Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/AoMT5b0s220gfTbI5C6yhKPwPrE.roa
File:                     AoMT5b0s220gfTbI5C6yhKPwPrE.roa (raw, json)
Hash identifier:          +qSXAk/lFWMsTuz1TwEHbExedzxqhqbaCt1snmBnH+8=
Subject key identifier:   02:83:13:E5:BD:2C:DB:6D:20:7D:36:C8:E4:2E:B2:84:A3:F0:3E:B1
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       01973179D78354B865C3E428585A2B1F52B3
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/AoMT5b0s220gfTbI5C6yhKPwPrE.roa
Signing time:             Mon 02 Jun 2025 16:29:18 +0000
ROA not before:           Mon 02 Jun 2025 16:29:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        217.25.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 07:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:79:d7:83:54:b8:65:c3:e4:28:58:5a:2b:1f:52:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jun  2 16:29:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=028313e5bd2cdb6d207d36c8e42eb284a3f03eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f2:e6:c4:5b:b6:57:8d:3b:3b:ff:3f:da:35:
                    4e:2e:cb:e6:39:9e:07:50:a4:8e:15:97:f4:21:be:
                    1e:fc:3d:51:1b:c4:52:fc:90:86:3c:18:2b:e0:b2:
                    ce:19:0e:62:65:c4:0b:3c:fb:ca:8e:ea:84:c0:77:
                    e1:7a:d6:05:39:35:a0:1c:f0:26:e8:2b:79:bb:b8:
                    39:2a:c8:cf:f2:0f:98:e8:2e:87:ed:40:ec:3b:a0:
                    c9:83:0f:3f:4a:f4:86:73:c9:be:b9:4d:f7:50:7b:
                    5c:af:75:4e:59:ee:40:60:26:b2:b8:ad:4b:1f:09:
                    1b:7a:a8:06:aa:f5:db:63:f9:6a:b9:c1:e3:2f:98:
                    2c:78:89:f1:3e:34:d0:97:10:4a:de:8e:99:fd:22:
                    dc:c1:08:53:63:96:62:4b:df:e9:da:3a:4e:e1:f4:
                    a1:a1:a7:37:f7:da:8c:24:05:eb:95:24:5f:de:05:
                    1b:fc:29:50:0a:cf:15:67:c9:bf:a1:33:30:6a:6f:
                    fc:c7:92:7b:e0:a3:6c:11:2b:7a:e8:04:e1:9d:d9:
                    e6:5b:09:af:d2:e5:fb:ba:4e:6b:14:87:70:e6:13:
                    70:32:ab:d4:32:95:9d:f4:d7:01:ee:6a:6a:dc:3a:
                    25:25:36:37:47:6a:dd:22:d3:80:53:3a:38:55:a4:
                    a4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:83:13:E5:BD:2C:DB:6D:20:7D:36:C8:E4:2E:B2:84:A3:F0:3E:B1
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/AoMT5b0s220gfTbI5C6yhKPwPrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:c1:65:77:b6:f1:f5:aa:d4:3c:04:18:06:d2:0b:d1:b9:ed:
         2b:6c:48:31:b8:85:e7:24:9c:41:92:58:25:3f:62:85:ca:a2:
         5e:a4:dd:2c:51:82:90:a3:ff:16:bf:23:45:7f:74:ef:cc:79:
         96:26:ef:bc:06:17:31:fb:4c:c5:7a:02:10:fb:5a:c2:f8:ba:
         2c:b1:2e:7b:ef:c7:13:2e:2f:3a:48:61:0d:84:1b:79:75:8b:
         d7:e6:19:24:86:f6:d7:50:28:fe:a4:6b:2a:89:d5:ef:20:ae:
         eb:95:a0:5a:fc:46:2c:65:44:96:39:d5:25:63:76:48:cc:8a:
         46:c1:1f:83:6f:5b:83:27:e0:ca:58:1b:14:9c:ea:1f:47:91:
         f5:b3:1a:ad:27:7e:6c:cb:e6:b1:ae:f7:6d:ba:c6:54:94:58:
         e0:6c:82:97:a2:c0:c3:b6:48:9b:95:2c:14:01:1c:ed:18:6c:
         32:56:e3:a1:5c:8d:20:d5:7c:3c:0b:4e:9b:01:11:04:66:4f:
         d1:e3:34:62:ac:26:65:4e:c0:11:64:f0:33:2b:20:23:f3:15:
         30:89:f1:c4:1f:46:f0:1f:fe:ab:a3:c2:d2:a6:8a:93:ee:b1:
         55:7b:59:35:61:99:bc:75:07:fa:d7:14:f9:fe:f0:91:68:66:
         3e:d3:e5:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcxedeDVLhlw+QoWForH1KzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwNjAyMTYyOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjgzMTNlNWJkMmNkYjZkMjA3ZDM2YzhlNDJlYjI4NGEzZjAzZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvLmxFu2V407O/8/2jVOLsvmOZ4H
UKSOFZf0Ib4e/D1RG8RS/JCGPBgr4LLOGQ5iZcQLPPvKjuqEwHfhetYFOTWgHPAm
6Ct5u7g5KsjP8g+Y6C6H7UDsO6DJgw8/SvSGc8m+uU33UHtcr3VOWe5AYCayuK1L
HwkbeqgGqvXbY/lqucHjL5gseInxPjTQlxBK3o6Z/SLcwQhTY5ZiS9/p2jpO4fSh
oac399qMJAXrlSRf3gUb/ClQCs8VZ8m/oTMwam/8x5J74KNsESt66AThndnmWwmv
0uX7uk5rFIdw5hNwMqvUMpWd9NcB7mpq3DolJTY3R2rdItOAUzo4VaSkiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKDE+W9LNttIH02yOQusoSj8D6xMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvQW9NVDViMHMyMjBnZlRiSTVDNnloS1B3UHJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkDMA0G
CSqGSIb3DQEBCwUAA4IBAQA5wWV3tvH1qtQ8BBgG0gvRue0rbEgxuIXnJJxBklgl
P2KFyqJepN0sUYKQo/8WvyNFf3TvzHmWJu+8Bhcx+0zFegIQ+1rC+LossS5778cT
Li86SGENhBt5dYvX5hkkhvbXUCj+pGsqidXvIK7rlaBa/EYsZUSWOdUlY3ZIzIpG
wR+Db1uDJ+DKWBsUnOofR5H1sxqtJ35sy+axrvdtusZUlFjgbIKXosDDtkiblSwU
ARztGGwyVuOhXI0g1Xw8C06bAREEZk/R4zRirCZlTsARZPAzKyAj8xUwifHEH0bw
H/6ro8LSpoqT7rFVe1k1YZm8dQf61xT5/vCRaGY+0+U0
-----END CERTIFICATE-----