Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/U6EwQTja832Ghgbf4C-YONA5u3I.roa
File:                     U6EwQTja832Ghgbf4C-YONA5u3I.roa (raw, json)
Hash identifier:          SZC1cIcEzrofXItnVA4ILPCChrrVnJmiPwg68LYDIqM=
Subject key identifier:   53:A1:30:41:38:DA:F3:7D:86:86:06:DF:E0:2F:98:38:D0:39:BB:72
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0190A2648294CE1C9518E6518CD8C698660F
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/U6EwQTja832Ghgbf4C-YONA5u3I.roa
Signing time:             Thu 11 Jul 2024 15:23:34 +0000
ROA not before:           Thu 11 Jul 2024 15:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        217.25.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a2:64:82:94:ce:1c:95:18:e6:51:8c:d8:c6:98:66:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jul 11 15:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53a1304138daf37d868606dfe02f9838d039bb72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c7:d1:84:bf:2a:32:9d:ae:bc:44:f0:c1:0a:
                    d8:07:a4:ec:3e:51:bd:11:89:19:24:2e:b4:ce:0c:
                    95:ae:67:d3:f9:ce:de:31:a7:63:11:f6:42:e2:bd:
                    88:e1:74:61:9d:0c:dd:5d:f7:4d:41:27:2e:76:16:
                    2f:24:e5:12:76:cd:67:d0:cc:72:76:42:08:b2:c8:
                    76:9d:e1:25:f2:21:a2:ec:f9:24:a2:ec:9f:aa:d8:
                    97:76:3c:c1:cf:99:14:52:30:80:1f:d8:c8:74:f9:
                    a6:3f:05:0b:0b:86:6e:18:e3:61:66:f1:86:e3:28:
                    cf:49:93:ac:f6:8d:3e:98:19:db:f1:69:c6:04:4b:
                    00:bc:92:4b:b1:e0:7f:6f:1e:bb:7e:8c:26:55:63:
                    87:94:04:7a:a4:6e:52:d4:f7:e3:12:ee:b5:6f:49:
                    64:8b:30:ea:71:b2:3e:b7:6e:65:0e:af:01:fd:5e:
                    d9:46:0e:dd:3e:eb:ca:65:43:a4:73:e8:0d:88:eb:
                    ec:3b:7a:96:cc:ae:f6:23:bc:bf:97:26:c4:b1:aa:
                    fa:20:d6:12:3e:15:5b:5f:d7:92:25:02:af:ac:8c:
                    b7:5d:38:b7:c5:48:dc:dd:e7:76:08:a6:60:5e:d9:
                    1f:f8:a3:5e:2b:8b:00:8a:6c:12:16:13:ef:8b:63:
                    6c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A1:30:41:38:DA:F3:7D:86:86:06:DF:E0:2F:98:38:D0:39:BB:72
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/U6EwQTja832Ghgbf4C-YONA5u3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:83:03:c4:2e:85:f5:dc:2f:f2:ed:62:a5:66:ea:90:bf:59:
         63:d2:4c:67:db:b7:95:38:d6:d0:0a:4f:5c:d5:2b:9a:f9:19:
         65:9e:84:c3:3e:5e:b5:2c:53:e9:ea:e8:70:93:34:0e:0b:85:
         5a:a9:55:51:d7:3d:c2:a7:34:aa:41:8f:44:ff:4d:54:1e:43:
         01:ef:ad:25:23:cc:0a:f8:a1:6d:17:2b:9f:7e:ca:15:71:e6:
         97:45:15:1a:c1:64:62:c2:64:69:c2:99:9b:f6:86:10:80:06:
         cf:f4:64:2a:b1:b1:c9:0d:4e:79:6d:50:33:10:e7:0f:cd:20:
         bc:47:49:db:41:1f:4b:ff:0a:61:eb:0b:3b:39:76:26:59:c9:
         93:5d:0d:d1:01:12:e7:41:cc:ab:3a:f8:41:a0:76:16:b2:7e:
         ef:57:cd:a4:1c:c0:4e:06:24:ff:92:9b:dc:96:48:7b:d1:2a:
         99:e5:12:6f:f2:30:e7:10:39:35:30:f8:68:b8:69:0e:55:ba:
         f4:fe:61:72:0f:df:96:13:b7:6b:0c:01:38:c6:06:42:9a:7e:
         42:a2:02:6f:93:dc:91:ca:51:26:4c:df:3b:79:71:0d:15:4e:
         50:28:05:20:9b:40:79:6f:d9:76:f1:09:a4:8e:84:0f:e0:4a:
         0a:4a:87:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCiZIKUzhyVGOZRjNjGmGYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwNzExMTUyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ExMzA0MTM4ZGFmMzdkODY4NjA2ZGZlMDJmOTgzOGQwMzliYjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsfRhL8qMp2uvETwwQrYB6TsPlG9
EYkZJC60zgyVrmfT+c7eMadjEfZC4r2I4XRhnQzdXfdNQScudhYvJOUSds1n0Mxy
dkIIssh2neEl8iGi7PkkouyfqtiXdjzBz5kUUjCAH9jIdPmmPwULC4ZuGONhZvGG
4yjPSZOs9o0+mBnb8WnGBEsAvJJLseB/bx67fowmVWOHlAR6pG5S1PfjEu61b0lk
izDqcbI+t25lDq8B/V7ZRg7dPuvKZUOkc+gNiOvsO3qWzK72I7y/lybEsar6INYS
PhVbX9eSJQKvrIy3XTi3xUjc3ed2CKZgXtkf+KNeK4sAimwSFhPvi2NsvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOhMEE42vN9hoYG3+AvmDjQObtyMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvVTZFd1FUamE4MzJHaGdiZjRDLVlPTkE1dTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkMMA0G
CSqGSIb3DQEBCwUAA4IBAQB/gwPELoX13C/y7WKlZuqQv1lj0kxn27eVONbQCk9c
1Sua+RllnoTDPl61LFPp6uhwkzQOC4VaqVVR1z3CpzSqQY9E/01UHkMB760lI8wK
+KFtFyuffsoVceaXRRUawWRiwmRpwpmb9oYQgAbP9GQqsbHJDU55bVAzEOcPzSC8
R0nbQR9L/wph6ws7OXYmWcmTXQ3RARLnQcyrOvhBoHYWsn7vV82kHMBOBiT/kpvc
lkh70SqZ5RJv8jDnEDk1MPhouGkOVbr0/mFyD9+WE7drDAE4xgZCmn5CogJvk9yR
ylEmTN87eXENFU5QKAUgm0B5b9l28QmkjoQP4EoKSocu
-----END CERTIFICATE-----