Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/c345f3-b53a-41bf-996b-34b8d9de96ca/1/F20RePYUMCkJ4HOZQXU0Fxre2Jo.roa
File:                     F20RePYUMCkJ4HOZQXU0Fxre2Jo.roa (raw, json)
Hash identifier:          ZtCruU9JiKZDFOlJgW3IOZlb7irO4TDeUCO9ecyFkyo=
Subject key identifier:   17:6D:11:78:F6:14:30:29:09:E0:73:99:41:75:34:17:1A:DE:D8:9A
Certificate issuer:       /CN=a634878281144a46a856003d622f6141ea4e006f
Certificate serial:       018CC348FF5CEAA0AF0D8E6C5AF0FE372DEE
Authority key identifier: A6:34:87:82:81:14:4A:46:A8:56:00:3D:62:2F:61:41:EA:4E:00:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjSHgoEUSkaoVgA9Yi9hQepOAG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/c345f3-b53a-41bf-996b-34b8d9de96ca/1/F20RePYUMCkJ4HOZQXU0Fxre2Jo.roa
Signing time:             Mon 01 Jan 2024 04:29:50 +0000
ROA not before:           Mon 01 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207608
IP address blocks:        217.144.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/c345f3-b53a-41bf-996b-34b8d9de96ca/1/pjSHgoEUSkaoVgA9Yi9hQepOAG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/c345f3-b53a-41bf-996b-34b8d9de96ca/1/pjSHgoEUSkaoVgA9Yi9hQepOAG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjSHgoEUSkaoVgA9Yi9hQepOAG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ff:5c:ea:a0:af:0d:8e:6c:5a:f0:fe:37:2d:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a634878281144a46a856003d622f6141ea4e006f
        Validity
            Not Before: Jan  1 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=176d1178f614302909e07399417534171aded89a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4b:4a:c1:42:37:05:f8:1a:3c:a3:e4:0c:6d:
                    ba:74:b8:96:41:09:bb:75:03:3a:24:e0:ee:f8:a4:
                    a4:7c:37:68:62:1c:2b:aa:09:22:ae:2e:b8:22:42:
                    1e:82:ce:b3:b6:6c:5b:ee:ff:a9:41:14:ca:e2:df:
                    12:25:0c:1f:1f:46:47:c7:03:a6:5d:e4:89:c9:6a:
                    87:8b:3a:3b:38:10:f7:f0:cd:0e:71:81:f6:31:be:
                    0a:1b:e5:8b:45:cc:df:b0:15:6e:f9:cf:99:38:aa:
                    9c:b0:d1:22:5d:74:bd:7c:20:69:32:b0:11:c8:21:
                    9e:98:f5:b0:34:72:58:d2:b4:12:5d:33:d7:fd:1b:
                    6c:e1:7a:50:8a:bb:99:b2:05:5f:35:10:2d:75:83:
                    e8:42:ca:f2:be:ec:ff:83:25:0c:56:a4:35:c7:aa:
                    3a:ff:0b:5c:31:d2:5a:a1:d5:36:15:f2:99:30:0f:
                    ae:ba:6e:cf:a8:27:e1:1f:b9:e8:32:b0:eb:ab:a7:
                    77:74:46:1d:b5:b9:ca:78:07:7a:ba:92:36:55:2d:
                    5e:4c:3d:c7:77:08:fa:7d:65:63:19:93:87:95:a5:
                    94:04:14:b6:28:d7:d1:4f:6d:67:6a:3d:83:07:f1:
                    5e:62:e0:6f:b3:98:6f:c8:9d:f9:1a:cf:65:da:10:
                    04:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:6D:11:78:F6:14:30:29:09:E0:73:99:41:75:34:17:1A:DE:D8:9A
            X509v3 Authority Key Identifier:
                keyid:A6:34:87:82:81:14:4A:46:A8:56:00:3D:62:2F:61:41:EA:4E:00:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjSHgoEUSkaoVgA9Yi9hQepOAG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/c345f3-b53a-41bf-996b-34b8d9de96ca/1/F20RePYUMCkJ4HOZQXU0Fxre2Jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/c345f3-b53a-41bf-996b-34b8d9de96ca/1/pjSHgoEUSkaoVgA9Yi9hQepOAG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:72:4d:2e:4c:3b:2f:19:61:a9:58:ae:e1:8f:d8:d3:1b:8d:
         86:e6:74:ee:5e:2e:12:eb:c4:98:71:6f:dc:ab:cd:e0:10:fe:
         a7:a4:bd:ed:42:3e:d6:cc:2a:ce:97:0e:5b:3e:2d:84:dc:15:
         c0:ca:37:6f:da:a6:b4:3f:9c:fb:4a:31:2a:d8:f3:2d:92:36:
         81:88:48:04:fe:7e:79:9b:36:78:0d:f0:4d:35:34:cb:36:fa:
         1d:28:9d:d5:5c:f5:23:b0:52:6a:b3:39:37:4a:c6:a8:5a:a1:
         a9:b0:a7:8b:1a:af:48:5e:ca:e6:4c:50:73:fc:30:94:ad:f5:
         56:17:22:45:7b:44:48:14:0c:a9:0b:bb:be:25:4d:7b:f7:aa:
         24:ed:c4:0a:4b:f7:99:1e:45:67:d1:55:eb:06:ce:50:75:da:
         3f:70:f9:60:bb:df:ef:d0:b2:7f:ec:89:cc:f3:8a:cc:34:60:
         24:2e:c2:bc:5b:58:f4:66:72:9e:ca:15:ab:3b:4d:66:b3:a9:
         42:f0:90:56:c7:fd:6a:b3:55:f4:d7:24:2b:75:4c:a2:af:a0:
         7f:27:48:a6:a6:7d:ac:c2:19:4e:55:26:5e:03:be:58:34:ef:
         f3:f3:b7:06:bc:5d:11:19:c2:ed:03:68:b9:8c:3c:8c:6d:86:
         e5:90:62:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSP9c6qCvDY5sWvD+Ny3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MzQ4NzgyODExNDRhNDZhODU2MDAzZDYyMmY2MTQxZWE0
ZTAwNmYwHhcNMjQwMTAxMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzZkMTE3OGY2MTQzMDI5MDllMDczOTk0MTc1MzQxNzFhZGVkODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0tKwUI3BfgaPKPkDG26dLiWQQm7
dQM6JODu+KSkfDdoYhwrqgkiri64IkIegs6ztmxb7v+pQRTK4t8SJQwfH0ZHxwOm
XeSJyWqHizo7OBD38M0OcYH2Mb4KG+WLRczfsBVu+c+ZOKqcsNEiXXS9fCBpMrAR
yCGemPWwNHJY0rQSXTPX/Rts4XpQiruZsgVfNRAtdYPoQsryvuz/gyUMVqQ1x6o6
/wtcMdJaodU2FfKZMA+uum7PqCfhH7noMrDrq6d3dEYdtbnKeAd6upI2VS1eTD3H
dwj6fWVjGZOHlaWUBBS2KNfRT21naj2DB/FeYuBvs5hvyJ35Gs9l2hAEpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdtEXj2FDApCeBzmUF1NBca3tiaMB8GA1UdIwQY
MBaAFKY0h4KBFEpGqFYAPWIvYUHqTgBvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGpTSGdvRVVTa2FvVmdBOVlpOWhRZXBPQUc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jMzQ1ZjMtYjUzYS00MWJmLTk5NmIt
MzRiOGQ5ZGU5NmNhLzEvRjIwUmVQWVVNQ2tKNEhPWlFYVTBGeHJlMkpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jMzQ1ZjMtYjUzYS00MWJmLTk5NmItMzRiOGQ5ZGU5NmNh
LzEvcGpTSGdvRVVTa2FvVmdBOVlpOWhRZXBPQUc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZBLMA0G
CSqGSIb3DQEBCwUAA4IBAQBEck0uTDsvGWGpWK7hj9jTG42G5nTuXi4S68SYcW/c
q83gEP6npL3tQj7WzCrOlw5bPi2E3BXAyjdv2qa0P5z7SjEq2PMtkjaBiEgE/n55
mzZ4DfBNNTTLNvodKJ3VXPUjsFJqszk3SsaoWqGpsKeLGq9IXsrmTFBz/DCUrfVW
FyJFe0RIFAypC7u+JU1796ok7cQKS/eZHkVn0VXrBs5Qddo/cPlgu9/v0LJ/7InM
84rMNGAkLsK8W1j0ZnKeyhWrO01ms6lC8JBWx/1qs1X01yQrdUyir6B/J0impn2s
whlOVSZeA75YNO/z87cGvF0RGcLtA2i5jDyMbYblkGLs
-----END CERTIFICATE-----