Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/C7yOJGmo0fYfHfNG6wC-XNkmonw.roa
File:                     C7yOJGmo0fYfHfNG6wC-XNkmonw.roa (raw, json)
Hash identifier:          Pg2KjyHDYYNOoJUuLvN8BnmWut2RPSqWeaN3aLhhI1w=
Subject key identifier:   0B:BC:8E:24:69:A8:D1:F6:1F:1D:F3:46:EB:00:BE:5C:D9:26:A2:7C
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       018E1695D1EACD6F61B1D475E52D0FE43336
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/C7yOJGmo0fYfHfNG6wC-XNkmonw.roa
Signing time:             Thu 07 Mar 2024 01:45:01 +0000
ROA not before:           Thu 07 Mar 2024 01:45:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57310
IP address blocks:        217.71.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:16:95:d1:ea:cd:6f:61:b1:d4:75:e5:2d:0f:e4:33:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Mar  7 01:45:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bbc8e2469a8d1f61f1df346eb00be5cd926a27c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e5:0f:9c:ec:85:f9:a5:fe:c3:02:d9:00:9e:
                    a0:6b:a6:53:7a:24:a8:2f:73:ba:da:a8:5a:28:97:
                    c9:5c:f0:0f:9d:0f:be:e3:96:f3:b4:56:da:8b:96:
                    e3:d3:1a:0d:40:a6:97:69:83:e6:3d:80:db:de:d9:
                    36:a2:ad:07:95:61:f4:7e:bb:af:cd:2f:f9:6f:36:
                    48:1b:f5:c9:54:d2:8d:26:cf:5e:23:49:30:ae:7e:
                    74:6a:03:f1:e8:cb:4f:67:7d:56:79:b0:2c:29:00:
                    f8:d2:53:74:fe:a6:b2:bf:be:7e:5e:37:45:c0:21:
                    5d:3c:ef:d9:9e:9b:2d:ad:c9:a9:c3:78:f9:4a:37:
                    75:a8:e4:fa:12:84:97:1d:c2:06:6e:d0:9a:6b:28:
                    0e:a8:a8:77:f3:f8:41:49:65:65:fa:6e:e0:23:75:
                    68:10:3d:14:10:df:fa:90:31:fd:c0:3d:06:4c:91:
                    12:7a:b3:48:05:a0:c9:a3:14:1c:8a:81:b8:3e:83:
                    64:98:55:28:22:bb:61:9a:53:0f:76:cb:36:40:78:
                    21:10:58:28:d7:ab:e5:bb:34:72:ae:52:61:1a:22:
                    94:cb:9e:33:90:ae:4f:a3:5c:ea:27:f1:7e:14:bf:
                    9a:c8:fd:c2:51:f5:ad:67:3a:67:cd:5f:bd:67:7a:
                    53:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:BC:8E:24:69:A8:D1:F6:1F:1D:F3:46:EB:00:BE:5C:D9:26:A2:7C
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/C7yOJGmo0fYfHfNG6wC-XNkmonw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.71.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:c5:32:c2:4d:15:c9:26:52:66:2c:70:ad:87:aa:28:59:95:
         06:8a:05:ae:1b:93:90:2e:27:f7:ea:19:f0:c9:c2:fc:15:18:
         5f:92:5b:c8:80:34:43:e3:9f:b6:5f:04:66:d2:4a:94:97:35:
         2e:83:c6:5a:44:58:92:e5:b7:86:07:d7:73:d0:da:f6:eb:48:
         90:80:57:1f:36:68:ea:51:ff:ea:a8:01:07:97:80:34:7e:f3:
         a3:14:ec:63:71:cc:a7:a9:b2:b3:bc:9a:93:0f:72:e9:11:0b:
         e0:40:07:cd:57:87:57:6d:5b:00:40:58:0c:8a:2a:95:d8:7d:
         58:5e:b2:29:28:1d:de:9e:60:e0:df:3b:46:a3:a4:4c:8e:fd:
         b9:c2:15:64:06:d2:d1:fe:38:05:1f:83:21:a0:47:da:27:c7:
         43:2b:aa:dd:71:1f:5d:dd:84:23:36:3a:0f:59:e9:de:88:a5:
         f7:b8:c3:2f:3d:06:67:14:39:e5:4c:86:52:f6:78:aa:ea:8c:
         86:b7:f3:e6:1d:27:7e:3e:75:d1:6b:d2:8a:b0:7e:b8:e8:1a:
         cd:9c:5c:17:7d:ff:b9:6e:6f:ea:85:c7:47:49:c1:dd:8d:b3:
         3b:88:60:84:d6:2e:37:3e:be:50:da:41:bb:df:c8:6d:ae:e8:
         55:fb:f2:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4WldHqzW9hsdR15S0P5DM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQwMzA3MDE0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmJjOGUyNDY5YThkMWY2MWYxZGYzNDZlYjAwYmU1Y2Q5MjZhMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOUPnOyF+aX+wwLZAJ6ga6ZTeiSo
L3O62qhaKJfJXPAPnQ++45bztFbai5bj0xoNQKaXaYPmPYDb3tk2oq0HlWH0fruv
zS/5bzZIG/XJVNKNJs9eI0kwrn50agPx6MtPZ31WebAsKQD40lN0/qayv75+XjdF
wCFdPO/Znpstrcmpw3j5Sjd1qOT6EoSXHcIGbtCaaygOqKh38/hBSWVl+m7gI3Vo
ED0UEN/6kDH9wD0GTJESerNIBaDJoxQcioG4PoNkmFUoIrthmlMPdss2QHghEFgo
16vluzRyrlJhGiKUy54zkK5Po1zqJ/F+FL+ayP3CUfWtZzpnzV+9Z3pTnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAu8jiRpqNH2Hx3zRusAvlzZJqJ8MB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvQzd5T0pHbW8wZllmSGZORzZ3Qy1YTmttb253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UdxMA0G
CSqGSIb3DQEBCwUAA4IBAQAoxTLCTRXJJlJmLHCth6ooWZUGigWuG5OQLif36hnw
ycL8FRhfklvIgDRD45+2XwRm0kqUlzUug8ZaRFiS5beGB9dz0Nr260iQgFcfNmjq
Uf/qqAEHl4A0fvOjFOxjccynqbKzvJqTD3LpEQvgQAfNV4dXbVsAQFgMiiqV2H1Y
XrIpKB3enmDg3ztGo6RMjv25whVkBtLR/jgFH4MhoEfaJ8dDK6rdcR9d3YQjNjoP
WeneiKX3uMMvPQZnFDnlTIZS9niq6oyGt/PmHSd+PnXRa9KKsH646BrNnFwXff+5
bm/qhcdHScHdjbM7iGCE1i43Pr5Q2kG738htruhV+/JD
-----END CERTIFICATE-----