Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/aplkZ0HL9ZaZ5ASQElr3H2YSvHM.roa
File:                     aplkZ0HL9ZaZ5ASQElr3H2YSvHM.roa (raw, json)
Hash identifier:          IuE4aqi5iAemciMCZECKsUFlm6Ji/N8cH4INk9fMQQk=
Subject key identifier:   6A:99:64:67:41:CB:F5:96:99:E4:04:90:12:5A:F7:1F:66:12:BC:73
Certificate issuer:       /CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
Certificate serial:       018F4DEEA617BBDE4D3C228BC64987AD7213
Authority key identifier: 7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/aplkZ0HL9ZaZ5ASQElr3H2YSvHM.roa
Signing time:             Mon 06 May 2024 12:43:56 +0000
ROA not before:           Mon 06 May 2024 12:43:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200235
IP address blocks:        217.18.91.0/24 maxlen: 24
                          2a13:79c0:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4d:ee:a6:17:bb:de:4d:3c:22:8b:c6:49:87:ad:72:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
        Validity
            Not Before: May  6 12:43:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a99646741cbf59699e40490125af71f6612bc73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:77:7c:b9:e6:c6:c2:6f:c5:5b:a4:65:62:86:
                    19:10:1d:ca:1e:32:56:11:4c:ce:39:67:12:d0:9c:
                    b5:53:7d:cd:c6:ed:f0:72:77:6c:84:c4:97:e3:26:
                    04:e2:86:c5:72:a6:3d:cb:9a:ce:93:4d:11:e4:9d:
                    6b:32:79:d8:cb:97:14:22:0f:d0:bb:40:1e:0a:93:
                    5f:d1:db:ee:95:ae:4b:11:66:85:57:f5:27:ea:f2:
                    37:05:56:e1:eb:2d:61:ad:fd:84:db:a3:f1:70:56:
                    4b:b8:f8:b9:80:32:d2:06:5a:81:dd:08:8b:73:92:
                    a1:c7:27:70:d1:a4:ca:7c:91:6e:9e:1a:2c:2d:e3:
                    e9:53:fd:db:4f:1c:53:69:71:69:9d:ee:b8:91:92:
                    b5:90:46:ea:3e:22:9d:a1:ca:ce:f7:58:fb:f9:25:
                    73:b2:19:78:bd:46:31:99:46:be:00:c6:96:38:79:
                    15:c9:2e:16:b0:2a:64:df:1e:c0:37:3f:53:48:5f:
                    64:a4:94:8b:7e:f7:df:cb:82:ca:58:3a:db:4e:bd:
                    02:eb:e3:14:2f:dd:cb:62:70:eb:34:62:26:b5:2e:
                    ec:39:23:6c:2c:99:96:b6:d8:72:b5:c6:f6:c5:d5:
                    40:ad:28:b2:33:9d:0c:e2:0a:79:c7:51:75:7d:c6:
                    e5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:99:64:67:41:CB:F5:96:99:E4:04:90:12:5A:F7:1F:66:12:BC:73
            X509v3 Authority Key Identifier:
                keyid:7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/aplkZ0HL9ZaZ5ASQElr3H2YSvHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.91.0/24
                IPv6:
                  2a13:79c0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         df:e1:a8:15:c1:32:8f:cb:cb:42:10:28:5b:e3:08:ca:fc:c1:
         33:44:2f:45:47:df:3e:67:da:95:aa:dd:99:bf:cd:f5:4b:13:
         3c:2c:ed:87:67:7a:ea:67:0c:a9:7e:24:61:4f:18:c6:98:5d:
         20:70:7c:a3:b1:c1:a3:60:a6:76:75:c4:f9:e9:47:e2:30:b7:
         21:36:37:ba:11:e7:fe:70:ce:d0:39:0d:68:5a:6f:12:15:ad:
         eb:d8:c6:de:12:f9:58:4d:a0:a4:01:78:3a:bd:dc:20:e1:61:
         25:b5:07:b2:8d:87:d4:95:41:c5:6a:ce:c1:95:80:c9:1e:81:
         4d:27:f8:32:23:ee:3a:7c:44:ab:56:55:c7:4a:5d:47:0b:2d:
         6c:98:4a:f2:eb:b4:ff:3f:9d:36:79:98:cd:3b:3b:81:3f:e0:
         c1:56:67:2c:93:90:a0:30:e5:c7:54:2a:c0:6e:c8:50:19:bf:
         90:35:9f:0d:e5:38:f5:d3:42:47:0f:25:6e:ff:68:d0:20:6f:
         a9:07:7d:12:d5:81:ec:7d:bc:b6:ba:de:5d:95:3c:e3:4c:63:
         d8:64:c6:b6:ab:8e:4c:7a:5b:1c:84:c8:69:8e:a6:5f:e2:61:
         bb:a3:9d:3c:00:c0:c6:ed:1f:1a:e0:9d:36:12:6b:a3:a4:92:
         0e:59:a5:dc
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAY9N7qYXu95NPCKLxkmHrXITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOTY1ZWE2YjM5YzIyYWVjMmFkMmQ0ZDRjMGEzYTMxM2Rm
MWRlZmEwHhcNMjQwNTA2MTI0MzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk5NjQ2NzQxY2JmNTk2OTllNDA0OTAxMjVhZjcxZjY2MTJiYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHd8uebGwm/FW6RlYoYZEB3KHjJW
EUzOOWcS0Jy1U33Nxu3wcndshMSX4yYE4obFcqY9y5rOk00R5J1rMnnYy5cUIg/Q
u0AeCpNf0dvula5LEWaFV/Un6vI3BVbh6y1hrf2E26PxcFZLuPi5gDLSBlqB3QiL
c5Khxydw0aTKfJFunhosLePpU/3bTxxTaXFpne64kZK1kEbqPiKdocrO91j7+SVz
shl4vUYxmUa+AMaWOHkVyS4WsCpk3x7ANz9TSF9kpJSLfvffy4LKWDrbTr0C6+MU
L93LYnDrNGImtS7sOSNsLJmWtthytcb2xdVArSiyM50M4gp5x1F1fcbl4wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFGqZZGdBy/WWmeQEkBJa9x9mErxzMB8GA1UdIwQY
MBaAFH2WXqaznCKuwq0tTUwKOjE98d76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjct
MzJmNWE5NTA3NzMxLzEvYXBsa1owSEw5WmFaNUFTUUVscjNIMllTdkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjctMzJmNWE5NTA3NzMx
LzEvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQA2RJbMA4E
AgACMAgDBgAqE3nAATANBgkqhkiG9w0BAQsFAAOCAQEA3+GoFcEyj8vLQhAoW+MI
yvzBM0QvRUffPmfalardmb/N9UsTPCzth2d66mcMqX4kYU8YxphdIHB8o7HBo2Cm
dnXE+elH4jC3ITY3uhHn/nDO0DkNaFpvEhWt69jG3hL5WE2gpAF4Or3cIOFhJbUH
so2H1JVBxWrOwZWAyR6BTSf4MiPuOnxEq1ZVx0pdRwstbJhK8uu0/z+dNnmYzTs7
gT/gwVZnLJOQoDDlx1QqwG7IUBm/kDWfDeU49dNCRw8lbv9o0CBvqQd9EtWB7H28
trreXZU840xj2GTGtquOTHpbHITIaY6mX+Jhu6OdPADAxu0fGuCdNhJro6SSDlml
3A==
-----END CERTIFICATE-----