa
File:                     D4aJgyurg5sBV9aRkfmz2Wsl9lU.roa (raw, json)
Hash identifier:          zPt9r8i/IiMY/kNPrd/XCtTmcwSRz/do1PNZccVMDv8=
Subject key identifier:   0F:86:89:83:2B:AB:83:9B:01:57:D6:91:91:F9:B3:D9:6B:25:F6:55
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0195B3A0B9C20036422938F1BAE19A40DA9C
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/D4aJgyurg5sBV9aRkfmz2Wsl9lU.roa
Signing time:             Thu 20 Mar 2025 12:56:49 +0000
ROA not before:           Thu 20 Mar 2025 12:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215419
IP address blocks:        217.18.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:a0:b9:c2:00:36:42:29:38:f1:ba:e1:9a:40:da:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Mar 20 12:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f8689832bab839b0157d69191f9b3d96b25f655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2d:f0:4c:f9:02:2b:ad:f4:30:ef:1a:dd:bd:
                    3b:e9:81:71:02:e3:9e:73:96:95:16:17:d9:5f:b1:
                    16:79:de:e5:13:0d:a6:7e:04:85:1f:69:b8:e6:a1:
                    e1:71:b5:a9:80:59:3d:ea:85:2b:db:be:cf:c5:3f:
                    5f:bd:63:e3:fb:0d:8e:05:3f:bb:11:89:ee:7e:2a:
                    4a:60:18:9d:84:b6:3e:7a:33:31:64:bf:b9:8f:69:
                    ab:d2:68:4c:52:b7:66:88:c1:42:3e:02:3f:66:00:
                    99:68:f4:c2:0e:f5:88:05:f0:bd:28:e4:63:17:85:
                    b6:8d:fb:31:b7:44:d6:d8:05:cc:f8:96:6d:80:6f:
                    de:9e:97:99:76:8a:28:24:78:6a:a3:6d:f0:c4:5a:
                    fe:16:e6:45:ce:02:fc:d1:cf:2c:b9:4d:85:3f:2f:
                    0c:18:8c:44:f3:3a:a7:eb:57:da:ab:dc:d7:1b:63:
                    d2:70:eb:8c:a4:4d:66:ee:de:7c:58:45:20:ef:28:
                    ec:6b:fc:26:47:53:7b:1c:5f:84:d6:f8:d9:52:b1:
                    6c:d7:e3:c4:0d:0b:ca:8f:b2:56:aa:88:83:13:ba:
                    3c:06:d8:f1:0b:90:0d:8c:78:f6:02:25:ad:64:06:
                    b5:99:2d:5e:53:2f:a5:0b:ea:5c:14:7f:20:2e:38:
                    0a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:86:89:83:2B:AB:83:9B:01:57:D6:91:91:F9:B3:D9:6B:25:F6:55
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/D4aJgyurg5sBV9aRkfmz2Wsl9lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:7b:0a:dc:f1:59:b6:cc:e0:6a:08:5f:27:ba:39:bd:4b:c7:
         ff:20:1a:80:32:23:8f:11:ec:73:fd:0b:99:3c:67:72:19:be:
         2c:57:86:41:92:aa:2e:12:69:00:58:06:7c:b8:70:d5:08:4e:
         4a:a5:ef:3c:26:1e:1a:c3:c1:06:6c:79:b4:67:24:61:69:ce:
         a7:3c:8b:84:87:44:42:e1:2b:60:71:ac:7c:b2:1d:b9:cf:19:
         6b:12:74:89:99:78:7c:6e:19:cf:6b:38:83:98:70:70:35:d3:
         01:f6:78:67:c6:ce:f1:d0:70:67:9b:99:b1:db:56:df:62:98:
         6b:24:b9:9a:ba:53:97:0b:f3:52:d1:4d:f2:f4:0e:b9:1a:eb:
         07:d8:1d:d1:f0:15:27:c3:04:e1:38:d6:94:46:d3:b7:97:25:
         7d:b6:3d:81:94:da:43:a6:d4:f3:c2:e3:4f:26:22:2e:19:08:
         34:78:98:86:46:26:6a:65:8b:7b:9d:7f:93:4c:01:43:7c:c5:
         5d:95:3b:4d:93:99:b2:20:29:73:41:71:66:82:aa:fe:6a:73:
         6a:eb:d4:74:0d:32:2a:8a:0c:4c:0c:18:c8:5f:3d:5f:79:3a:
         70:ca:50:1e:fb:d7:e1:49:83:42:9a:19:2f:d4:20:45:a8:f0:
         93:21:a5:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWzoLnCADZCKTjxuuGaQNqcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMzIwMTI1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjg2ODk4MzJiYWI4MzliMDE1N2Q2OTE5MWY5YjNkOTZiMjVmNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmy3wTPkCK630MO8a3b076YFxAuOe
c5aVFhfZX7EWed7lEw2mfgSFH2m45qHhcbWpgFk96oUr277PxT9fvWPj+w2OBT+7
EYnufipKYBidhLY+ejMxZL+5j2mr0mhMUrdmiMFCPgI/ZgCZaPTCDvWIBfC9KORj
F4W2jfsxt0TW2AXM+JZtgG/enpeZdoooJHhqo23wxFr+FuZFzgL80c8suU2FPy8M
GIxE8zqn61faq9zXG2PScOuMpE1m7t58WEUg7yjsa/wmR1N7HF+E1vjZUrFs1+PE
DQvKj7JWqoiDE7o8BtjxC5ANjHj2AiWtZAa1mS1eUy+lC+pcFH8gLjgKIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+GiYMrq4ObAVfWkZH5s9lrJfZVMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvRDRhSmd5dXJnNXNCVjlhUmtmbXoyV3NsOWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJaMA0G
CSqGSIb3DQEBCwUAA4IBAQA8ewrc8Vm2zOBqCF8nujm9S8f/IBqAMiOPEexz/QuZ
PGdyGb4sV4ZBkqouEmkAWAZ8uHDVCE5Kpe88Jh4aw8EGbHm0ZyRhac6nPIuEh0RC
4Stgcax8sh25zxlrEnSJmXh8bhnPaziDmHBwNdMB9nhnxs7x0HBnm5mx21bfYphr
JLmaulOXC/NS0U3y9A65GusH2B3R8BUnwwThONaURtO3lyV9tj2BlNpDptTzwuNP
JiIuGQg0eJiGRiZqZYt7nX+TTAFDfMVdlTtNk5myIClzQXFmgqr+anNq69R0DTIq
igxMDBjIXz1feTpwylAe+9fhSYNCmhkv1CBFqPCTIaVs
-----END CERTIFICATE-----