Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/17cVOKFfmwAIro_FC1Npp4dy3qE.roa
File:                     17cVOKFfmwAIro_FC1Npp4dy3qE.roa (raw, json)
Hash identifier:          r6P4GFMI7PqvEeSmFeQz/rQk0NsSHmm92e2FFsdFzHs=
Subject key identifier:   D7:B7:15:38:A1:5F:9B:00:08:AE:8F:C5:0B:53:69:A7:87:72:DE:A1
Certificate issuer:       /CN=97eac753379fd22ff6515033f513dc282463ad2d
Certificate serial:       018CC5DC9DCEF13883D3F75B5AE27B1ED11B
Authority key identifier: 97:EA:C7:53:37:9F:D2:2F:F6:51:50:33:F5:13:DC:28:24:63:AD:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/17cVOKFfmwAIro_FC1Npp4dy3qE.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211336
IP address blocks:        185.184.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9d:ce:f1:38:83:d3:f7:5b:5a:e2:7b:1e:d1:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97eac753379fd22ff6515033f513dc282463ad2d
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7b71538a15f9b0008ae8fc50b5369a78772dea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:39:e9:3e:ae:9a:ae:34:7c:6f:c9:1e:fb:5f:
                    be:84:aa:bb:be:47:65:2f:aa:0f:f4:aa:ed:29:79:
                    60:46:42:50:65:8c:d1:22:ec:ca:23:c7:65:51:24:
                    82:a4:3b:77:aa:99:f6:df:d1:29:3f:a9:81:c9:99:
                    9d:24:24:70:af:e9:bb:4b:1f:76:1a:49:5a:99:f0:
                    86:d0:9b:40:6c:b9:df:6b:c5:23:4e:8f:57:0e:20:
                    11:75:d2:dd:e5:da:fe:b1:1d:19:ed:76:28:85:3c:
                    4b:a6:03:44:71:74:50:2b:f1:c2:f9:82:d9:4f:7f:
                    6f:b3:11:8a:8e:ca:e3:02:5d:bf:67:0c:e7:71:9e:
                    62:f0:1a:52:35:d3:55:e3:3f:b6:e6:7d:0d:3e:37:
                    04:b9:c6:e9:1a:ba:3d:22:a7:0a:9c:ae:89:06:74:
                    8a:d7:1b:db:42:dc:5b:dc:5f:68:d9:00:dd:04:eb:
                    1a:3c:a7:d7:e4:c2:10:c2:64:f9:c4:c5:cc:76:97:
                    f9:de:0a:c5:10:10:03:58:57:56:ad:94:fa:3c:8e:
                    12:b4:ca:17:50:9e:db:90:94:50:93:cf:98:0f:7a:
                    45:06:62:5b:de:3d:fb:b3:cd:5e:14:ce:48:45:c9:
                    00:01:03:e6:ab:49:5b:fe:ef:76:46:54:ee:54:f9:
                    b4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:B7:15:38:A1:5F:9B:00:08:AE:8F:C5:0B:53:69:A7:87:72:DE:A1
            X509v3 Authority Key Identifier:
                keyid:97:EA:C7:53:37:9F:D2:2F:F6:51:50:33:F5:13:DC:28:24:63:AD:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/17cVOKFfmwAIro_FC1Npp4dy3qE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ea:ac:16:c1:d8:59:db:03:7d:e9:cc:c6:fd:1a:2e:c9:93:
         23:07:de:42:bc:1f:38:33:67:8e:b1:07:47:38:9f:99:c5:39:
         ce:e4:d6:17:c2:fa:18:3a:dc:fb:b2:05:d2:e0:09:6e:f2:f9:
         e9:9c:90:d6:ea:40:b3:b9:57:25:8f:1e:89:71:c8:a9:f7:c9:
         9e:28:94:ff:2a:fb:ac:6e:bd:d1:f4:b4:41:44:5f:c8:6a:ab:
         23:3b:a6:96:0c:d0:13:8c:a5:b9:5e:1e:52:5a:fe:ae:70:f2:
         91:ae:cd:97:e0:66:b8:41:cb:6d:85:3a:78:e2:2f:c0:c2:52:
         f9:17:ec:18:55:f7:39:e0:e3:e9:e3:41:d9:cb:f8:df:37:2b:
         a6:22:56:d0:16:f3:f4:6d:79:87:38:86:75:80:2b:a0:a9:5f:
         8b:15:3f:d9:c7:49:72:f2:3a:59:2e:05:a8:49:6d:e4:6f:4e:
         2e:88:39:76:5d:17:82:50:08:85:b0:86:46:0a:90:4e:ab:60:
         3c:b8:2d:e1:78:e4:fa:08:98:b8:ff:a7:41:c1:f9:b4:10:37:
         9f:a5:5d:0e:e4:0f:ae:7b:3e:8f:e0:a3:9b:39:32:8a:0f:c4:
         8e:ec:6a:fd:53:3c:41:50:0d:4a:3f:db:12:38:f2:58:79:17:
         32:1c:66:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3J3O8TiD0/dbWuJ7HtEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWFjNzUzMzc5ZmQyMmZmNjUxNTAzM2Y1MTNkYzI4MjQ2
M2FkMmQwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2I3MTUzOGExNWY5YjAwMDhhZThmYzUwYjUzNjlhNzg3NzJkZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0znpPq6arjR8b8ke+1++hKq7vkdl
L6oP9KrtKXlgRkJQZYzRIuzKI8dlUSSCpDt3qpn239EpP6mByZmdJCRwr+m7Sx92
GklamfCG0JtAbLnfa8UjTo9XDiARddLd5dr+sR0Z7XYohTxLpgNEcXRQK/HC+YLZ
T39vsxGKjsrjAl2/ZwzncZ5i8BpSNdNV4z+25n0NPjcEucbpGro9IqcKnK6JBnSK
1xvbQtxb3F9o2QDdBOsaPKfX5MIQwmT5xMXMdpf53grFEBADWFdWrZT6PI4StMoX
UJ7bkJRQk8+YD3pFBmJb3j37s81eFM5IRckAAQPmq0lb/u92RlTuVPm0lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNe3FTihX5sACK6PxQtTaaeHct6hMB8GA1UdIwQY
MBaAFJfqx1M3n9Iv9lFQM/UT3CgkY60tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC1ySFV6ZWYwaV8yVVZBejlSUGNLQ1JqclMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80YjA4YWYtNjdkYi00MmRhLWEwOTQt
ZWY1OTBjMWM4ZTEyLzEvMTdjVk9LRmZtd0FJcm9fRkMxTnBwNGR5M3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80YjA4YWYtNjdkYi00MmRhLWEwOTQtZWY1OTBjMWM4ZTEy
LzEvbC1ySFV6ZWYwaV8yVVZBejlSUGNLQ1JqclMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubiRMA0G
CSqGSIb3DQEBCwUAA4IBAQBb6qwWwdhZ2wN96czG/RouyZMjB95CvB84M2eOsQdH
OJ+ZxTnO5NYXwvoYOtz7sgXS4Alu8vnpnJDW6kCzuVcljx6Jccip98meKJT/Kvus
br3R9LRBRF/IaqsjO6aWDNATjKW5Xh5SWv6ucPKRrs2X4Ga4QctthTp44i/AwlL5
F+wYVfc54OPp40HZy/jfNyumIlbQFvP0bXmHOIZ1gCugqV+LFT/Zx0ly8jpZLgWo
SW3kb04uiDl2XReCUAiFsIZGCpBOq2A8uC3heOT6CJi4/6dBwfm0EDefpV0O5A+u
ez6P4KObOTKKD8SO7Gr9UzxBUA1KP9sSOPJYeRcyHGYW
-----END CERTIFICATE-----