Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/J4sXrnc9xvhDej_3MWUqZ5A6mf4.roa
File:                     J4sXrnc9xvhDej_3MWUqZ5A6mf4.roa (raw, json)
Hash identifier:          mVS533kQ/u7kqShRaIQHUJifBfq4VqJ0XHVZYIX9ZRU=
Subject key identifier:   27:8B:17:AE:77:3D:C6:F8:43:7A:3F:F7:31:65:2A:67:90:3A:99:FE
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       01905E195C99A1EC4DF7FB5F8B4BEEC52BA3
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/J4sXrnc9xvhDej_3MWUqZ5A6mf4.roa
Signing time:             Fri 28 Jun 2024 09:07:18 +0000
ROA not before:           Fri 28 Jun 2024 09:07:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142146
IP address blocks:        217.25.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5e:19:5c:99:a1:ec:4d:f7:fb:5f:8b:4b:ee:c5:2b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jun 28 09:07:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=278b17ae773dc6f8437a3ff731652a67903a99fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a6:ad:a1:50:f3:dc:65:eb:85:10:21:11:49:
                    bf:d6:1b:d4:af:74:14:88:45:90:85:6a:2a:96:62:
                    50:44:4d:e6:82:8f:d3:e4:7f:ab:b6:31:67:03:48:
                    19:4a:e8:45:67:73:7a:cc:a8:98:e9:b7:a8:c9:b7:
                    66:6a:40:9d:77:59:86:c0:ef:db:ff:6f:af:2f:54:
                    6e:02:9c:bd:f9:cd:1f:a0:7c:6e:50:ae:2e:6b:07:
                    b1:d9:03:30:65:11:6a:b2:be:37:90:7e:c4:c4:0a:
                    b0:57:ba:6f:19:a2:49:fc:7e:a9:f3:f4:b5:2d:4e:
                    f7:b1:b7:e0:17:0f:9e:74:84:dc:81:af:76:a9:7a:
                    61:d7:f6:65:b6:e2:95:50:8d:fe:d3:6e:79:f7:35:
                    40:7a:a3:ca:e3:23:15:ea:a5:e2:ab:d4:af:df:6e:
                    dc:57:6b:5e:2e:b4:d8:c8:f1:8b:98:c2:7d:e2:d7:
                    de:52:1f:e8:d7:ae:44:b5:9b:4d:99:50:0c:6a:d4:
                    82:c5:eb:e8:56:a1:ac:20:43:b9:f4:7d:dc:d1:19:
                    05:97:a8:7b:56:75:ff:3f:f0:f1:bd:2d:71:53:df:
                    75:3a:ae:a2:61:15:63:d4:dd:4c:32:67:dd:89:e2:
                    35:f9:a0:00:f6:52:f3:8b:49:96:bd:1a:99:e7:ed:
                    e9:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:8B:17:AE:77:3D:C6:F8:43:7A:3F:F7:31:65:2A:67:90:3A:99:FE
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/J4sXrnc9xvhDej_3MWUqZ5A6mf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b6:a3:05:d8:13:4e:34:67:d8:2e:e1:e0:be:7d:cb:c6:05:
         9d:6d:40:90:24:eb:a1:e8:54:7e:60:32:65:04:fb:0d:53:a4:
         3a:83:42:82:dd:e0:43:7d:21:f2:14:15:c5:22:79:79:b4:a4:
         14:66:69:0f:6e:14:f9:1a:06:db:1f:0b:82:81:e1:77:e1:88:
         63:d8:c9:6b:e1:46:dc:e1:ec:d6:49:bb:ca:ab:82:22:85:35:
         4a:2b:e9:ce:14:a1:2b:96:54:01:9a:24:f2:c1:ac:2f:cf:cd:
         6d:96:f6:f4:a3:8f:bd:f1:e5:14:3b:a7:19:74:e4:ed:99:33:
         f6:a3:76:cb:1f:c6:13:03:e2:1a:38:1c:5e:e4:63:29:60:b5:
         89:b5:54:c4:22:37:ba:4a:ab:30:97:72:71:25:3f:ea:5b:63:
         09:e3:d9:ea:c6:41:d7:5f:60:87:55:27:62:34:7c:4d:bb:e3:
         d7:34:17:bf:1f:3f:f0:90:03:b7:35:ba:1b:91:59:e4:44:b3:
         67:82:a8:71:f2:62:f3:6d:1d:af:6e:e5:3a:59:63:74:a6:a3:
         a4:f9:5a:39:84:b5:94:2b:5e:9e:53:da:ff:62:76:3f:45:42:
         87:19:34:ba:6e:a7:75:7a:8d:c9:a0:48:16:46:9d:4b:df:83:
         4a:ee:84:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBeGVyZoexN9/tfi0vuxSujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwNjI4MDkwNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzhiMTdhZTc3M2RjNmY4NDM3YTNmZjczMTY1MmE2NzkwM2E5OWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqatoVDz3GXrhRAhEUm/1hvUr3QU
iEWQhWoqlmJQRE3mgo/T5H+rtjFnA0gZSuhFZ3N6zKiY6beoybdmakCdd1mGwO/b
/2+vL1RuApy9+c0foHxuUK4uawex2QMwZRFqsr43kH7ExAqwV7pvGaJJ/H6p8/S1
LU73sbfgFw+edITcga92qXph1/ZltuKVUI3+02559zVAeqPK4yMV6qXiq9Sv327c
V2teLrTYyPGLmMJ94tfeUh/o165EtZtNmVAMatSCxevoVqGsIEO59H3c0RkFl6h7
VnX/P/DxvS1xU991Oq6iYRVj1N1MMmfdieI1+aAA9lLzi0mWvRqZ5+3pMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeLF653Pcb4Q3o/9zFlKmeQOpn+MB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvSjRzWHJuYzl4dmhEZWpfM01XVXFaNUE2bWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkEMA0G
CSqGSIb3DQEBCwUAA4IBAQA7tqMF2BNONGfYLuHgvn3LxgWdbUCQJOuh6FR+YDJl
BPsNU6Q6g0KC3eBDfSHyFBXFInl5tKQUZmkPbhT5GgbbHwuCgeF34Yhj2Mlr4Ubc
4ezWSbvKq4IihTVKK+nOFKErllQBmiTywawvz81tlvb0o4+98eUUO6cZdOTtmTP2
o3bLH8YTA+IaOBxe5GMpYLWJtVTEIje6Sqswl3JxJT/qW2MJ49nqxkHXX2CHVSdi
NHxNu+PXNBe/Hz/wkAO3NbobkVnkRLNngqhx8mLzbR2vbuU6WWN0pqOk+Vo5hLWU
K16eU9r/YnY/RUKHGTS6bqd1eo3JoEgWRp1L34NK7oQN
-----END CERTIFICATE-----